Journal of Computer Sciences and Applications
ISSN (Print): 2328-7268 ISSN (Online): 2328-725X Website: Editor-in-chief: Minhua Ma, Patricia Goncalves
Open Access
Journal Browser
Journal of Computer Sciences and Applications. 2015, 3(3A), 10-20
DOI: 10.12691/jcsa-3-3A-2
Open AccessResearch Article

Collaborative Intrusion Detection in Federated Cloud Environments

ÁineMac Dermott1, , Qi Shi1 and Kashif Kifayat1

1PROTECT: Research Centre for Critical infrastructure Computer Technology and Protection School of Computing and Mathematical Sciences, Liverpool John Moores University, Liverpool, L3 3AF, UK

Pub. Date: July 16, 2015
(This article belongs to the Special Issue Big Data Analytics in Intelligent Systems)

Cite this paper:
ÁineMac Dermott, Qi Shi and Kashif Kifayat. Collaborative Intrusion Detection in Federated Cloud Environments. Journal of Computer Sciences and Applications. 2015; 3(3A):10-20. doi: 10.12691/jcsa-3-3A-2


Moving services to the Cloud is a trend that has steadly gained popularity over recent years, with a constant increase in sophistication and complexity of such services. Today, critical infrastructure operators are considering moving their services and data to the Cloud. Infrastructure vendors will inevitably take advantage of the benefits Cloud Computing has to offer. As Cloud Computing grows in popularity, new models are deployed to exploit even further its full capacity, one of which is the deployment of Cloud federations. A Cloud federation is an association among different Cloud Service Providers (CSPs) with the goal of sharing resources and data. In providing a larger-scale and higher performance infrastructure, federation enables on-demand provisioning of complex services. In this paper we convey our contribution to this area by outlining our proposed methodology that develops a robust collaborative intrusion detection methodology in a federated Cloud environment. For collaborative intrusion detection we use the Dempster-Shafer theory of evidence to fuse the beliefs provided by the monitoring entities, taking the final decision regarding a possible attack. Protecting the federated Cloud against cyber attacks is a vital concern, due to the potential for significant economic consequences.

critical infrastructure cloud computing cloud federation collaboration intrusion detection dempster-shafer fusion algorithm OPNET

Creative CommonsThis work is licensed under a Creative Commons Attribution 4.0 International License. To view a copy of this license, visit


