CIDS deployment model


CIDS framework has P2P architecture with no central coordinator, where the network load is symmetrically distributed to all nodes.
In CIDS each node has its own analyzer and detector components that are connected to the behavior and knowledge based databases. This differs from distributed centralized IDSs, where a centralized management system collects all the data.
The individual analysis reduces the complexity and the volume of data exchanged among nodes, but at the same time it increases
the processing overhead inside a single node.
We will explain later, how our HSGAA approach can reduce this overhead. Since CIDS has no single point of failure, the framework represents a moderate solution for attack resistibility.
The cloud scheduler machine has some components (i.e., Report Producer and NIDS Alert Parser and Summarizer) that do not represent a single point of failure, because there are several copies of the scheduler node in the cloud with a fault tolerance technique provided by the middleware to backup the processing data.
Figures 2 and 3 show the deployment of CIDS components installed in the scheduler node in both hybrid and pure P2P models respectively.


Figure.2: CIDS in Hybrid P2P model


Figure.3: CIDS in Pure P2P model

In the hybrid model, each node communicates to any other node outside its domain through its domain controller i.e., no direct connection between two nodes in different domain. Whereas, in the pure P2P model, each node communicates directly to other nodes without using the domain controller i.e., the domain controllers work like the other peers but with a scheduler to perform the scheduling tasks.

Attacks and services covered by CIDS

 CIDS is a suitable defense strategy to satisfy the previous IDS requirements, and deals with some attacks against PaaS and SaaS clouds. It can also provide some intrusion detection services for IaaS clouds.

Masquerading attack  is an example of PaaS attacks.

 

CIDS