Innovative Cloud-based Snooping Detection model in both Public and Private Infrastructure

Mustafa Ibrahim Khalee

College of Science – Computer Department. University of Sulaimani, Sulaimani, Iraq


Network access technologies, including Wi-Fi and 4G LTE, are becoming more and more popular in Cloud computing infrastructure due to their increased performance, reliabilities, and ease of development. Cloud consumers can collect and process real time and continuous sets of massive assets. The large data size and security concerns have resulted in an ever-increasing need for efficient paradigm concept to integrate the functionalities of data monitor, analysis and anomalous traffic behavior detection. The procedure of intercepting traffics assigned by Cloud consumers and passing through Cloud scheduler to the Cloud infrastructure data centers has been known as wireless packet sniffer. This could capture the entire packets and analyze the contents in both Private Cloud Network (PrCN) and Public Cloud Network (PuCN) in the RFMON (Radio Frequency MONitor) mode. After buffering the entire Cloud consumer’s images in the Cloud scheduler, further interpretation of the packets can be carried out to distinguish malicious from beneficial packets. We designed and developed an intrusion detection model, namely Cloud Snooping Disclosure (CSD) to monitor the Cloud consumer’s image traffic loads, detect the anomalous traffic behaviors, and block the malicious intrusion. Our heuristic is based on two major steps, Forward and Backward scanning process. The step includes the initialization process and installing the security parameters for both sides, Cloud users and Cloud scheduler, while the second one relates to capturing anomalous inter-VM traffics. Furthermore, our algorithm incorporates pcap library into Cloud scheduler so that any incongruous traffic behaviors can be reported and saved. Our system was inspired by some existing researches that applied sniffer software such as Ethereal, Tcpdump, and Snort. The simulation results indicate that the effectiveness of our heuristic had the ability to detect and eliminate approximately 107 anomalous traffic behaviors from five case trials that have been generated by CloudSim framework.

Key Words: Inter-VM traffic, RFMON mode, PrCN Network, Cloud Schedular 


[1] Liviu Ciovica, Marian P. Cristescu, and Lucian A. Fratila, "Cloud Based Business Processes Orchestration", 21st International Economic Conference IECS, Sibiu, Romania, pp.592-596, (2014).

[2] Karandeep Kaur, "A Review of Cloud Computing Service Models", International Journal of Computer Applications, Vol. 140, No. 7. (2016).

[3] Victor A. Clincy and Nael Abu-Halaweh, "A Taxonomy of Free Network Sniffers for Teaching and Research", Journal of Computing Sciences in Colleges, USA, pp. 64-75. (2005).

[4] H. Wang and Y. Chen, "Network topology description and visualization", 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), China, (2010).

[5] X. Ye, X. Chen, H. Wang, X. Zeng, G. Shao, X. Yin and C. Xu, "An anomalous behavior detection model in cloud computing", Tsinghua Science and Technology, China, pp. 322-332. (2016).

[6] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner," OpenFlow: Enabling innovation in campus networks", Computer Communication Review, Turkey, pp. 69–74. (2008).

[7] B. Grobauer, T. Walloschek, and E. Stocker, "Understanding cloud computing vulnerabilities", IEEE Security & Privacy, pp. 50–57. (2011).

[8] M. A. Qadeer, M. Zahid, A. Iqbal, and M. Siddiqui, "Network Traffic Analysis and Intrusion Detection using Packet Sniffer", 2nd International Conference on Communication Software and Networks, (2010).
[9] U. Oktay and O. K. Sahingoz, "Attack types and intrusion detection systems in cloud computing", 6th International Information Security & Cryptology Conference, pp. 71–76. (2013).

[10] T. Xing, D. Huang, L. Xu, C. J. Chung, and P. Khatkar, "Snortflow: A openflow-based intrusion prevention system in cloud environment", Research and Educational Experiment Workshop (GREE), Second GENI, pp. 89–92. (2013).

[11] Dimitrios Zissis and Dimitrios Lekkas, "Addressing cloud computing security issues", Future Generation Computer Systems, Netherlands, pp. 583–592. (2012).

[12] Pavan Kaur and Dinesh Kumar, "A Study on Intrusion Detection based on KDDCUP’99 Benchmark Dataset", International Journal of Engineering Research and Management (IJERM), Vol. 2, No.5. (2015).