[1]  D. Wallom, M. Turilli, A. Martin, A. Raun, G. Taylor, N. Hargreaves, and A. McMoran, “my Trusted Cloud: Trusted Cloud Infrastructure for Security-critical Computation and Data Managment,” 2011 IEEE Third Int. Conf. Cloud Comput. Technol. Sci., pp. 247-254, Nov. 2011.
[2]  OTE, “Discussion on the Challenges for the Development of a Context for : Secure Cloud computing for Critical infrastructure IT,” Greece, 2012.
[3]  S. Paudel and M. Tauber, “Security Standards Taxonomy for Cloud Applications in Critical Infrastructure IT,” in 8th International Conference for Internet Technology and Secured Transactions (ICITST), 2013, pp. 645-646.
[4]  M. Sch, R. Bless, F. Pallas, J. Horneber, and P. Smith, “An Architectural Model for Deploying Critical Infrastructure Services in the Cloud,” in IEEE Cloud Com 2013, 2013.
[5]  M. T. Khorshed, a. B. M. S. Ali, and S. a. Wasimi, “A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing,” Futur. Gener. Comput. Syst., vol. 28, no. 6, pp. 833-851, Jun. 2012.
[6]  S. Wright, “ETSI NFV ISG,” The Internet Engineering Task Force (IETF) IETF 91 Proceedings, 2014. [Online]. Available: [Accessed: 12-Feb-2015].
[7]  K. Hwang, S. Kulkareni, and Y. Hu, “Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement,” 2009 Eighth IEEE Int. Conf. Dependable, Auton. Secur. Comput., pp. 717-722, Dec. 2009.
[8]  Á. MacDermott, Q. Shi, M. Merabti, and K. Kifayat, “Protecting critical infrastructure services in the cloud environment considerations,” Inderscience Int. J. Crit. Infrastructures, vol. 10, no. 3, 2014.
[9]  O. Babaoglu, M. Tamburini, and U. Bologna, “Design and Implementation of a P2P Cloud System,” in Proceedings of the 27th Annual ACM Symposium on Applied Computing, 2012, pp. 412-417.
[10]  M. Rak, M. Ficco, J. Luna, H. Ghani, N. Suri, S. Panica, and D. Petcu, “Security Issues in Cloud Federations,” in Achieving Federated and Self-Manageable Cloud Infrastructures: Theory and Practice, 2012, pp. 176-194.
[11]  D. Villegas, N. Bobroff, I. Rodero, J. Delgado, Y. Liu, A. Devarakonda, L. Fong, S. Masoud Sadjadi, and M. Parashar, “Cloud federation in a layered service model,” J. Comput. Syst. Sci., vol. 78, no. 5, pp. 1330-1344, Sep. 2012.
[12]  N. Gruschka and M. Jensen, “Attack Surfaces: A Taxonomy for Attacks on Cloud Services,” in 2010 IEEE 3rd International Conference on Cloud Computing, 2010, pp. 276-279.
[13]  Á. Macdermott, Q. Shi, M. Merabti, and K. Kifayat, “Security as a Service for a Cloud Federation,” in The 15th Post Graduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (PGNet2014), 2014, pp. 77-82.
[14]  N. Kumar, “Study of Intrusion Detection System for DDoS Attacks in Cloud Computing,” in 2013 Tenth International Conference on Wireless and Optical Communications Networks (WOCN), 2013.
[15]  VM Ware Inc., “Securing the Cloud a Review of Cloud Computing, Security Implications and Best Practices,” Tech Republic, Whitepaper, 2003. [Online]. Available: [Accessed: 25-Jul-2013].
[16]  C. Thomas and B. Narayanaswamy, “Sensor Fusion for Enhancement in Intrusion Detection,” in Sensor Fusion-Foundation and Applications, 2011, pp. 61-76.
[17]  F. Sabahi and A. Movaghar, “Intrusion Detection: A Survey,” in 2008 Third International Conference on Systems and Networks Communications, 2008, pp. 23-26.
[18]  A. Patel, Q. Qassim, and C. Wills, “A survey of intrusion detection and prevention systems,” Inf. Manag. Comput. Secur., vol. 18, no. 4, pp. 277-290, 2010.
[19]  V. Chandola, A. Banerjee, and V. Kumar, “Anomaly detection: A Survey,” ACM Comput. Surv., vol. 41, no. 3, pp. 1-58, Jul. 2009.
[20]  S. Neelakantan and S. Rao, “A Threat-Aware Hybrid Intrusion-Detection Architecture for Dynamic Network Environments,” CSI J. Comput., vol. 1, no. 3, 2012.
[21]  H. Cheng, C. Rong, K. Hwang, W. Wang, and Y. Li, “Secure big data storage and sharing scheme for cloud tenants,” China Commun., vol. 12, no. 6, pp. 106-115, 2015.
[22]  Á. MacDermott, Q. Shi, M. Merabti, and K. Kifayat, “Protecting Critical Infrastructure Services in the Cloud Environment,” in Proceedings of the 12th European Conference on Information Warfare and Security, 2013, pp. 336-343.
[23]  H. Hamad and M. Al-Hoby, “Managing Intrusion Detection as a Service in Cloud Networks,” Int. J. Comput. Appl., vol. 41, no. 1, pp. 35-40, Mar. 2012.
[24]  J. Montes, A. Sánchez, B. Memishi, M. S. Pérez, and G. Antoniu, “GMonE: A complete approach to cloud monitoring,” Futur. Gener. Comput. Syst., vol. 29, no. 8, pp. 2026-2040, 2013.
[25]  R. N. Calheiros, A. N. Toosi, C. Vecchiola, and R. Buyya, “A coordinator for scaling elastic applications across multiple clouds,” Futur. Gener. Comput. Syst., vol. 28, no. 8, pp. 1350-1362, 2012.
[26]  Z. Chen, F. Han, J. Cao, X. Jiang, and S. Chen, “Cloud computing-based forensic analysis for collaborative network security management system,” Tsinghua Sci. Technol., vol. 18, no. 1, pp. 40-50, 2013.
[27]  S. N. Dhage and B. B. Meshram, “Intrusion detection system in cloud computing environment,” Int. J. Cloud Comput., vol. 1, no. 2/3, p. 261, 2012.
[28]  J. Lee, M. Park, and J. Eom, “Multi-level Intrusion Detection System and log management in Cloud Computing,” 2011 13th Int. Conf. Adv. Commun. Technol., no. 1, pp. 552-555, 2011.
[29]  C.-C. Lo, C.-C. Huang, and J. Ku, “A Cooperative Intrusion Detection System Framework for Cloud Computing Networks,” in 2010 39th International Conference on Parallel Processing Workshops, 2010, pp. 280-284.
[30]  S. Taghavi Zargar, H. Takabi, and J. Joshi, “DCDIDP: A Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention Framework for Cloud Computing Environments,” Proc. 7th Int. Conf. Collab. Comput. Networking, Appl. Work., pp. 332-341, 2011.
[31]  S. Meng, A. K. Iyengar, I. M. Rouvellou, L. Liu, K. Lee, B. Palanisamy, and Y. Tang, “Reliable State Monitoring in Cloud Datacenters,” in 2012 IEEE Fifth International Conference on Cloud Computing, 2012, pp. 951-958.
[32]  M. Mechtri, D. Zeghlache, E. Zekri, and I. J. Marshall, “Inter and intra Cloud Networking Gateway as a service,” in 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet), 2013, pp. 156-163.
[33]  Q. Chen and U. Aickelin, “Anomaly Detection Using the Dempster-Shafer Method,” in DMIN, 2006, pp. 232-240.
[34]  W. H. Jianhua Li and Q. Gao, “Intrusion Detection Engine Based on Dempster-Shafer’s Theory of Evidence,” in 2006 International Conference on Communications, Circuits and Systems Proceedings, 2006, vol. 2, no. 2003, pp. 1627-1631.
[35]  A. G. Fragkiadakis, V. a. Siris, N. E. Petroulakis, and A. P. Traganitis, “Anomaly-based intrusion detection of jamming attacks, local versus collaborative detection,” J. Wirel. Commun. Mob. Comput., vol. 15, no. 2, pp. 276-294, Jan. 2013.