Vol 7, No 8 (2017)

(1)

Research Article

a

August

2017

Computer Science and Software Engineering

ISSN: 2277-128X (Volume-7, Issue-8)

An Enhanced Attack Graph Model Based Technique to Mitigate

Zombie Attack in Cloud Computing using Fuzzy Logic

Ravneet Kaur

Punjabi University Regional Centre for Information Technology and Management, Mohali (Sector 61),

Punjab, India

Dr. Rekha Bhatia

Associate Professor (CS) Punjabi University Regional Centre for Information Technology and Management,

Mohali (Sector 61), Punjab, India

DOI: 10.23956/ijarcsse/V7I8/0125

Abstract—A cloud storagea secure cloud of solid cloud data is a solid well-defined framework. This is the confidence of the cloud an essential undertaking for cloud specialist organizations. In this proposed research a technique is developed for security in cloud users. An improvement in the existing technique that is called Role Based Access Model is done by including the command and browser analysis. Using these included features the activities of any unauthorized or authorized person is recorded that is to be analyzed later on to find out the intruder in network of cloud. This implementation aims towards the establishment of performance qualitative analysis on load sharing in VM to VM and then implemented in Clouds with Java language. In this thesis the study of load balancing algorithm with heterogeneous resources of the cloud, followed by comparative survey of other algorithms in cloud computing with respect to scalability, homogeneity or heterogeneity and process migration. Cloudlet long length versus Host bandwidth a pattern is observed in which response time increases in proportionate manner. Using the modified approach the reduction in the down time of the various processes is achieved as shown in results.

Keywords: RBAC, RBE, ACL, SVM

I. INTRODUCTION

The sharing of property on the cloud should be possible on a large scale, which is economically obvious and field-free. The assets on the cloud can be communicated by providing personal or organization and by administration administered by the administration. Apart from this, different IT departments Fundamental programs and request devices for the industries are shared. Cloud has provided a number of preferences such as the data extraction over the cloud has limitless capabilities; from the simple access client to data from any place to the cloud, the cloud has opened many issues related to data robbery, data commanders and privacy and security issues. Protecting the cloud from unauthorized customers [2] and various threats are an important measure for security providers that are responsive to the cloud because it relies on clouded data. It is said that a cloud is great when it is concrete and provides better protection clients. Regardless of the possibility that merchant is giving secure cloud, the seller should ensure who can get to the information and who keeps up the server.

Part based get to control gives a superior security answer for getting to Cloud information is mapped to an RBAC portion in order to get authentication [4], and all customers are mapped to the right areas and only to get the approval the parts to which they are doled out, or through various leveled parts, parts get to consent. Inside an association, there might be number of clients and sorts of consent, whose part and in like manner get to contrasts. Controlling all entrance through parts offers advantage to association and it likewise streamlines the administration. Commonly, part based get to control display has three basic structures; clients' authorizations and parts. A part is a larger amount portrayal of get to control. Client compares to certifiable clients of the figuring framework. Client approval can be proficient independently; relegating clients Appointing Access Benefits for Current Parts and Parts of Items An image of obtaining authentication clients can require an object in the framework and illustrates the drawings of client elements within a few associations. In RBAC, there is various leveled structure; a part can acquire get to consent from another part.

II. ROLE BASED ACCESS MODEL

RBAC [6] is the most prominent get to control demonstrate and has been a concentration of research since most recent two decades. The RBAC worldview exemplifies benefits into parts, and clients are relegated to parts to gain benefits, which makes it basic and encourages evaluating authorizations allotted to a client. It likewise makes the undertaking of arrangement organization less lumbering, as each adjustment in a part is quickly thought about the consents accessible to clients appointed to that part. With the appearance of unavoidable frameworks, approval control has turned out to be perplexing as get to choices may rely on upon the setting in which get to solicitations are made. The relevant data speaks to a quantifiable logical primitive and may involve such data being related with a, question and environment. It has been perceived that RBAC is not sufficient for circumstances where relevant characteristics are required parameters in conceding access to a client [2]. Another impediment of RBAC is that the consents are determined as far as question identifiers, alluding to individual items. This is not sufficient in circumstances where an expansive number of articles in several thousand exist and prompts part authorization blast issue.

