ABSTRACT
This
thesis presents the design and implementation of a Multi-Level Intrusion
Detection and Log Management System (MLID-LMS) tailored for cloud computing
environments. In an era of increasing cyber threats and the dynamic nature of
cloud infrastructures, conventional security solutions are often inadequate.
This study aims to address these challenges by integrating advanced intrusion
detection techniques, efficient log management strategies, and adaptive
response mechanisms. The core objectives of this research include the
development of an enhanced Cloud Management Platform (CMP), the implementation
of robust input validation mechanisms such as data sanitization and
whitelisting, and the deployment of a Deep Packet Inspection (DPI) engine for
comprehensive traffic monitoring. Furthermore, the study focuses on creating a
distributed log storage and analysis framework that ensures data integrity,
confidentiality, and availability. The proposed system employs cryptographic
protocols and anonymous log handling methods to secure log data across all
stages—generation, transmission, storage, and retrieval. To facilitate
development, the research adopts both the Spiral and Waterfall software
development methodologies, ensuring iterative design with clear progression
through planning, development, and evaluation stages. Tools and technologies
such as PHP, MySQL, and MSSQL Server are utilized to build and manage the
web-based platform, while AES encryption is used to safeguard sensitive log
data. A distinctive feature of this system is its behaviour-driven risk assessment,
where user activities are continuously monitored and assigned threat levels.
Logs are categorized based on anomaly severity, enabling security
administrators to prioritize threats efficiently. Through this structured and
proactive approach, the system significantly enhances the detection of
malicious behaviours and streamlines the analysis process. System testing and
evaluation reveal that the MLID-LMS is both efficient and reliable, capable of
dynamically responding to emerging threats while optimizing resource usage.
This research contributes to the field of cloud security by presenting a
scalable, secure, and user-centric solution for intrusion detection and log
management. In conclusion, the system not only reinforces cloud infrastructure
against cyber threats but also sets a precedent for future security frameworks
by promoting proactive defence mechanisms, behavioural analytics, and
cryptographic integrity.
Keywords:
Cloud Security, Intrusion Detection System (IDS), Log Management, Deep Packet
Inspection (DPI), Cryptographic Protocols
TABLE OF CONTENTS
CHAPTER ONE
INTRODUCTION
1.1 Background
of the Study
1.2 Statement
of the Problem
1.3 Aims
and Objectives
1.4 Significance
of the Study
1.5 Scope
of the Study
CHAPTER TWO
LITERATURE REVIEW
2.0
Introduction
2.1 Conceptual
Review
2.1.1 Cloud
Management Platform (CMP)
2.1.2 Input
Validation and Scanning
2.1.3 Deep
Packet Inspection (DPI) mechanism
2.1.4 Intrusion
Detection Systems
2.1.4.1 Types
of Cloud-Based Intrusion Detection Systems
2.1.4.2 Finding
Anomalies in Intrusions
2.1.4.3 IDS
based on signatures
2.1.4.4 Attacks
on Networks
2.1.4.5 Upcoming
Developments in Intrusion Detection
2.1.5 Security
in Cloud Computing
2.1.5.1 Intrusions
in the Cloud
2.1.5.2 Techniques for Detecting an Intrusion
2.3 Empirical
Reviews
2.4 Gaps of the Study
CHAPTER THREE
MATERIALS AND METHOD
3.0
Introduction
3.1
Research
Methodology
3.2 Design
Methodology
3.2.1 Waterfall
Model
3.2.2
Justification
For Selected Model
3.2.3
System Analysis
3.3
Justification of the New System
3.4
New
System Requirements
3.5
System
Design
3.5.1
Architectural
Design
3.5.1.1 Logical
Design
3.5.1.2
Functional Design
3.5.1.3 Network Design
3.5.2
Interface
Design
3.5.3
Module Specification
3.5.4
Data
Management
3.5.5
Security
Measures
3.5.6
Testing
and Validation Strategies
3.5.7
Scalability and Future Expansion
CHAPTER FOUR
RESULTS
4.0 Introduction
4.1 System
Architecture
4.2
Physical
Design
4.2.1 Logical Design
4.2.2 Unified
Modelling Language (UML)
4.2.3 System
Design Diagram
4.3
The System Main Menu
Implementation
4.3.1 Main
Menu
4.3.2 Historical
Network Data
4.4 Quarantine
Control
4.5
Query Sub-system
Implementation.
