Biblio

There is very significant role of Virtualization in cloud computing. The physical hardware in the cloud computing reside with the host machine and the virtualization software runs on it. The virtualization allows virtual machines to exist. The host machine shares its physical components such as memory, storage, and processor ultimately to handle the needs of the virtual machines. If an attacker effectively compromises one VM, it could outbreak others on the same host on the network over long periods of time. This is an gradually more popular method for cross-virtual-machine attacks, since traffic between VMs cannot be examined by standard IDS/IPS software programs. As we know that the cloud environment is distributed in nature and hence more susceptible to various types of intrusion attacks which include installing malicious software and generating backdoors. In a cloud environment, where organizations have hosted important and critical data, the security of underlying technologies becomes critical. To alleviate the hazard to cloud environments, Intrusion Detection Systems (IDS) are a cover of defense. In this paper, we are proposing an innovative model for Intrusion Detection System for securing Host machines in cloud infrastructure. This proposed IDS has two important features: (1) signature based and (2) prompt alert system.

What makes a security visualization effective? How do we measure visualization effectiveness in the context of investigating, analyzing, understanding and reporting cyber security incidents? Identifying and understanding cyber-attacks are critical for decision making - not just at the technical level, but also the management and policy-making levels. Our research studied both questions and extends our Security Visualization Effectiveness Measurement (SvEm) framework by providing a full-scale effectiveness approach for both theoretical and user-centric visualization techniques. Our framework facilitates effectiveness through interactive three-dimensional visualization to enhance both single and multi-user collaboration. We investigated effectiveness metrics including (1) visual clarity, (2) visibility, (3) distortion rates and (4) user response (viewing) times. The SvEm framework key components are: (1) mobile display dimension and resolution factor, (2) security incident entities, (3) user cognition activators and alerts, (4) threat scoring system, (5) working memory load and (6) color usage management. To evaluate our full-scale security visualization effectiveness framework, we developed VisualProgger - a real-time security visualization application (web and mobile) visualizing data provenance changes in SvEm use cases. Finally, the SvEm visualizations aims to gain the users' attention span by ensuring a consistency in the viewer's cognitive load, while increasing the viewer's working memory load. In return, users have high potential to gain security insights in security visualization. Our evaluation shows that viewers perform better with prior knowledge (working memory load) of security events and that circular visualization designs attract and maintain the viewer's attention span. These discoveries revealed research directions for future work relating to measurement of security visualization effectiveness.