1
Cloud network security and privacy
Omessead Benmbarak, Phd Student , COSIM
Abstract—Cloud computing is becoming very trendy in the
information world due to its efficiency, cost-effectiveness, pay-
as-you-go, flexibility and scalability. It offers infrastructures,
ready-to-use platforms and services according to the needs of its
customers. Data security is an important issue encountered when
using these benefits of cloud computing. It can bring potential
security threats to the organization by not having firewalls,
detection and prevention mechanisms. This paper provides an
overview of different intrusions in cloud. Then, we analyze some
existing cloud based Firewalls and intrusion detection systems
(IDS) with respect to their type, positioning, detection time,
detection technique, data source and attacks they can detect. The
analysis also provides limitations of each technique to evaluate
whether they fulfill the security requirements of cloud computing
environment or not.
Index Terms—Cloud Computing; Cloud Security; Firewalls;
Intrusion Detection and Prevention System;
I. I NTRODUCTION
Cloud computing is a new computing paradigm in which the
Internet is used to connect to provider network services [1].
According to the definition of the National Institute of Stan-
dards and Technology (NIST), cloud computing is access via
a telecommunications network, on demand and in self-service,
to configurable shared computing resources. Cloud computing
provides three main services: Software as a Service (SaaS),
Platform as a Service (PaaS), and Infrastructure as a Service
(IaaS). Additionally, cloud providers implement various types
of cloud models, such as public cloud, private cloud, and
hybrid cloud. Cloud computing deals with computing, storage,
software, network and storage equipment. The main benefit
that cloud computing offers to the tenant is reduced cost
and increased scalability. The paper is organized as follows:
in Section two, we give a detailed description of the cloud
storage. After introducing you=the security in cloud computing
we give same intrusions in cloud computing. In section five,
briefly presents a some preliminaries about firewalls. In section
six, we described the intrusion detection and prevention. We
validate our approach by a suggestion of some work to be
done to improve IT security at the cloud level and we end
with a conclusion.
II. C LOUD S TORAGE
Cloud storage is a cloud computing model that stores data
on the Internet through a cloud computing provider who
manages and operates data storage as a service [2]. It’s
delivered on demand with just-in-time capacity and costs,
and eliminates buying and managing your own data storage
infrastructure. This gives you agility, global scale and dura-
bility, with “anytime, anywhere” data access. These cloud
storage vendors manage capacity, security and durability to
make data accessible to your applications all around the
world. Applications access cloud storage through traditional
storage protocols or directly via an API. Many vendors offer
complementary services designed to help collect, manage,
secure and analyze data at massive scale.
III. C LOUD SECURITY ISSUES
Despite the advantages of Cloud Computing offered for the
user, its adaptation as a storage medium is a major issue with
regard to the security of valuable data in the cloud. Several
problems [3] within cloud computing are:
• Data integrity
• Privacy and confidentiality
• Availability of data
A. Data integrity
Integrity Consists of protection against improper modifica-
tion or destruction of information and includes a guarantee
of non-repudiation and authenticity of information. That is to
say, the data must not be deformed or modified by use or
time. The user undertakes not to voluntarily disturb the proper
functioning of computer systems and networks (internal or
external), whether by abnormal handling of the equipment, or
by the introduction of parasitic software known as generic of
viruses, Trojans, logic bombs.

