An Enhanced Model for Intrusion Detection in a Cloud Computing Environment

Intrusion is an important issue in computer networks especially in cloud computing where all the services are served using the internet. The fully distributed and open structure of cloud computing and services has made it an even more attractive target for potential intruders. The more sophisticated hackers and attackers get, the more there is work for the defense to prevent such attacks. A cloud computing system can be exposed to threats which include the integrity, confidentiality, and availability of its resources, its data, and the virtualized infrastructure can be vulnerable. The problem becomes bigger when an internal intruder misuses a cloud with massive computing power and storage capacity as a malicious party. This research developed an enhanced model for intrusion detection that monitors and analyzes data in a cloud environment and detects intrusion in the system or network. The model can detect intrusions from external and malicious internal (authorized and unauthorized) users by normalizing and classifying all data packets using machine learning techniques. The developed system is an enhanced model of Zhang by combining it with two machine learning techniques: Support vector machine and Bayesian network to aid in the classification of normal data and intrusion data to detect intrusions. The developed model is evaluated and found to be able to make strong predictions, detect attacks, and still maintain the efficiency of the network. The system, when implemented, can detect intruders by classification of data packets and also improve the existing system in terms of providing more accurate and more efficient intrusion detection. It also provides worthwhile information about malicious network traffic, helping to identify the source of the incoming probes or attacks, collecting forensic evidence that can be used to identify intruders, and alerting security personnel that a network invasion may be in progress.