Go to DBLP homepageA quantitative risk assessment framework for adaptive Intrusion Detection in the cloud
Abstract: Cloud computing has significantly transformed the way businesses and governments approach information technology. Although the shift to cloud computing has brought many benefits in terms of cost and efficiency, new security challenges have emerged. A recent study has identified a number of critical security issues for cloud, including advanced persistent threats, malicious insiders, and data breaches. In general, cyber threats have become more sophisticated and malicious actors have devised a variety of different tools to circumvent traditional defenses. Intrusion Detection Systems have been traditionally employed to mitigate these threats by attempting to identify the onset of malicious activities. However, Intrusion Detection Systems are often monolithic solutions that offer very little flexibility in dynamic environments where resources can be elastically provisioned and deprovisioned and defensive priorities and threats can change over time and across different subsystems. To address these limitations and develop a principled approach to elastically deploy intrusion detection capabilities, we propose a quantitative risk assessment framework to enable defenders to deploy fine-grained intrusion detection mechanisms across network domains so as to minimize overall risk to the network infrastructure while prioritizing defensive objectives. Simulation results confirm that our approach can efficiently and effectively reduce risk by selectively deploying intrusion detection mechanisms that address current priorities. With its lightweight architectural design, this framework serves as the foundation for an adaptive approach to intrusion detection in the cloud.
Loading