(2)

ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I8/0125, pp. 201-207

number of clients and sorts of authorization, whose part and as needs be get to contrasts. Controlling all entrance through parts offers advantage to association and it likewise disentangles the administration.

Commonly, part based get to control display has three basic structures; clients consents and parts. A part is a more elevated amount portrayal of get to control. Client relate to certifiable clients of the registering framework. Client approval can be expert independently; doling out clientsto distribute access benefits to parts and parts of the item. An image of obtaining authentication clients can require an object in the framework and illustrates the drawings of client elements within a few associations. In RBAC, there are different level structures; Can be a part acquire get to consent from another part. Taking after outline indicates connection between clients, parts and consents.

Fig1: Relation between users, roles and permissions

Data winter uses cryptographic methods to protect information from unexpected access to protect your information and only those customers can get to information who have entry consent. Clients need to fulfill get to approaches to get to information. On the off chance that client fulfill the get to strategies, client can unscramble information by utilizing his private key. The part based get to strategies are fortified by utilizing part based encryption conspire (RBE).

III. DDoS ATTACK

DDoS attack is almost same as Denial of Service (Do’s) attack, but the impact of DDoS attacks are massive. In Do attack, the attacker uses one system to attack the server (One-To-One mapping). DDoS is implemented with several compromised systems which are useful to sendmalicious traffic to the target server (Many-To-Onemapping). The two main objectives of DDoS attacks are to overwhelm the server resources (CPU time, Networkbandwidth) so that the genuine users are cannot access theserver and second objective is to hide the identity of malicious users (attackers) One of the main reasons that make the DDOS attackswidespread and easy in the cloud is the availability ofattacking tools and the powerfulness of these tools togenerate huge volumes of attacking traffic [5]. Thefollowing are the opportunities for the attackers to useattack tools easily to launch attack:

1. Internet security is highly interdependent: The launch of DDoS attack depends upon theglobal internet security. 2. Limited Internet resources: Each Internet host has limited resources that can be consumed by a sufficient

number of users.

3. Control is distributed: Due to privacy concerns of the Internet, sometimes it is nearly impossible to investigate the cross network behavior and to deploy certain global security mechanism.

4. Multipath routing: This causes authentication process difficult and hence it may leads to unauthorized activities. Intermediate router forwards IP packet from source to destination without knowledge about the IP packet whether it is genuine or not.

DDOS attack is a large scale coordinated attack on the availability of service of a target system or network bandwidth. There are various DDoS attacks to disrupt the cloud services. Among these attacks, ICMP (ping) flood where the attackers consumes bandwidth that use ICMP packets, ping of death attack in which the attackers sends multiple malicious pings to a cloud resources (servers), HTTP GET Flood, attackers send huge flood of requests to the cloud servers and consume all the resources and the surf attack where the attackers use ICMP echo request packet to generate the denial of service attack.

IV. ROLE BASED ENCRYPTION

In RBE [1], information is entered by the data owner, such as that individual customer can ignore information that is given consent of fitting access, such as the control controls as determined by the component Come in. Participation permits information to be obtained, as indicated by their part and can also cancel the consent of the exist ing client of the same section. The retracted client should not have any kind of consent for any encoded information for the piece. The client's disapproval does not affect the segregation of different clients and frameworks. In Rbi, four types of units [10] are used; SA is a framework manager that creates and approves keys for customers and portions. RM is a part of a supervisor who provides access to the client according to their constituents. Used for getting information from customers untraced and in the cloud. The information is removed from the client by the information owner.

In the RBE framework, being taken after computation; Setup (λ): This calculation gives λ as the information and produces the SSS Key (MK) and Open Key (PK).

Extract (Mk, ID): SA implements this calculation. The client's ID is coordinated with the ID, then summons the client to the client, i.e. In the event of that id = idu, then south decay which releases the key of the cue. ID is compromised on the possibility of closing, SM To MK

ID = IDR, then s.a. Which is part of the partition.

Oversight Roles (MK, IDR, PRR): AS runs it to monitor the scores with the IDR from the second part. Here, a section of the command is kept in the chain. Each segment is released in the form of a PRR system. SA prepares the SAAR Out parameter as AR, BR and puts them on the cloud.

