An Adaptive Intrusion Detection Scheme for Cloud Computing

To provide dynamic resource management, live virtual machine migration is used to move a virtual machine from one host to another. However, virtual machine migration poses challenges to cloud intrusion detection systems because movement of VMs from one host to another makes it difficult to create a consistent normal profile for anomaly detection. Hence, there is a need to provide an adaptive anomaly detection system capable of adapting to changes that occur in the cloud data during VM migration. To achieve this, the authors proposed a scheme for adaptive IDS for Cloud computing. The proposed adaptive scheme is comprised of four components: an ant colony optimization-based feature selection component, a statistical time series change point detection component, adaptive classification, and model update component, and a detection component. The proposed adaptive scheme was evaluated using simulated datasets collected from vSphere and performance comparison shows improved performance over existing techniques.