B. Privacy and confidentiality
the property that the data is made unavailable to an unautho-
rized user. In simple words, it refers to the mechanism through
which the data is accessible to the user who is authorized
to access the sensitive data where others including cloud
computing processing should not extract any information from
it.
C. Availability of Data
Availability refers to the ability to use a desired infor-
mation or resource, so it is a question of guaranteeing that
a resource will be accessible by the client at all times, at
their convenience. A loss of availability is an interruption
of access to information or its use or to the information
system. Redundancy is the primary strategy used to improve
cloud system availability. Major cloud system vendors offer
geographic redundancy in their cloud systems, enabling single-
vendor high availability.
IV. I NTRUSIONS TO C LOUD C OMPUTING
Several common intrusions causes availability, confidential-
ity and integrity issues to Cloud resources and services.
A. Port scan
Port scanning is a technique used to list open ports, closed
ports and filtered ports on a network server. In the cloud
scenario, the attacker can attack the services offered by port
scanning. There may be some issues regarding port scanning
which could be used by an attacker such as Port 80 (HHTP)
which is always open and is used to provide web services to
the user. Other ports, such as port 21(FTP), are not open all
the time, it will open when needed so the ports should be
secured with encryption until the server software is properly
configured. This attack can be avoided by using security
systems such as an IDS intrusion detection system or a
firewall.
B. Denial of service attack
A DoS attack is an attempt to render services assigned to
authorized users unusable. In such an attack, the attacker tries
to flood the victim by sending a large number of packets
from the innocent host (zombie) into the network. The Cloud
is more vulnerable to DoS attacks, because it is shared by
many users, which makes DoS attacks much more damaging.
When the cloud computing operating system notices a heavy
workload on the flooded service, it will start providing more
computing power to deal with the additional workload. The
attacker does not need to flood all servers that provide a
certain target service, but only can flood a single Cloud address
in order to achieve a complete loss of availability on the
scheduled service. Using an intrusion detection system (IDS)
is the most common method of defense against this type of
attack.
2
C. Attacks on Virtual Machine
Virtualization is a software technology widely used in Cloud
Computing, which employs hardware and/or simulation soft-
ware to run multiple operating systems and applications on a
shared hardware architecture. The attacker can take control of
installed virtual machines [4]. For example, BluePill, SubVir,
and DKSM are some well-known attacks on the virtual layer.
Through these attacks, hackers may be able to compromise
the installed hypervisor, to gain control of the host. New
vulnerabilities, such as the zero-day vulnerability, are found
in virtual machines (VMs) that lure an attacker to gain access
to the hypervisor or other virtual machines, a cloud protection
system advanced can be developed by monitoring the activities
of guest virtual machines and the intercommunication between
the various components of the infrastructure.
D. Backdoor Attack
Developers enable Backdoor option before publishing a
website, this allows them to make it easier for developers to
access the backdoor, and sometimes these options are ignored,
This could allow hackers to remotely access the infected node
in order to compromise user privacy. In the Cloud Computing
environment, the attacker can access and control the cloud
user’s resources through the backdoor channels and make
the VM a Zombie to initiate a DoS/DDoS attack. This can
lead to spying and piracy of legitimate products. Firewall
and signature-based or anomaly-based IDS can be a common
solution to prevent backdoors.
E. Insider attack
Insider attacks are the realisation of the risk to companies,
their data, their business partners and their long-term future
caused by insiders becoming malicious and acting upon it.
These attacks are orchestrated or executed by people that
are trusted with varying levels of access to a company’s
systems and facilities, and who have intimate knowledge
of the company’s infrastructure which an external attacker
would take a significant period of time to develop.For insider
attacks, signature based intrusion detection solutions can
normally be used.
Firewall and Intrusion detection and prevention system in
Cloud could be the common solution to prevent some of the
attacks listed above. Several intrusion detection techniques are
discussed in next section.
V. F IREWALLS
The firewall is considered a control and monitoring
choke point. It can be a single computer system or a set
of cooperating systems. The firewall allows only authorized
traffic, as defined by the security policy, to pass. Firewalls [18]
are used to deny or allow protocols, ports or IP addresses...
It diverts incoming traffic according to a predefined policy.
Several types of firewalls are discussed in [5].
Several researches [6], [7] et [8] have been carried out to
define the types of firewalls such as depicted in table I.

