Investigating Network Security Monitoring and Anomaly Detection for Cloud Computing Environments

Cloud computing has become one of the popular topics in the information technology world, because it aims toprovide on-demand access to a shared pool of configurable computing resources, such as networks, servers,storage, applications, and services. It enables organizations to get their applications up and running faster, withimproved manageability and less maintenance. However, the network and system monitoring, intrusiondetection and prevention in the Cloud computing environments are still the major challenges especially undercollaborative attacks. Current enterprise networks such as cloud computing environments, typically havemultiple entry points. This intends to enhance a network's accessibility and availability, but it leaves securityvulnerabilities that attackers can exploit using advanced techniques such as cooperative intrusions. These typesof attacks are usually launched simultaneously by slave machines within a botnet to penetrate an enterprisenetwork through all its entry points. By evenly distributing the attack traffic volume to the different entrypoints, these cooperative intrusions can evade detection of traditional intrusion detection systems. This isbecause network traffic behaviour at each entry point does not significantly deviate from normal behaviour. Toaddress these challenges, we are going to investigate the use an anomaly detection based approach formonitoring and analyzing security related issues of the cloud computing environments.