Abstract
Cloud computing is becoming a prominent service model of computing platforms offering resources to all categories of users on-demand. On the other side, cloud environment is vulnerable to many criminal activities too. Investigating the cloud crimes is the need of the hour. Anti-forensic attack in cloud is an attack which specifically aims to scuttle the cloud forensic process. Though many researchers proposed various cloud forensic approaches, detecting cloud anti-forensic attack still remains a challenge as it hinders every step of forensic process. In this paper, we propose a three stage system for the detection of cloud anti-forensic attack with a well defined sequence of tasks in which the process of identifying the suspicious packets plays the major part. Every packet affected with any kind of cloud attack is labeled as suspicious packet and such packets are marked to traceback anti-forensic attack. The main focus of this paper is to deploy such a mechanism to identify the suspicious packets in cloud environment. To categorize the type of attack that affected the packet, both signature analysis and anomaly detection at cloud layers are applied in our proposed approach. The proposed anomaly detection approach is tested on NSL-KDD dataset. The experimental results show that the accuracy of the proposed approach is high compared to the existing approaches.
Similar content being viewed by others
References
Natalie Boyd (2018) 11 Critical Cloud Security Vulnerabilities [online] 27 July. https://www.sdxcentral.com/cloud/definitions/11-critical-cloud-security-vulnerabilities/ (Accessed 16th July 2019)
Rajendran PK, Muthukumar B, Nagarajan G (2015) Hybrid intrusion detection system for private cloud: a systematic approach. Procedia Comput Sci 48:325–329
J. Lee, M. Park, J. Eom and T. Chung, "Multi-level Intrusion Detection System and log management in Cloud Computing," 13th International Conference on Advanced Communication Technology (ICACT2011), Seoul, 2011, pp. 552–555
D. R. Rani and G. G. Kumari, "A framework for detecting anti-forensics in cloud environment," 2016 International Conference on Computing, Communication and Automation (ICCCA), Noida, 2016, pp. 1277-1280
Chao Gong and K. Sarac, "IP traceback based on packet marking and logging," IEEE International Conference on Communications, 2005. ICC 2005. 2005, Seoul, 2005, pp. 1043–1047 Vol. 2
Sari A (2015) A review of anomaly detection Systems in Cloud Networks and Survey of cloud security measures in cloud storage applications. J Inform Secur 6:142–154. https://doi.org/10.4236/jis.2015.62015
Vieira K, Schulter A, Westphall C, Westphall C (2010) Intrusion detection techniques in grid and cloud computing environment. IEEE IT Prof Mag 2010:38–43
Chirag NM, Dhiren RP, Avi P, Muttukrishnan R (2012) Integrating signature Apriori based network intrusion detection system (NIDS) in cloud computing. In: proceedings of 2nd international conference on communication. Comput Secur, Procedia Technol 6:905–912. https://doi.org/10.1016/j.protcy.2012.10.110
Feng Z, Hai J (2012) Automated approach to intrusion detection in VM-based dynamic execution environment. Comput Inform 31:271–297
W. Yassin, N. I. Udzir, Z. Muda, A. Abdullah and M. T. Abdullah, "A cloud-based intrusion detection service framework," Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), Kuala Lumpur, 2012, pp. 213-218
Gupta S, Kumar P (2015) Immediate system call sequence based approach for detecting malicious program executions in cloud environment. Wireless Personal Commun 81:405–425
Mishra P, Pilli ES, Varadharajant V, Tupakula U (2016) “NvCloudIDS: A security architecture to detect intrusions at network and virtualization layer in cloud environment,” 2016 international conference on advances in computing. Communications and Informatics (ICACCI), Jaipur, pp 56–62
P. Mishra, E. S. Pilli, V. Varadharajan and U. Tupakula, "Securing Virtual Machines from Anomalies Using Program-Behavior Analysis in Cloud Environment," 2016 IEEE 18th international conference on high performance computing and communications; IEEE 14th international conference on Smart City; IEEE 2nd international conference on data science and systems (HPCC/SmartCity/DSS), Sydney, NSW, 2016, pp. 991–998
Ye X et al (June 2016) An anomalous behavior detection model in cloud computing. in Tsinghua Science and Technology 21(3):322–332
Pandeeswari N, Kumar G (Jun 2016) Anomaly detection system in cloud environment using fuzzy clustering based ann. Mob Netw Appl 21(3):494–505
Joseph L, Mukesh R (Sep 2018) Detection of malware attacks on virtual Machines for a Self-Heal Approach in cloud computing using VM snapshots. J Commun Software Syst 14(3):249–257
Amjad HB, Sabyasachi P, Debasish J (2013) Machine learning approach for intrusion detection on cloud virtual machines. Int J Appl Innov Eng Manag 2(6):57–66
Bakshi A, Yogesh B (2010) Securing cloud from DDOS attacks using intrusion detection system in virtual machine. In: Proceedings of second International Conference on Communication Software and Networks, p 260–264. doi:https://doi.org/10.1109/ICCSN.2010.56
Changwei L, Singhal A, Wijesekera D (2012) Using attack graphs in forensic examinations. In: Seventh international conference on availability, reliability and security (ARES). University of Economics, Prague, pp 596–603
Liu C, Singhal A, Wijesekera D (2015) A logic-based network forensic model for evidence analysis. In: IFIP International Conference on Digital Forensics. Springer, Cham A LOGIC-BASED NETWORK FORENSIC MODEL FOR EVIDENCE ANALYSIS
K. Sengaphay, S. Saiyod, N. Benjamas, "Creating snort-IDS rules for detection behavior using multi-sensors in private cloud", Lecture Notes Electric Eng, pp. 589–601, 2016
Zhang C, Jiang J, Kamel M (2005) Intrusion detection using hierarchical neural networks. Pattern Recogn Lett 26(6):779–791
Ezugwu A, Buhari S, Junaidu S (2013) Virtual Machine Allocation in Cloud Computing Environment. Int J Cloud Appl Computing (IJCAC) 3:47–60. https://doi.org/10.4018/ijcac.2013040105
C. N. Modi and D. Patel, “A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing,” Proc. 2013 IEEE Symp. Comput. Intell. Cyber Secur. CICS 2013–2013 IEEE Symp. Ser. Comput. Intell. SSCI 2013, pp. 23–30, 2013
Duffy C (2015) Learning penetration testing with Python. Packt Publishing, Birmingham
Philippe Biondi and scapy team, scapy Documentation https://readthedocs.org/projects/scapy/downloads/pdf/latest/ Last Accessed 5.4.2020
Jack Wallen, Zenmap Tutorial: Audit Your Networks Using Nmap GUI. https://www.linux.com/training-tutorials/zenmap-tutorial-audit-your-networks-using-nmap-gui/. Last Accessed 22.11.2019
Dhanabal L, Shantharajah SP (2015) A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int J Advanced Res Comput Commun Eng 4(6):446–452
M. A. Hall, Correlation-based feature selection for machine learning, 1999
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection: Special Issue on Network In Box, Architecture, Networking and Applications
Guest Editor: Ching-Hsien Hsu
Rights and permissions
About this article
Cite this article
Rani, D.R., Geethakumari, G. A framework for the identification of suspicious packets to detect anti-forensic attacks in the cloud environment. Peer-to-Peer Netw. Appl. 14, 2385–2398 (2021). https://doi.org/10.1007/s12083-020-00975-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-020-00975-6