4.6
System Testing and Integration
4.7
Test Plan
4.8
Test Data
CHAPTER FIVE
DISCUSSION
CHAPTER SIX
CONCLUSION AND RECOMMENDATIONS
6.1
Conclusion
6.2
Recommendations
References
Appendix: Source Code
LIST OF FIGURES
Figure 1: Intrusion Detection
Systems Deployment Categories
Figure
2: Signature-Based Methodology
Architecture (Mudzingwa & Agrawal, 2012)
Figure
3: Anomaly-Based Methodology
Architecture (Mudzingwa & Agrawal, 2012)
Figure 4: Hybrid-based
methodology architecture (Mudzingwa & Agrawal, 2012)
Figure 3.1 A Typical Waterfall Model
Figure 3.2 An
agent’s Logical cycle.
Figure
3.3. IDSs
monitoring various network zones.
Figure 4.1 Use-Case diagram drawn between Business Rules
Engine, Alert Agent, Verifier and Manual Intervention
Figure
4.2: Use-Case diagram of components and
actors involved are the Cache memory
Figure 4.3: Main Page
Figure 4.4 Real Time Traffic
Figure 4.5: Historical
Network Data
Figure 4.7: Quarantine
Control
Figure 4.8: Notification
Page
Figure 4.9: Menu
Option
CHAPTER ONE
INTRODUCTION
1.1 Background of the Study
Cloud
computing can be described as a nascent technology that offers readily
available computing resources and services through the internet (Samreen &
Zaidi, 2012). In other words, it refers to an online platform that allows for
the processing, storage, and sharing of various resources, including
infrastructure, software, applications, and business processes (Sadiku et al.,
2022; Suthar, 2017). The National Institute of Standards and Technology (NIST)
provided a definition of cloud computing in its NIST Special Publication
800-145 as "a framework that allows for easy and widespread access to a
shared pool of customizable computing resources, which can be quickly allocated
and released with minimal administrative effort or service provider involvement
(Mell & Grance, 2011). The cloud model consists of five fundamental
characteristics, three service types, and four deployment models.
Cloud
computing technologies are an integral part of the digital transformation of
enterprises and organizations in today's society (Chaudhary, 2020). Cloud
computing exhibits certain characteristics that set it apart from conventional
web services. Several notable features include multitenancy, resource pooling,
virtualization, on-demand self-service, elasticity, automatic or simplified
resource deployment, and metered billing. When opposed to utilizing a
conventional online service provider, all of these facilitate cloud computing
to provide users greater cost savings, automation, and flexibility.
Communication in cloud computing technology can be divided into two distinct
components: the front end and the back end. The client, also known as the
computer user, functions as the interface of the system, while the cloud is
responsible for its backend operations (Ade, 2020; Odun-Ayo et al., 2018). The
personal computer needs to access the coordination of cloud computing based on
the interface of the cloud services. The back-end infrastructure comprises
computers, storage systems, and servers that generate the necessary dedicated
servers and cloud services for these applications (Dinh et al., 2013; Mansouri
et al., 2020; Sunyaev, 2020).
Many
organizations operate using cloud computing environments, where customers may
easily access software and data storage through the internet (often known as
"the cloud"). These services are hosted on the computer hardware of
another organization and are accessed through a web browser. This signifies a
substantial shift in the ways that data is moved, accessed, and stored, which
raises a number of security issues. One important aspect of computer system
security strategies is intrusion detection. (Hassen & colleagues, 2012). On
a pay-per-use basis, cloud computing offers network-based access to computer
and data storage services. Better resource usage from the cloud results in
lower service access costs for individuals. The advantages of cloud computing
include virtualization, scalability, efficiency, and flexibility.
Cloud
computing is a relatively new type of internet-based computing in which
computers and other devices are given shared, dynamic, and virtualized
software, resources, and information based on a range of user needs through the
use of virtualization technologies. This process is effective and economical
for users (Soumya and Ann, 2012).
