University of Twente Student Theses


Consumer-deployable network intrusion detection in public clouds

Spenkelink, J.S. (2018) Consumer-deployable network intrusion detection in public clouds.

[img] PDF
Abstract:The cloud has become a widely used platform that is ever growing. Cloud users vary from single host consumers to multinationals that are settled all over the globe. Unfortunately, where ordinary crowds move amass, so do their adversaries. Evidently, security is an important factor in any system, the cloud being no exception. While most cloud providers have a fair amount of security mechanisms available for purchase, there is no easy way for cloud consumers to monitor their own network. Cloud service providers will not provide a copy of data on a shared network, let alone allowing John Doe into their physical datacenter. This thesis provides insight in several methods to accomplish network intrusion detection in cloud systems. The contribution is twofold. Firstly, it provides an extensive overview of the cloud landscape and the corresponding requirements to monitor the network component properly. Secondly, the thesis revises existing and novel methods to perform network intrusion detection in the public cloud environment. This research yields the most feasible option for public cloud consumers to monitor their network. Before introducing a method to accomplish network intrusion detection in public clouds, it is fundamental to provide a well-founded set of requirements. The requirements are established based on obligatory aspects within cloud systems and requirements for traditional network intru- sion detection systems. The requirements also take into account usability for the cloud consumer. Subsequently, exhaustive research regarding intrusion detection methods that ought to be applic- able in public clouds was conducted. Each of these methods were thoroughly analysed and mapped onto the requirements. The most promising methods were compared in detail. In the end, this research resulted in the most feasible method to perform network intrusion detection on a cloud environment without requiring the cloud service provider’s interference. The network intrusion detection solution suggested in this thesis abides by all the requirements. The solution comes in form of an inline intrusion detection agent that taps the host’s interfaces. The incident information is then aggregated and correlated in a central server. Because an agent is deployed per server, the solution scales excellently with the dynamic cloud environment. The agent can be implemented in any given (public) cloud infrastructure. Finally, the functionality of the proposed method was tested with several heuristic experiments. The security capabilities of implementation were stress-tested and the solution was compared to an environment that lacks a cloud network intrusion detection system. No significant performance drop was observed. Based on these results, the consumer-deployable network intrusion detection system has shown to be a feasible solution for an arbitrary sized cloud environment.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page