User Permissions

(3)

Add User (pk, skR, RULR, IDU): Apply this calculation by RM in which the RM connects to the client and it is further confirmed. Part client list RULR has been refreshed in the cloud.

Revoke User (pk, sk, RULR, IDU): RM runs this calculation and sends client ID IDUs to the cloud, then merges some effects and sends them back to RM from which RM is used with new parameters Replaces the parameter.

Encrypt (PK, Pubar): The information owner completes the encryption and saves the contents of the SMS message meter. This calculation takes pk and pubR in terms of information and materials and creates (c, to) topleps where K is used to incite a unique message.

Decrypt (PK, PUBBER, DUKE, C): This calculation is implemented by clients who are used as defined by their section. This calculation takes the form of PK, Pubar, Diku, C as the information standard and by producing K, produces the product by unmasking the unique message.

Security data can be used to record a gathering of a reliable system, which is acceptable to receive the order of another system, can be linked to the system question as the RantAda. This is an Access Control List (ACL). Authentication is a system of attributes that display benefits that show what the system can do against the system. The executive excludes summaries as a protest against a system [4] [6] Includes only in the set accompanying benefits:

Manager (S) gives a wide range of rights to an individual system question or gathering of articles. Make (C) allows the creation of a system's query or name.

Delete (D) Enables the termination of a system query.

Read the material of a question of approval of the image of the prisijda (R) system.

Compose (W) gives a system a chance to question compose or change the substance of a protest state. Execute (X) empowers a system protest execute administrations (or operations) of other system objects.

RBAC approaches [5] incorporate part pecking order, part progressive system with private parts, partition of obligations chinese divider arrangement, assignment, joint activity based strategies, restricting number of gets to.

Part pecking order – This gives various leveled requesting of duties with more senior positions including every one of the benefits of the more junior positions, in addition to some additional benefits.

Part chain of importance with private parts – in this sort, not all benefits are acquired. Benefits may should be shared among all holders of a position, yet not acquired or may oblige benefits to be private to individual clients.

Partition of obligations - Different sorts of gathering of clients performed distinctive sorts of activities on items.

Chinese divider strategy - In this arrangement, articles are assembled together into various sets which reflect irreconcilable circumstances. In the event that a client has gotten to a protest in a set, then the client is not permitted to get to whatever other question inside that irreconcilable situation set.

Appointment – Delegation is dealt with by allotting and de-doling out parts. At the point when the designation activities performed, parts are expelled.

Joint activity based strategies - Joint activity based arrangements are utilized as a part of circumstances where confide in people should be scattered. joint activities operators may get benefits, by cooperating couple, which none gangs in disconnection.

Constraining number of gets to – one client can offer access to other client with restricting the quantity of operation.

V. PROPOSED WORK

Fig 2: Flow chart

 In the very first step the Virtual Machines are implemented on the Physical Machine to perform the operations on Virtual Machines. After implementation of Virtual Machines, resources of VMs are calculated in cloud.

Start

Implement VMs and Initialize resources in cloud

Generate Queue for resource allocation

Calculate Risk associated to DDOS attack on cloud

Calculate Thresholding based keystrokes analysis

Implement Fuzzy based Proposed approach

Generate Results

(4)

 In the next step the queue of task is generated to allocate resources to those tasks that are to be performed.  Now calculation of the risk analysis is done for various VMs. Risk is defined as the probability of occurrence of

the damage caused by an impact, when the potential threat

 Associated with an object has been exploited either by vulnerability or by some error, or due to environmental situations.

 In the process of keystroke analyses there are two phases involved in keystroke analysis. The first phase is the registration phase, in which keystroke analyzer collects keystrokes activity from the user and a Support Vector Machine (SVM) is trained to generate a model file corresponding to users in order to validate the user at the later stages. Second phase validation phase in which user activity is monitored and validated continuously based on their respective profile, and a Trust Value (TV) is generated for each and every keystroke generated. Initially the TV is assigned to 100. The Trust Value uses a penalty and reward function.

 Keystroke analyzer monitors the user activity and collects the keystrokes of the respective users and stored in the data store. The collected keystrokes are then used in registration phase and validation phase. However, submitting raw data to the SVM is not possible. In order to feed data to the SVM, the data must be formatted into the manner in which SVM accepts the data. SVM accepts only numerical data in order. So the raw data must be divided into different features and assign numerical value to each of that features.

