Automated Evaluation of Network Intrusion Detection Systems in IaaS Clouds

2015 11th European Dependable Computing Conference (EDCC) Pub Date : 2015-09-07 DOI:10.1109/EDCC.2015.10

T. Probst, E. Alata, M. Kaâniche, V. Nicomette

{"title":"Automated Evaluation of Network Intrusion Detection Systems in IaaS Clouds","authors":"T. Probst, E. Alata, M. Kaâniche, V. Nicomette","doi":"10.1109/EDCC.2015.10","DOIUrl":null,"url":null,"abstract":"This paper describes an approach for the automated security evaluation of operational Network Intrusion Detection Systems (NIDS) in Infrastructure as a Service (IaaS) cloud computing environments. Our objective is to provide automated and experimental methods to execute attack campaigns and analyze NIDS reactions, in order to highlight the ability of the NIDS to protect clients' virtual infrastructures and find potential weaknesses in their placement and configuration. To do so, we designed a three-phase approach. It is composed of the cloning of the target client's infrastructure to perform the subsequent audit operations on a clone, followed by the analysis of network access controls to determine the network accessibilities in the cloned infrastructure. Using evaluation traffic we modeled and generated, the last phase of the approach, presented in this paper, focuses on executing attack campaigns following an optimized algorithm. The NIDS alerts are analyzed and evaluation metrics are computed. Our approach is sustained by a prototype and experiments carried out on a VMware-based cloud platform.","PeriodicalId":138826,"journal":{"name":"2015 11th European Dependable Computing Conference (EDCC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 11th European Dependable Computing Conference (EDCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDCC.2015.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

This paper describes an approach for the automated security evaluation of operational Network Intrusion Detection Systems (NIDS) in Infrastructure as a Service (IaaS) cloud computing environments. Our objective is to provide automated and experimental methods to execute attack campaigns and analyze NIDS reactions, in order to highlight the ability of the NIDS to protect clients' virtual infrastructures and find potential weaknesses in their placement and configuration. To do so, we designed a three-phase approach. It is composed of the cloning of the target client's infrastructure to perform the subsequent audit operations on a clone, followed by the analysis of network access controls to determine the network accessibilities in the cloned infrastructure. Using evaluation traffic we modeled and generated, the last phase of the approach, presented in this paper, focuses on executing attack campaigns following an optimized algorithm. The NIDS alerts are analyzed and evaluation metrics are computed. Our approach is sustained by a prototype and experiments carried out on a VMware-based cloud platform.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

IaaS云环境下网络入侵检测系统的自动化评估

本文描述了一种在基础设施即服务(IaaS)云计算环境中对可操作的网络入侵检测系统(NIDS)进行自动安全评估的方法。我们的目标是提供自动化的实验方法来执行攻击活动和分析NIDS的反应，以突出NIDS保护客户端虚拟基础设施的能力，并发现其放置和配置中的潜在弱点。为此，我们设计了一个三阶段的方法。它包括克隆目标客户端的基础设施，以便对克隆的基础设施执行后续审计操作，然后分析网络访问控制，以确定克隆基础设施中的网络可访问性。使用我们建模和生成的评估流量，本文提出的方法的最后阶段侧重于按照优化算法执行攻击活动。分析NIDS警报并计算评估指标。我们的方法得到了基于vmware的云平台上的原型和实验的支持。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2015 11th European Dependable Computing Conference (EDCC)

自引率

0.00%

发文量