Graph-based Attack Detection in Cloud using KDD CUP 99 Dataset

In the area of research and development effort for cloud computing, Cloud security is considered as one of challenging issues. Most commonly faced attacks are Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are variation of DOS attack at distributed and large-scale level. Firstly attacker tries to discover the vulnerabilities or we can say loopholes of a cloud system and takes control over the virtual machines. And then gets success in deploying DDoS at large scale. Such attacks includes certain actions at initial stage such as exploitation in multiple steps, scanning for uncommon or less occurring vulnerabilities, identified vulnerabilities are utilized against virtual machines to use them as zombies and finally DDOS is achieved through these compromised zombies. To avoid vulnerable virtual machines from being compromised in the cloud system, proposed approach uses multiphase vulnerability detection at distributed level, measurement, countermeasure selection mechanism called as NICE, which is based on attack graph based models and reconfigurable virtual network based countermeasures. Use of standard dataset KDD Cup 99 dataset helps to cover most of the types of intrusion signatures and features. There is a need of processing encrypted traffic also together with plain traffic flowing through the cloud system. As included in the proposed system, host-based intrusion detection system implementation gives more benefits as compare to NIDS based implementation.