A Review of Intrusion Detection and Blockchain Applications in the Cloud: Approaches, Challenges and Solutions

Osama Alkadi, Nour Moustafa, Benjamin Turnbull
2020 IEEE Access  
This paper reviews the background and related studies in the areas of cloud systems, intrusion detection and blockchain applications against cyber attacks. This work aims to discuss collaborative anomaly detection systems for discovering insider and outsider attacks from cloud centres, including the technologies of virtualisation and containerisation, along with trusting intrusion detection and cloud systems using blockchain. Moreover, the ability to detect such malicious attacks is critical
more » ... conducting necessary mitigation, at an early stage, to minimise the impact of disruption and restore cloud operations and their live migration processes. This paper presents an overview of cloud architecture and categorises potential state-of-the-art security events based on their occurrence at different cloud deployment models. Network Intrusion Detection Systems (NIDS) in the cloud, involving types of classification and common detection approaches, are also described. Collaborative NIDSs for cloud-based blockchain applications are also explained to demonstrate how blockchain can address challenges related to data privacy and trust management. A summary of the research challenges and future research directions in these fields is also explained. INDEX TERMS Intrusion detection systems, collaborative anomaly detection, cloud systems, blockchain applications, approaches, challenges, solutions. I. INTRODUCTION Cloud systems face sophisticated attack scenarios that has increased with the emergence of blockchain. For instance, in June 2018, several blockchain cryptocurrencies, including Bitcoin Gold, Zencash and MonaCoin, all fell victim to a 51% attack, leading to loss of over 18 million worth of tokens [1]. The attackers exploited each cryptocurrency network and temporarily gained more than half of the total global mining hash rate for each currency, effectively centralizing the decentralized systems [2] . Blockchain-based applications have emerged in multiple domains to offer trust and data privacy services. Blockchain offers new opportunities by allowing participants to exchange transactions and share information while maintaining a degree of trust, integrity and enhanced transparency. Blockchain technology has numerous applications across different domains that go beyond The associate editor coordinating the review of this manuscript and approving it for publication was Haider Abbas. the financial services and digital currency [3], including the energy sector [4], Internet of Things (IoT) [5], supply chain and manufacturing [6], privacy preservation [7], big data [8], and anomaly detection [9]. Intrusion Detection Systems (IDSs) [5], [8], [10] and blockchain solutions [2], [4] have been applied to cloud systems to identify cyberattacks and protect private data, respectively [4] . IDSs in the cloud are effectively classified based on deployment locations, and are categorized as host-based or network-based [8], [11] . A Host-based IDS (HIDS) runs on a host system or Virtual Machine (VM) to monitor and inspect audit data of operating systems, including memory and process audits [5], [12] . If the HIDS detects a malicious activity from an individual host or VM, the source IP is defined as access to the whole network to prevent user-to-root attacks from VM hopping and gaining access to another VM. A Network-based IDS (NIDS) is placed at the infrastructure layer of enterprise, or increasingly cloud networks to monitor network traffic of all connected systems within a subnet [13]. VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ 104894 VOLUME 8, 2020 O. Alkadi et al.: Review of Intrusion Detection and Blockchain Applications in the Cloud FIGURE 1. Cloud computing architecture. virtualisation, containerisation, Service-Oriented Architecture (SOA), and utility computing. Each of these is discussed as follows. • Virtualisation refers to the process of creating a virtual representation of computing resources by emulating physical systems to run operating systems and end-user applications. The technology is a fundamental element of cloud implementations, which delivers essential cloud features of resource pooling, location independence, and rapid elasticity. The advantages of this technology can also reduce compatibility issues between different hardware platforms, operating systems or network resources [28] . At a hardware level, several physical resources, including CPUs, memory, hard drives and network devices, are located across distributed datacentres, which are responsible for processing and storage requirements. Above this layer, there are the software, hypervisors and management layers that permit the effective running across servers and gateways [28] . A hypervisor is a computer program in the host Operating System (OS) that runs multiple guest OS within it. The management layer can monitor peaks in traffic and auto-scale to meet the demands of changing workloads by controlling provisioning state of VMs. It also has the capability to manage security policies and access control rules across the cloud environment.
doi:10.1109/access.2020.2999715 fatcat:qz677wrupvcblbvcrm74owmjyu