TABLE I
S UMMARY OF FIREWALLS TYPES .
Firewall Type Summary
Static Packet fil-
tering firewalls • Allow/deny packet by inspecting only header
information such as source or destination ad-
dress, port numbers etc.
• detect malicious code in packets.
• Cannot prevent against spoofing and fragment
attack
Stateful packet
filtering • Used in client server environment where client
initiates request and server responses which are
firewalls
allowed in bypassing the firewall rules.
• Requires additional resources like memory for
state tables maintained in hardware or software
Stateful inspec-
tion firewalls • Enhanced form of stateful packet filtering fire-
walls.
• Used for applications like FTP where multiple
ports are used.
• Examine the payload and open or close the
ports as per the protocol.
Proxy firewalls
• Can isolate internal network within Internet.
• Analyze the protocol syntax by breaking up
client/server connection.
• Require lots of network resources.
VI. I NTRUSION D ETECTION AND P REVENTION S YSTEM
A. IDS/IPS techniques
In the cloud, the detection method used by IDS can be
signature-based or anomaly-based. The IDS can be installed
in different places either at the edge of a network or on a
host or on a virtual machine/hypervisor, or distributed in
all regions of the cloud. A summary of existing IDS/IPS
techniques with their strengths and limitations is given in the
table II.
B. Types of IDS/IPS unsed in Cloud Computing
A bref of various IDSs are shown in Table III. We
summarize the approaches presented with their type,
technique, positioning in the Cloud, advantages and
disadvantages. This gives the cloud security research
community several challenges to address before a standard
cloud security framework can be proposed [12].
VII. P ROPOSED S OLUTION
The proposed solution should provide a reliable cloud-
based security solution for organizations where they can
have their own management and monitoring. We proposed
a distributed firewall architecture as a solution. Agents run
on each node in the system to manage firewall rules on
those nodes. These agents communicate with a central Cloud
Firewall Management Server which is the central store of
knowledge and management before sending the packets
3
to the Cloud provider. And we’ve identified changes in
firewall filtering to telemetry that will allow the firewall
to periodically collect and share application information,
detected threats, detected DNS information, and device health
with a particular network. Cloud security service provider
uses threat information gathered through telemetry to provide
enhanced intrusion prevention system (IPS) and spyware
signatures to corporate firewall and other customers in the
world.
Regarding IPDSs, An IDPS uses more patterns and rules
to give highly secure and trustworthy services. Therefore, it
needs more computing resources to provide better security.
By extending this situation to cloud computing, the resources
allocated to cloud customers will decrease (Lee et al, 2011)
[13]. Thus, the best solution is not necessarily a very complex
system using many resources and rules, but an optimized
design and using intelligent techniques that make the system
independent through self-management and self-learning.
VIII. C ONCLUSION
Cloud internet is a very valuable technological facility with
excellent service for its users. The security of the cloud
computing model must be an essential issue for its success. In
this mini paper, we have described various intrusions that can
lead to the loss or modification or unavailability of data and
resources. Then, we illustrated according to research carried
out by researchers the various types of firewalls and the IDS
in a cloud environment. We have provided the summary in
the form of tables which are helpful in understanding the
various types easily. The analysis of several articles shows
that although the various IDS techniques in the cloud, they
do not offer complete security. Cloud security can be greatly
improved by using soft computing techniques. However, there
are still several challenges and open questions to consider. In
Table III, we have provided the limitations of each technique.
These security challenges must therefore be resolved before a
standard framework for cloud security can be recommended.
R EFERENCES
[1] P. Mell and T. Grance. (2011) The nist definition of cloud computing
(draft). [Online]. Available: http://csrc.nist.gov/publications/drafts/800-
145/Draft-SP-800-145-cloud-definition.pdf
[2] A. W. Services. (2022) Cloud storage. [Online]. Available:
https://aws.amazon.com/what-is-cloud-storage/
[3] W. Stallings. (2007) Network security essentials applications
and standards. [Online]. Available: http://www.ctan.org/tex-
archive/macros/latex/contrib/IEEEtran/
[4] D. Kusnetzky. (2014, Sep.) Layer virtualization model. [Online].
Available: https://virtualizationreview.com/articles/2014/10/14/7-layer-
virtualization-model.aspx
[5] D. Sequeira. (2021) Intrusion prevention systems- security’s silver
bullet? ANS Institute InfoSec Reading Room . [Online]. Available:
https://sansorg.egnyte.com/dl/ShxFE4Pwsl
[6] S. S. Naghmeh Dezhabad. (2018) Learning-based dynamic scalable load-
balanced firewall as a service in network function-virtualized cloud
computing environments. Springer Science+Business Media, LLC, part
of Springer Nature.
[7] A. Pathak. (2021) Différence entre les pare-feu matériels, logiciels
et cloud. [Online]. Available: https://geekflare.com/fr/hardware-vs-
software-cloud-firewall/
 4

TABLE II
SUMMARY OF IDS/IPS TECHNIQUES

IDS/IPS Technique Characteristics/Advantages Limitations/Challenges

Misuse detection
• Identifies intrusion by matching captured pat-
terns with preconfigured knowledge base.
• High detection accuracy for previously known
attacks.
• Low computational cost.
• Cannot detect new or variant of known attacks.
• Knowledge base for matching should be
crafted carefully.
• High false alarm rate for unknown attacks.

