A Classification of Intrusion Detection Systems in the Cloud

抄録

Security is one of the most prominent challenges that hinder the acceleration of cloud adoption. Intrusion detection systems (IDSs) can be used to increase the security level of cloud environments. Therefore, the effectiveness of the IDS is a crucial issue for cloud security. However, the cloud presents new challenges and requirements, including scalability and adaptability, which effective IDSs need to address. Choosing the right deployment architecture significantly impacts the effectiveness of IDSs in the cloud. Additionally, robust IDSs need novel detection techniques to keep up with modern sophisticated attacks that target cloud environments. Hence, it is important to understand the advantages and limitations of different IDSs and how the deployment choice in cloud environments impacts the IDSs' effectiveness. This paper presents a novel classification scheme of the state-of-the-art of intrusion detection approaches in the cloud. This classification sheds light on the existing approaches with respect to the following aspects: deployment architecture and detection technique. We first classify the existing approaches based on their deployment architectures. Then, we present a comparative analysis of these approaches with respect to the detection techniques. We also provide detailed analysis of the strengths and weaknesses of existing approaches. The classification and analysis will help in the selection of the proper deployment architectures and detection techniques of IDSs in cloud environments.