Cooperative Intrusion Detection System Framework Using Mobile Agents for Cloud Computing

Cloud computing improves collaboration, flexibility, scaling, and availability, and provides the potential for cost reduction through optimized and efficient computing. Cloud computing allows the use of a collection of services, applications, information, and infrastructure composed of group of compute, network, information, and storage resources. In brief, the Cloud Computing is undergoing an incontestable success, which could be indeed compromised by concerns about the risks related to potential misuse of this model aimed at conducting illegal activities. To address these problems, a framework of cooperative Hybrid intrusion detection system (Hy-IDS) and Mobile Agents is proposed. This framework allows protection against the intrusion attacks. Our Hybrid IDS is based on two types of IDS, the first for the detection of attacks at the level of virtual machines (VMs), the second for the network attack detection and Mobile Agents. After the collection of malicious data from infected sources (VMs) via the first category of IDS; the second category of IDS is also used for the generation of new signatures from the collected data based on a signature generation algorithm. However, these new signatures are used to update the database of the IDS itself. The mobile agents play an important role in this collaboration. They are used in our framework for investigation of Hosts, transfer data malicious and transfer update of a database of neighboring IDS in the cloud. With this technique, the neighboring IDS will use these new signatures to protect their area of control against the same type of attack. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively. In this paper, the existing IDS and Mobile Agents technology are studied. Then we develop a collaborative approach based on Hy-IDS and Mobile Agents in Cloud Environment, to define a dynamic context which enables the detection of new attacks.