According
to Kartik et al. (2015), cloud computing is a method of building information
technology (IT) services that make use of enhanced computational power and
storage capacity rather than an innovation. Virtualization, Grid Computing,
Utility Computing, Server Based Computing (SBC), and Network Computing are all
components of the fused computing paradigm known as cloud computing. The phrase
"cloud computing" refers to the gathering of all resources necessary
to facilitate resource sharing amongst middleware, application development
platforms, scalable infrastructures, and value-added business applications.
(Ann and Soumya, 2012). According to Navaz et al. (2013), there are four
different kinds of cloud settings in cloud computing: private, public,
community, and hybrid. Additionally, according to Sanchika et al. (2013), there
are three different types of cloud services: Infrastructure as a Service (IaaS)
providers, Platform as a Service (PaaS), and Software as a Service (SaaS)
systems.
The core
architecture of cloud computing incorporates shared resources and
multi-tenancy, resulting in a complex and dynamic environment Odun-Ayo, Misra, Abayomi-Alli & Ajayi (2017).
This complexity offers cost-effectiveness and scalability, but it also poses
special security vulnerabilities. The complexity of intrusion detection in
these kinds of contexts arises from the variety of assaults that can breach the
network, take advantage of weaknesses in applications, or jeopardise the
integrity of hosted services Mitchell & Chen
(2014). Conventional security solutions are unable to address these
complex threats in cloud infrastructures because they are made for standalone
systems.
Furthermore,
efficient administration and analysis are severely hampered by the sheer volume
and heterogeneity of log data produced by different cloud services. The format,
structure, and content of the logs generated by various services and apps
within the cloud environment vary, making it difficult to extract valuable
information for prompt threat detection and mitigation. Customised intrusion
detection and log management systems that can handle the subtleties and
complexity present in cloud computing settings are therefore desperately
needed.
The
development of security measures to safeguard cloud-based assets is essential
for both individuals and enterprises who entrust cloud service providers with
their data Bose, Luo & Liu (2013). In
the ever-changing world of cloud computing, protecting confidential data,
guaranteeing regulatory compliance, and upholding the availability and
integrity of services all depend on a strong, flexible intrusion detection
system with effective log management features. In order to strengthen security
in cloud environments, this paper proposes a Multi-Level Intrusion Detection
and Log Management System in Cloud Computing.
1.2 Statement of the Problem
In recent
years, the adoption of cloud computing has burgeoned, becoming an indispensable
cornerstone for Mega, large, medium, and small-scale businesses, along with
individuals (Kosamkar, 2016). This paradigm shift has ushered in unparalleled
advantages in terms of scalability, flexibility, and accessibility. However,
the alluring prospects of cloud technology are tempered by a critical concern:
the myriad security challenges inherent in this dynamic computing environment.
Cloud
computing technology, being internet-based, poses a significant threat of
intrusion and malicious attacks that take advantage of newly created
vulnerabilities resulting from the shift from conventional methods of storing,
processing, and accessing information, data, and communication to the new
environment (Sadiku et al., 2022). Research has demonstrated that the
advancement of various established technologies, including online services, web
browsers, and virtualization, has had a significant role in the growth of
cloud-based systems. Consequently, any unauthorized access, potential dangers,
and deliberate assaults linked to these technologies equally impact the cloud;
they can even pose a more perilous consequence in this setting (Hashizume et
al., 2013).
Although
cloud computing offers many advantages, however security issues continue to be
a significant problem to its adaptability (Ahmad,
et al., 2023). Traditional security solutions find it difficult to
properly address the risks introduced by cloud infrastructures' shared
resources and multi-tenant architecture. The inability of current intrusion
detection systems to handle the wide range and constantly changing attacks
aimed at cloud services is one of the main causes for concern. These systems
frequently aren't able to recognise complex attacks that occur at several
levels in the cloud, such as the network, host, and application layers. Moreover,
effective administration and analysis are severely hampered by the volume and
diversity of log data produced by various cloud services (Neeraj, et al., 2023). The inability of various
services to use common log formats makes it more difficult to aggregate and
correlate log data, which delays the prompt detection and remediation of
threats. Because of this, security teams find it challenging to extract
meaningful information from these logs in order to efficiently identify and
stop possible breaches.