 If a huge pool of task is allocated then a counter is initialize. If the counter is greater than that of threshold value i.e. 3 in this case then that node will be taken under watch list and can be checked.

 In the proposed approach the fuzzy approach is used to detect and prevent the attack using IP tracebacking.  Then the resources are allocated according to the trust value.

The proposed framework comprises of the Trust-Based Access Control and fuzzy expert system. The trust based access control (TBAC) has a model that computes the trust value of workers. The trust metric operates at the preprocessing while the access control module operates at post processing module. Supplementary Fig. 2 shows the TBAC and Fuzzy expert system components incorporate into a single framework. The TBAC-fuzzy expert system can be explained with the following module of the framework

Preprocessing module: The first module of the framework contains the user module and trust metric module of the TBAC. The preprocessing module provides a crisp value which serves as the input value to the fuzzy expert system. These crisp values are forwarded to the russification module and decode to a fuzzy value.

Fuzzification module: In the process of russification, membership functions defined on input variables are applied to their actual values so that the degree of trust for each rule premise can be determined. The crisp values are fuzzified into linguistic values. Fuzzy inference engine module: The inference engine consists of the knowledge base which contains the rules for rating workers (generated rules are available in the supplementary material).

Defuzzification: In defuzzification, the fuzzy output set is converted to a crisp number. Some commonly used techniques are the centroid and maximum methods. In the centroid method, the crisp value of the output variable is computed by finding the variable value of the center of gravity of the membership function for the fuzzy value. In the maximum method, one of the variable values at which the fuzzy set has its maximum truth value is chosen as the crisp value for the output variable.

Postprocessing module: In this module, access right is defined on the workers based on the output result of the fuzzy expert system. The output of the system shows the priority level of the worker. The environment filters the worker based on the output and decides access right to workers that falls within a priority level and thereby improves the quality of the computation. A CrowdTBAC Fuzzy algorithm is described in (Algorithm available in supplementary material).

VI. RESULTS AND DISCUSSION

Down Time: Down time may be defined as a period of time in which machine is idle. It means it is a time in which machine is not performing any kind of task. In the proposed approach, the downtime is decreased which results in better performance.

Fig 3: Downtime

8.5 9 9.5 10 10.5 11 11.5

Technique

D

ow

nt

im

e

Down Time

Existing

(5)

As shown in fig 5.8 the downtime in existing system is 11.3 sec whereas in case of proposed system it is 9.7 sec.

Efficiency: Efficiency signifies a level of performance that describes a process that uses the lowest amount of inputs to create the greatest amount of outputs. Efficiency relates to the use of all inputs in producing any given output, including personal time and energy. Efficiency is a measurable concept that can be determined by determining the ratio of useful output to total input. It minimizes the waste of resources such as physical materials, energy and time, while successfully achieving the desired output.

Fig 4: Efficiency

Here the comparison takes place between the base paper and the work performed. The results produced by the work are better than the previous work done.

Table 1 Comparison table of work performed

Approach Downtime(sec) Efficiency(%)

Existing 11.3 85

Proposed 9.7 93

In the above table a comparative study is shown between the existing and proposed system. As in the above defined table the downtime in existing system is 11.3 sec whereas in case of proposed system it is 9.7 sec. Same as in case of efficiency, it is 85 % in existing system whereas 93 % in case of proposed system.

Fig 3 is the comparative study for priority/length vs Cloudlet Id. In this graph priority of tasks are rescheduled according to the deadline provided to the task. From this figure it is clear that the priority/length ratio against cloudlet id is better in case of proposed approach as compared to existing one.

• Priority vs length is the resultant parameter which is described to detect the VM that is to be processed after the current operation. In this the main emphasis is on the fact that the attacker node may not interfere with the legitimate node. As the make span in proposed algorithm is reduced and priority of VMs are improved, this stated that the proposed algorithm is better as compare to the existing one to tackle zombie attacks.

• As make span may be defined as the time in which the system is in ideal state. So in the proposed approach make span is reduced by detection and prevention of the zombie attack effectively. If attack is not completely traced then the resource consumption is very high and system may not be able to provide services to the users of cloud.

