1CP_RT_J032 Intrusion Detection and Prevention in Web Servers
ABSTRACT:
Cloud security is one of most important issues that
have attracted a lot of research and development effort in past few years.
Particularly, attackers can explore vulnerabilities of a cloud system and
compromise virtual machines to deploy further large-scale Distributed
Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such
as multi-step exploitation, low frequency vulnerability scanning, and
compromising identified vulnerable virtual machines as zombies, and finally
DDoS attacks through the compromised zombies. Within the cloud system,
especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of
zombie exploration attacks is extremely difficult. This is because cloud users
may install vulnerable applications on their virtual machines. To prevent
vulnerable virtual machines from being compromised in the cloud, we propose a
multi-phase distributed vulnerability detection, measurement, and
countermeasure selection mechanism called NICE, which is built on attack graph
based analytical models and reconfigurable virtual network-based
countermeasures. The proposed framework leverages Open Flow network programming
APIs to build a monitor and control plane over distributed programmable virtual
switches in order to significantly improve attack detection and mitigate attack
consequences. The system and security evaluations demonstrate the efficiency
and effectiveness of the proposed solution.
AIM
The
main aim of this project is to prevent the vulnerable virtual machines from
being compromised in the cloud server using multi-phase distributed
vulnerability detection, measurement, and countermeasure selection mechanism
called NICE.
SYNOPSIS
In recent
studies have shown that users migrating to the cloud consider security as the
most important factor. A recent Cloud Security Alliance (CSA) survey shows that
among all security issues, abuse and nefarious use of cloud computing is
considered as the top security threat, in which attackers can exploit
vulnerabilities in clouds and utilize cloud system resources to deploy attacks.
In traditional data centers, where system administrators have full control over
the host machines, vulnerabilities can be detected and patched by the system
administrator in a centralized manner. However, patching known security holes
in cloud data centers, where cloud users usually have the privilege to control
software installed on their managed VMs, may not work effectively and can
violate the Service Level Agreement (SLA). Furthermore, cloud users can
install vulnerable software on their VMs, which essentially contributes to
loopholes in cloud security. The challenge is to establish an effective
vulnerability/attack detection and response system for accurately identifying
attacks and minimizing the impact of security breach to cloud users.
In a cloud system where the infra-structure is
shared by potentially millions of users, abuse and nefarious use of the shared
infrastructure benefits attackers to exploit vulnerabilities of the cloud and
use its resource to deploy attacks in more efficient ways. Such attacks are
more effective in the cloud environment since cloud users usually share
computing resources, e.g., being connected through the same switch, sharing
with the same data storage and file systems, even with potential attackers.
EXISTING
SYSTEM:
Cloud
users can install vulnerable software on their VMs, which essentially
contributes to loopholes in cloud security. The challenge is to establish an
effective vulnerability/attack detection and response system for accurately
identifying attacks and minimizing the impact of security breach to cloud
users. In a cloud system where the infrastructure is shared by potentially millions
of users, abuse and nefarious use of the shared infrastructure benefits
attackers to exploit vulnerabilities of the cloud and use its resource to
deploy attacks in more efficient ways. Such attacks are more effective in the
cloud environment since cloud users usually share computing resources, e.g.,
being connected through the same switch, sharing with the same data storage and
file systems, even with potential attackers. The similar setup for VMs in the
cloud, e.g., virtualization techniques, VM OS, installed vulnerable software,
networking, etc., attracts attackers to compromise multiple VMs.
DISADVANTAGES OF EXISTING SYSTEM:
1.
No
detection and prevention framework in a virtual networking environment.
2.
Not
accuracy in the attack detection from attackers.
PROPOSED SYSTEM:
In
this article, we propose NICE (Network Intrusion detection and Countermeasure
selection in virtual network systems) to establish a defense-in-depth intrusion
detection framework. For better attack detection, NICE incorporates attack
graph analytical procedures into the intrusion detection processes. We must
note that the design of NICE does not intend to improve any of the existing
intrusion detection algorithms; indeed, NICE employs a reconfigurable virtual
networking approach to detect and counter the attempts to compromise VMs, thus
preventing zombie VMs.