One of
the paramount challenges cloud computing presents is the escalated complexity
of management. As businesses leverage multi-cloud environments to optimize
their operations, the intricacies of managing resources, applications, and data
across different clouds escalate exponentially (Shih,
et al., 2023). This heightened complexity results in a formidable
hurdle—achieving consistent performance and reliability across diverse cloud
platforms. The management of cloud resources becomes a jigsaw puzzle, demanding
a sophisticated solution to streamline operations, enhance efficiency, and
fortify security in the face of this escalating complexity.
The
specter of incorrect data spoofing looms large in cloud computing landscapes,
threatening the very essence of data integrity. This vulnerability gives
malevolent actors the potential to perpetrate data falsification attacks,
manipulating or forging critical information stored in the cloud. The
consequences are profound, from compromised decision-making processes to
tarnished organizational reputations. Addressing this challenge is not merely
about safeguarding data; it is about upholding the trust and reliability that
organizations place in cloud computing infrastructures.
Cloud
computing, while revolutionary, exposes an Achilles' heel in the form of
susceptibility to evasion techniques. Malicious actors exploit tunneling and
encryption to cloak their activities, evading conventional security measures.
This vulnerability opens a gateway for covert attacks, hidden from the prying
eyes of traditional security protocols. The need to develop countermeasures
against these evasion techniques is paramount to ensuring the robustness and resilience
of cloud-based systems.
As the
landscape of cloud computing evolves, these challenges necessitate proactive
and innovative solutions. The research, therefore, aims to contribute to the
development of a Multi-Level Intrusion Detection and Log Management System
tailored to the unique demands of cloud computing environments.
1.3 Aims and Objectives
The
specific objective of this dissertation is to examine Multi-Level Intrusion
Detection and Log Management System tailored for cloud computing environments.
The general objectives are to:
i.
To design an enhanced Cloud Management Platform (CMP) that helps to
simplify the management of cloud resources, applications, and data.
- To develop a new input validation and
scanning techniques such as data sanitization, white-listing and parsing
to ensure that only correct data is accepted by the system.
- To develop a Deep
Packet Inspection (DPI) mechanism for traffic
monitoring and analysis.
- To implement and
validate the distributed log storage and processing mechanism, as well as
the Deep Packet Inspection (DPI) mechanism.
- To test and evaluate
the efficiency of the implemented system of Multi-level intrusion
detection and log management.
1.4 Significance of the Study
As cloud
computing becomes more prevalent, the necessity for strong security measures
increases. The emphasis of this study on integrating multi-level intrusion
detection systems and log management techniques designed for cloud environments
represents a proactive approach toward improving safety measures. This study
intends to improve the overall security posture of cloud infrastructures by
providing a comprehensive framework for reducing the risks associated with
developing cyber attacks.
Cloud
infrastructures are fundamentally dynamic, with resources, user access, and
network configurations constantly changing. The emphasis of this study on
adaptive intrusion detection systems and log management strategies addresses
the issues given by cloud computing's dynamic nature. It seeks to reduce
vulnerabilities by offering real-time threat detection and response
capabilities, which are critical in protecting against sophisticated attacks.
The
findings of this study can be used as a basic reference for future cloud
security research. It provides a path for improving existing procedures and
introducing new methods to improve security in cloud-based systems by
emphasizing the usefulness of integrated security frameworks. These insights
can be used by industry practitioners to develop more robust security measures,
protecting sensitive data and maintaining the stability of cloud services.
1.5 Scope of the Study
The scope
of this thesis encompass various aspects related to the design, implementation,
and evaluation of a comprehensive security solution for cloud environments. The
study covers thorough understanding of the security challenges specific to
cloud computing environments. It signifies the importance of intrusion
detection and log management in maintaining the integrity, confidentiality, and
availability of cloud-based systems.
The study
shall analyze the strengths and weaknesses of current system and identify gaps
on which a Multi-level Intrusion Detection System (ML-IDS) will be developed
with a log management system that efficiently collects, stores, and analyzes
logs generated by different components in the cloud infrastructure. The study
shall also investigate how the intrusion detection and log management system
integrates with different cloud service models (IaaS, PaaS, SaaS) and
deployment models.
Login To Comment