Anomaly detection [9]

• Uses statistical test on collected behaviour to • Lot of time required to identify attacks.
identify intrusion. • Detection accuracy is based on amount of
• Can lower the false alarm rate for unknown collected behaviour or features
attacks.

Artificial Neural Net-

work based IDS [10] • Classifies unstructured network packet effi- • It requires lot of time at training phase.
ciently. • Large number of samples required for training
• Multiple hidden layers in ANN increase effi- effectively.
ciency of classification. • Has lesser flexibility

Fuzzy Logic based IDS

• Used for quantitative features. • Detection accuracy is lower than ANN.
• Provides better flexibility to some uncertain
problems.

Association rule based

IDS • Used to detect known attack signature or rel- • It cannot be used for totally unknown attacks.
evant attacks in misuse detection. • It requires more number of database scans to
generate rules.
• Used only for misuse detection.

Support Vector Machine

based IDS • It can correctly classify intrusions, if limited • It can classify only discrete features. So, pre-
sample data are given. processing of those features is required before
• Can handle massive number of features. applying

Genetic Algorithm based

IDS [11] • It is used to select best features for detection. • It is complex a method.
• Has better efficiency. • Used in specific manner rather than general
.
Hybrid Techniques • It is an efficient approach to classify rules accu- • Computational cost is high.
rately.

TABLE III
SUMMARY OF EXISTING IDS APPROACHES IN CLOUD

Title IDS Type Technique used Positioning Pros Cons

IDS architecture for HIDS Signature based detection On each node False rate for unknown attack Requires more training
Cloud environment and Anomaly detection is lower since ANN used. time and samples for de-
using ANN. tection accuracy.
VM compatible IDS NIDS Signature based detection On each VM Secure VM based on user con- Multiple instances of IDS
architecture figuration. are required which de-
grades performance.
Cooperative agent DIDS Signature based detection On each Cloud Prevent system from single Cannot be used for all
based approach region point failure. types of attacks Computa-
tional overhead high.
Mobile agent based DIDS Anomaly detection On each VM Provides IDS for Cloud appli- Produce network load
approach cation regardless by their loca- with increase of VMs
tion. attached to MA.
DDoS attack detec- NIDS Signature based detection On each VM Secures VM from DDoS at- Can only detects known
tion in virtual ma- tacks. attacks since only snort
chine used.
NIDS in open source NIDS Signature based detection On traditional Can detect several known at- It cannot detect insider at-
Cloud Network tacks. tacks as well as known
attacks since
VMI-IDS based ar- Hypervisor Anomaly detection. On hypervisor Detect attacks on VMs. VMI Very complex method.
chitecture based IDS can be attacked.
 5

[8] L. A. Khakpour AR. (2018) First step

toward cloud-based firewalling. [Online]. Avail-
able: http://www.business.att.com/enterprise/Family/network-
security/firewall-endpoint/
[9] J. C. J. K. B. hmedPatel, Mona Taghavi. (2013) An intrusion detection
and prevention system in cloud computing : Asystemic review. [Online].
Available: http://www.elsevier.com/locate/jnca/
[10] N. Ádám; Branislav Madoš; Anton Baláž; Tomáš Pavlik.
(2017) Artificial neural network based ids. [Online]. Available:
https://ieeexplore.ieee.org/document/7880294
[11] W. Li. A genetic algorithm approach to net-
work intrusion detection. address =. [Online]. Avail-
able: https://www.giac.org/paper/gsec/3703/genetic-algorithm-approach-
network-intrusion-detection/105794
[12] U. H. R. M. Yasir Mehmood, Muhammad Awais Shibli. (2017) Intrusion
detection system in cloud computing: Challenges and opportunitiese.
[13] J. H. E. T. M. C. SJ. H. Lee, M. W. Park. (2011) Intrusion detection
system and log management in cloud computing. [Online]. Available:
http://www.ctan.org/tex-archive/macros/latex/contrib/hyperref/