Intrusion detection in federated clouds

Abstract: In order to overcome the provisioning and scalability limits of a single cloud, cloud federation appears as the computing model in which multiple resources from independent cloud providers can be shared to create large-scale distributed virtual clusters. On the other hand, these complex architectures become an attractive target for distributed denial of service (DDoS) attacks. Although, federated cloud environments have large amount of resources and profound dynamic allocation capability, which can be used to face DDoS attacks, they are however vulnerable to attacks that aim at compromising the service level agreements. In this paper, we investigate the key research topics for supporting distributed intrusion detection in a federated cloud environment. We propose a scalable intrusion detection solution, which can be used by cloud providers to protect the federated cloud infrastructure, as well as offered to the cloud service providers to monitor the hosted applications. We present a multi-layer architecture, which exploits a publish/subscribe middleware to collect and share security information in the federated cloud infrastructure. Moreover, we present an open-source framework, which provides features and interfaces to develop and deploy security components, as well as to define customised event correlation rules used to detect possible inter-cloud attacks.