دانلود ترجمه مقاله خدمات سیستم کشف نفوذ اینترنت در محیط ابری

بخشی از ترجمه:

سیستم تشخیص نفودIDS به طور گسترده ای برای شناسایی رفتار های مخرب در ارتباط شبکه و میزبان ها مورد استفاده قرار می گیرد. این سیستم به صورت شبکه کامپیوتری برای جمع اوری اطلاعات در خصوص نکات کلیدی و تحلیل اطلاعات تعریف می شوئ که هدف آن بررسی این است که آیا تخلفاتی در رفتار امنیتی شبکه و یا علایم حمله وجود داشته است یا نه؟
IDS یک نگرانی اصلی و عمده را به عنوان یک فناوری امنیت شبکه رایانه ای مهم به وجود آورده است. در سال های اخیر، با ظهور رایانش ابری ،مفاهیم نرم افزار نظیر سرویس که در آن فروشندگان یک سری محصولات نرم افزاری را به عنوان سرویس در اینترنت فراهم می کنند که توسط کاربرات برای انجام کار های پیچیده مورد استفاده قرار می گیرد، به شدت توسعه پیدا کرده و محبوبیت خاصی را نشان می دهند. رایانش ابری روشی برای افزایش توان و ظرفیت افزایش ظرفیت ها بدون سرمایه گذاری در زیر ساخت های جدید،آموزش پرسنل های جدید و تعیین شایستگی و قابلیت نرم افزار های جدید است.
سرویس های سیستم تشخیص نفوذ اینترنتCIDSS بر اساس رایانش ابری ایجاد شده و می توان از آن ها برای رفع نقیصه شناسایی نفوذ استفاده کرد و گفته می شود که توسعه پذیری بالایی نیز دارند. CIDSS را می توان برای غلبه بر چالش بحرانی حفظ امنیت مشتری از حملات سایبری استفاده کرد و در عین حال خصوصیاتی را تظیر آن چه که موسوم به فناوری رایانش ابری است به دست می دهد.

بخشی از مقاله انگلیسی:

Abstract Intrusion Detection Systems (IDS) have been used widely to detect malicious behaviors in network communication and hosts. It is defined as a computer network system to collect information on a number of key points, and analyze this information to see whether there are violations of network security policy behavior and signs of attack. IDS aroused the concern of users as an important computer network security technology. In recent times, with the advent of Cloud Computing, the concepts of Software as a Service (SaaS), where vendors provide key software products as services over the internet that can be accessed by users to perform complex tasks, have become increasingly popular. Cloud Computing is a method to increase the capacity or add capabilities dynamically without investing in new infrastructure, training new personnel, or licensing new software. We introduce a Cloud Intrusion Detection System Services (CIDSS) which is developed based on Cloud Computing and can make up for the deficiency of traditional intrusion detection, and proved to be great scalable. CIDSS can be utilized to overcome the critical challenge of keeping the client secure from cyber attacks while benefit the features which are presented by Cloud Computing technology. Keywords: Intrusion Detection System, Cloud Computing, Software as a Service. 1. Introduction The last century, computer turned out to be an inseparable part of daily human life. For recent years and with the invent of the Internet, it has been deployed for communication and accessing data. However, currently people rely on the Internet to satisfy their demands utilizing its services, which can be defined as some computing function, rather than accessing the mass data from the Internet. Along with the proposal of the Cloud Computing concepts, a new paradigm of software development and deployment of resources has emerged. It is possible to get rid of the great amount of the spending for fixed assets, such as expensive network servers and software. At present the safety of commonly used technologies such as message encryption, firewalls protect the network and can be used as a first line of defense, but only these technologies is not enough. Intrusion Detection Systems (IDS) has been proposed for years as an efficient security measure and is nowadays widely deployed for securing critical IT-Infrastructures [1]. Many commercial and open source implementations have emerged and been widely used in practice for identifying malicious behaviors against protected hosts or network environments. They can offer security measures by investigating configurations, logs, network traffic, and user actions to identify typical attack behavior [2]. In classical enterprise settings, an IDS is normally deployed on dedicated hardware at the edge of the defended networking infrastructure or run on individual hosts on the network, in order to protect respective network or host from external attacks [3]. Today small and medium companies are increasingly realizing that simply by tapping into the Cloud they can gain fast access to best business applications, without training new personnel, or licensing new software. IDS is not an exception to this tread and the interests for embedding IDS to a Cloud environment is undeniable. In this paper, we introduce Cloud Intrusion Detection System Service (CIDSS) which is built around the software-as-a-service (SaaS) model for providing security to any Cloud based user. The CIDSS architecture is proposed which consists of light weight IDS agents integrated inside the protected network and a central detection engine unit. The concept of grouping is introduces for the flexible integration of IDS agents in to multiple network segments. Virtual Private Network (VPN) is utilized as a means of grouping and information exchange facility. A standardized interface is designed to provide a view of result reports for users. The remainder of this paper is organized as follow: In section 2, basic concepts of IDS are discussed. The intrusion detection methods are detailed in section 3. In section 4, an overview of Cloud Computing model is presented. The architecture of CIDSS is described in IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 5, No 2, September 2012 ISSN (Online): 1694-0814 www.IJCSI.org 308 Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved. section 5. In the last section, future work and conclusion are presented. 2. Intrusion Detection System Intrusion detection systems are software or hardware systems that automate the process of monitoring the events occurring in a computer system or network, analyzing them for malicious activities or policy violations and produces reports to a management station. An IDS is composed of several components [4]: • Sensors which generate security events. • Console to monitor events and alerts and control the sensors. • Central Engine that records events logged by the sensors in a database and uses a system of rules to generate alerts from security events received. Based on the protected objective or the information source, IDS can be classified into Host-based Intrusion Detection System and Network-based Intrusion Detection System [1], [5]. 2.1 Host-Based Intrusion Detection System Host-based Intrusion Detection System was the first type of intrusion detection software to be designed, with the original target system being the mainframe computer where outside interaction was infrequent [6]. Host-based IDSs operate on information collected from within an individual computer system. A Host-based IDS monitors the inbound and outbound packets from the computer system only and would alert the user or administrator if suspicious activity is detected 1 . Besides the benefits acquired when utilizing this model of IDS, there are some disadvantages, which discourage deploying Host-based IDS: • Host-based IDSs are harder to manage, as information must be configured and managed for every host monitored. • Since the information sources and the analysis engines for Host-based IDSs reside on the host targeted by attacks, the IDS may be attacked and disabled as part of the attack. 1 Host-based IDSs could utilize operating system audit trails and system logs for system state monitoring, e.g. It can detect which program accesses what resources. • Host-based IDSs use the computing resources of the hosts they are monitoring, therefore inflicting a performance cost on the monitored systems. 2.2 Network-Based Intrusion Detection System Network-based Intrusion Detection Systems focus more greatly on the network than a specific host. Network-based IDS detects attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts. Network-based IDSs often consist of a set of single purpose sensors placed at various points in a network. These units monitor network traffic, performing local analysis of that traffic and reporting attacks to a central management console. As the sensors are limited to running the IDS, they can be more easily secured against attacks, e.g. run the IDS sensors in stealth mode [5], [7]. The architecture of the Network-based IDS would eliminate the disadvantages which are mentioned for Hostbased IDS. There is no need to configure and manage every host as one IDS sensor in a network segment could take the responsibility of all analysis. Attacks to a specific host in a network would not affect IDS and securing the IDS sensor is simpler. Network-based IDS would utilize dedicated resources for its functionalities which is isolated from any host in the network. Therefore, it does not inflict a performance cost on the monitored systems. 3. Intrusion Detection Methods There are two primary approaches for analyzing events to detect attacks: Misuse Detection Approach and Anomaly Detection Approach. Misuse detection, in which the analysis targets something known to be attack pattern, is the technique used by most commercial systems. Anomaly detection, in which the analysis looks for abnormal patterns of activity, has been the subject of a great deal of research. Anomaly detection is used in limited form by a number of IDSs. The most effective IDSs use mostly misuse detection approaches. 3.1 Anomaly Detection Approach Anomaly detectors identify abnormal unusual behavior on a host or network. They function on the assumption that attacks are different from legitimate activity and can therefore be detected by systems that identify these differences. Anomaly detectors construct profiles representing normal behavior of users, hosts, or network IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 5, No 2, September 2012 ISSN (Online): 1694-0814 www.IJCSI.org 309 Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved. connections. These profiles are constructed from historical data collected over a period of normal operation. The detectors then collect event data and use a variety of measures to determine when monitored activity deviates from the normal routine. Anomaly detection approaches often require extensive training in order to characterize normal behavior patterns. Unfortunately, the IDSs based on anomaly detection often produce a large number of false alarms, as normal patterns of user and system behavior can vary wildly. Modern day enterprise network environments amplify this disadvantage due to the massive amounts of dynamic and diverse data that needs to be analyzed. Despite this shortcoming, researchers assert that IDSs based on anomaly detection are able to detect new attack forms.

دانلود رایگان مقاله انگلیسی

خرید ترجمه فارسی مقاله با فرمت ورد

خرید نسخه پاورپوینت این مقاله جهت ارائه