Cloud computing refers to both the application delivers services over the internet and the hardware and system software in the data centers that provide those services. Cloud is attracted by many users because of its security and storage features. The main attack faced by cloud is Distributed Denial of Services (DDOS), in which multiple hosts attack made simultaneously in all network. Security is an important issue in the cloud computing, but the problem is how effectively mitigating intruders and chooses correct counter measures. To counterattack insecure attacks from the virtual machines installed in the cloud proposing vulnerability detection, measurement, along with countermeasure mechanism known as NICE(Network Intrusion detection and Countermeasure Evaluation). In this survey aims to analyze intrusion detection and effective countermeasure mechanisms for achieving security on the virtual machines installed in cloud.

Cloud Computing, Cloud Security, DDOS Attacks, Intrusion Detection

[1]http://en.wikipedia.org/wiki/Cloud_computing
[2]M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A View of Cloud Computing,” ACM Comm., vol. 53, no. 4, pp. 50-58, Apr. 2010.
[3]H. Takabi, J.B. Joshi, and G. Ahn, “Security and Privacy Challenges in Cloud Computing Environments,” IEEE Security and Privacy, vol. 8, no. 6, pp. 24-31, Dec. 2010.
[4]Cloud Security Alliance “Top Threats to Cloud computingv1.0,”https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf, Mar. 2010.
[5]B. Joshi, A. Vijayan, and B. Joshi, “Securing Cloud Computing Environment Against DDoS Attacks,” Proc. IEEE Int’l Conf. Computer Comm. and Informatics (ICCCI’12), Jan. 2012.
[6] Dissanayake, A., Intrusion Detection Using the Dempster-Shafer Theory. 60-510 Literature Review and Survey, School of Computer Science, University of Windsor, 2008.
[7] Guth, M.A.S., A Probabilistic Foundation for Vagueness & Imprecision in Fault-Tree Analysis.IEEE Transactions on Reliability, 40(5), pp.563-569, 1991.
[8]A.M. Lonea, D.E. Popescu, H. Tianfield, Detecting DDoS Attacks in Cloud Computing Environment, INT J COMPUT COMMUN, ISSN 1841-9836, 8(1):70-78, February, 2013.
[9]G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, “BotHunter: Detecting Malware Infection through IDS-driven Dialog Correlation,” Proc. 16th USENIX Security Symp. (SS ’07), pp. 12:1-12:16, Aug. 2007.
[10]G. Gu, J. Zhang, and W. Lee, “BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic,” Proc. 15th Ann. Network and Distributed System Security Symp. (NDSS’08), Feb.2008.
[11] A. Wald. Sequential Analysis. John Wiley & Sons, Inc, 1947.
[12] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, “Detecting Spam Zombies by Monitoring Outgoing Messages,” IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198-210, Apr. 2012
[13] B. Morin, L. Me´, H. Debar, M. Ducasse´, M2D2: a formal data model for IDS alert correlation, in: Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID’02), 2002, pp. 115–137.
[14]L. Wang, A. Liu, and S. Jajodia, “Using Attack Graphs for Correlating, Hypothesizing, and Predicting Intrusion Alerts,” Computer Comm., vol. 29, no. 15, pp. 2917-2933, Sept. 2006.
[15]X. Ou, S. Govindavajhala, and A.W. Appel, “MulVAL: A Logic- Based Network Security Analyzer,” Proc. 14th USENIX Security Symp., pp. 113-128, 2005.
[16]Chun-Jen Jung, Pankaj Khatkar, Tianyi Xing, Jeongkeun Lee, Dijiang Huang,NICE-Network Intrusion Detection and Countermeasure Selection in Virtual Network System, IEEE Transactions on Dependable and Secure Computing, Issue Vol 10 No 4 2013.