A MODEL FOR DETECTING INFORMATION TECHNOLOGY INFRASTRUCTURE POLICY VIOLATIONS IN A CLOUD ENVIRONMENT
Abstract
The pervasiveness of the internet and available connectivity solutions brought about by cloud computing has led to an unprecedented increase in technologies built based on information technology infrastructures. This has improved the number of cloud users and substantially increasing the number of incidents related to the security of infrastructure and data in the recent past. Most organizations consider the deployment of different types of protection systems to curb various malicious activities. Organizations offer sophisticated monitoring and reporting capabilities to identify attacks against the cloud environment. Users with ill intentions have increasingly used the cloud as an attack vector due to its ubiquity, scalability and open nature despite the existence of policy violation detection systems necessitating the need to strengthen access policies from time to time. Policy violation detection plays a major role in information security by providing a systematic way of detection and interpreting attacks. Some of the known weaknesses of most detection tools are the generation of false positives or false alerts and the inability to perform analysis if traffic is encrypted as well as failure to detect and prevent attacks. This research was therefore concerned with the investigation of weaknesses of firewall and Intrusion Detection Systems (IDS) which are supported by the cloud. The information was then used to build and experiment on an improved model of a policy violation detection system. Experiments revealed the weakness in existing systems specifically IDS and firewalls. Unlike the existing systems, a new model designed to overcome the shortfall was able to detect both recognized and unrecognized attacks and signatures. Moreover, the model is capable of preventing the occurrence of false positives and terminates suspicious nodes in real time without human intervention. An additional area of application such as movement from data from one cloud to another is not achievable, because of the mixed environment of the cloud. This is a potential area for investigation in the future.