ADVANTAGES OF PROPOSED SYSTEM:
The
contributions of NICE are presented as follows:
Ø We devise NICE, a new multi-phase
distributed network intrusion detection and prevention framework in a virtual
networking environment that captures and inspects suspicious cloud traffic
without interrupting users’ applications and cloud services.
Ø NICE incorporates a software
switching solution to quarantine and inspect suspicious VMs for further
investigation and protection. Through programmable network approaches, NICE can
improve the attack detection probability and improve the resiliency to VM
exploitation attack without interrupting existing normal cloud services.
Ø NICE employs a novel attack graph
approach for attack detection and prevention by correlating attack behavior and
also suggests effective countermeasures.
Ø NICE optimizes the implementation on
cloud servers to minimize resource consumption. Our study shows that NICE
consumes less computational overhead compared to proxy-based network intrusion
detection solutions.
ALGORITHM USED:
Alert Correlation Algorithm
Countermeasure Selection Algorithm
MODULES:
] Nice-A
] VM
Profiling
] Attack
Analyzer
] Network
Controller
MODULES DESCRIPTION:
Nice-A
The NICE-A is a Network-based
Intrusion Detection System (NIDS) agent installed in each cloud server. It
scans the traffic going through the bridges that control all the traffic among
VMs and in/out from the physical cloud servers. It will sniff a mirroring port
on each virtual bridge in the Open vSwitch. Each bridge forms an isolated
subnet in the virtual network and connects to all related VMs. The traffic
generated from the VMs on the mirrored software bridge will be mirrored to a
specific port on a specific bridge using SPAN, RSPAN, or ERSPAN methods. It’s
more efficient to scan the traffic in cloud server since all traffic in the
cloud server needs go through it; however our design is independent to the
installed VM. The false alarm rate could be reduced through our architecture
design.
VM
Profiling
Virtual machines in the cloud
can be profiled to get precise information about their state, services running,
open ports, etc. One major factor that counts towards a VM profile is its
connectivity with other VMs. Also required is the knowledge of services running
on a VM so as to verify the authenticity of alerts pertaining to that VM. An
attacker can use port scanning program to perform an intense examination of the
network to look for open ports on any VM. So information about any open ports
on a VM and the history of opened ports plays a significant role in determining
how vulnerable the VM is. All these factors combined will form the VM profile.
VM profiles are maintained in a database and contain comprehensive information
about vulnerabilities, alert and traffic.
Attack
Analyzer
The major functions of NICE
system are performed by attack analyzer, which includes procedures such as
attack graph construction and update, alert correlation and countermeasure
selection. The process of constructing and utilizing the Scenario Attack Graph
(SAG) consists of three phases: information gathering, attack graph
construction, and potential exploit path analysis. With this information,
attack paths can be modeled using SAG. The Attack Analyzer also handles alert
correlation and analysis operations. This component has two major functions:
(1) constructs Alert Correlation Graph (ACG), (2) provides threat
information and appropriate countermeasures to network controller for virtual
network reconfiguration. NICE attack graph is constructed based on the
following information: Cloud system information, Virtual network topology
and configuration information, Vulnerability information
Network
Controller
The network controller is a
key component to support the programmable networking capability to realize the
virtual network reconfiguration. In NICE, we integrated the control functions
for both OVS and OFS into the network controller that allows the cloud system
to set security/filtering rules in an integrated and comprehensive manner. The
network controller is responsible for collecting network information of current
Open Flow network and provides input to the attack analyzer to construct attack
graphs. In NICE, the network control also consults with the attack analyzer for
the flow access control by setting up the filtering rules on the corresponding
OVS and OFS. Network controller is also responsible for applying the
countermeasure from attack analyzer. Based on VM Security Index and
severity of an alert, countermeasures are selected by NICE and executed by the
network controller.
SYSTEM CONFIGURATION:-
HARDWARE CONFIGURATION:-
ü Processor - Pentium –IV
ü Speed - 1.1
Ghz
ü RAM - 256
MB(min)
ü Hard Disk -
20 GB
ü Key Board -
Standard Windows Keyboard
ü Mouse - Two
or Three Button Mouse
ü Monitor - SVGA
SOFTWARE CONFIGURATION:-
Operating System : Windows XP
Programming Language :
JAVA/J2EE
Java Version : JDK 1.6 & above.
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
No comments:
Post a Comment