Rapid Decentralized Network Intrusion Defense System on Multiple Virtual Machines

Data breaches and cloud service abuse are the greatest cloud security threats according to cloud security alliance. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually takes place at early stage actions such as exploitation in multiple number of steps, vulnerability scanning at a low frequency, and identifying vulnerable virtual machines as zombies, and finally DDoS attacks by the compromised zombies. Within the cloud system, in particular the Infrastructure-as-a-Service (IaaS) clouds, the recognition of zombie exploration attacks is tremendously complicated. This is for the reason that cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, a distributed vulnerability detection and countermeasure selection mechanism called NICE is proposed, which is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. In order to improve the detection accuracy, modified approach of NICE called RAPID is introduced. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.