The Virtual Intrusion Detection System

Good Essays

The Virtual Intrusion Detection System a traditional IDS is only an element in the security chain architecture. It does not eliminate the need for protections to prevent attacks. The virtual intrusion detection system (V-IDS) is a disruptive idea for the security of cloud architecture. Virtual IDS is software and sometimes hardware that captures cloud network and host activity data in reporting tools, analyzes the data interactively, provides an automatic reaction (e.g., alarm) during an incident, and after an incident routes the cloud data to a security channel defined at runtime. Figure 4.2: Secure Cloud Infrastructure 18 4.5 The Virtual Intrusion Detection System Model The proposed architecture enhances basic IDS principles with a set …show more content…

In the V-IDS context, the module uses two different methods for analysis:  The attack signature represents the simplest way to analyze IDS data. It is like static packet filtering, which is similar to the firewall rationale.  Anomaly detection (heuristics) represents the most sophisticated technique, in which heuristic patterns try to detect variations from historically normal operation. 4.6.2 Decision module The decision module is part of the close chain control system that, using the data which has arrived from the analysis module, makes decisions about the real time actions necessary to solve anomalies related to network intrusions. This module implements the logic necessary to analyze behaviors and makes decisions about the anomalies discovered. 4.6.3 Action module The action module represents the actuator that solves the intrusion detection situation on a cloud domain. Merely collecting and analyzing data accomplishes nothing. The V-IDS uses the results from the analysis in order to manage the cloud infrastructure on the basis of security. Most obviously, it also generates alarms, reports and queries if the analysis indicates a dangerous condition. 4.6.4 Monitoring module The monitoring module captures (continuously) processed data from previous events, such as historical intrusion data, login attempts, and so on. Each event is 20 time-stamped and

Get Access