Fig 5: Comparison of Priority/length vs Cloudlet Id

80 82 84 86 88 90 92 94

Technique

Ef

fi

ci

ency

Efficiency

Existing

(6)

The value of proposed scenario in case of priority/length vs cloudlet id is more than 8000 where as in case of existing scenario it is only 8000. From these results it may be justified that the priority/length ratio is better in case of proposed scenario as compared to the existing one.

Fig 4 is the comparative study for Make Span vs Cloudlet size. Make span is the condition when the system is in ideal case when it is not doing any kind of operation so lagging occur due to it.

Fig 4: Comparison Chart for Cloudlet Size vs Make span

From this figure it is clear that the Make Span against cloudlet size is better in case of proposed approach as compared to existing one. The value of proposed scenario in case of cloudlet size vs make span is more than 200 where as in case of existing scenario it is only 8000. From these results it may be justified that the make span is better in case of proposed scenario as compared to the existing one.

Table 2: Comparative Study for existing and proposed approach

Technique Parameters

Existing Proposed

Cloudlet Size vs Make span 185 160 Cloudlet Id vs Priority/length 5000 5500

Table 2 is a comparative study for the proposed and existing approach. From the table it is clear that the cloudlet size vs Make span is lower in case of proposed system as compared to existing one and cloudlet Id vs priority/length is more in case of proposed system as compared to existing one.

VII. CONCLUSION

In the RBAC models, most dangerous threats faced by organizations are insider attacks. Since insiders are aware of the underlying system, handling insider attack is a most deterring task. The volume of attacks posed by insiders on cloud is very much higher than the traditional systems, as the attack vector and scope of the attack is high in cloud. Insider attack affects the reputation and productivity of the organization and drags it into losses. Insiders may cause damage accidentally or intentionally. Proper management of privileges reduces the threats posed by insiders. In the proposed approach this model is improved using the inclusion of web analysis and command window analysis. From the results and discussion part the value of efficiency in existing and proposed models is 85% and 93% respectively, whereas in case of downtime it is 11.3 in existing model and 9.7 in proposed model. The proposed model is showing better results as compared to the existing one with the inclusion of browser and command analysis.

VIII. FUTURE SCOPE

Risk Analysis of VMs allows a server administrator to move data from running virtual machine or application among different physical machines without disconnecting the client or application. Cloud computing is a pivotal factor and here as a future course of work similar other parameters can be investigated against each other to find the effect on load balancing.

REFERENCES

[1] Chirag Langaliya, Rajanikanth Aluvalu, ―Enhancing Cloud Security through Access Control Models: A Survey‖, International Journal of Computer Applications, ISSN: 0975 – 8887, Volume 112, No. 7, February 2015, pp: 8-12

[2] Prachi Shah, ―Data Security for Cloud Storage System Using Role Based Access Control‖, International Journal of Science and Research, ISSN (Online): 2319-7064, Volume 4 Issue 1, January 2015, pp: 305-307

(7)

[4] B. Mahesh Babu, Mary Saira Bhanu, ―Prevention of Insider Attacks by Integrating Behavior Analysis with Risk based Access Control Model to Protect Cloud‖, Eleventh International Multi-Conference on Information Processing, Volume: 54, 2015, pp: 157-166

[5] Daniel Stock, Matthias Stöhr, Ursula Rauschecker, Thomas Bauernhansl, "Cloud-based Platform to facilitate Access to Manufacturing IT", 8th International Conference on Digital Enterprise Technology, Vol: 25, 2014, pp: 320-328

[6] Jordan Shropshire, "Analysis of Monolithic and Microkernel Architectures: Towards Secure Hypervisor Design", 47th Hawaii International Conference on System Science, 2014, pp: 5008-5017

[7] Rizwana Shaikh, M. Sasikumar, "Trust Model for Measuring Security Strength of Cloud Computing Service", International Conference on Advanced Computing Technologies and Applications, Vol: 45, 2015, pp: 380-389 [8] Shams Zawoad, Ragib Hasan, John Grimes, "LINCS: Towards building a trustworthy litigation hold enabled

cloud storage system", DFRWS, 2015

[9] Rizwana Shaikh, M. Sasikumar, "Data Classification for achieving Security in cloud computing", Vol: 45, 2015, pp: 493-498