Design And Development Of Intrusion Detection System Based On Openstack Platform

With the rapid development of information technology,especially after the concept of cloud computing came out,it has brought great changes to our lives and the industries.Cloud computing has been widely considered because of its efficiency,flexibility,scalability,dynamic access etc.However,the outbreak of network security incidents and the defect of cloud computing have seriously constrained its development.The Intrusion Detection System(IDS)is one of the active defense security techniques.It detects the anomaly activities based on the analysis of the host logs,audit logs and network traffic logs.It has a good performance of protecting the cloud computing.At present,there are many researches on the intrusion detection system based on the cloud computing environment,and perform well in the detection rate.However,with the increase of the amount of the log data to be detected,the proportion of system resources occupied by the intrusion detection system is also increasing.And the detection efficiency also needs to be improved.Therefore,this paper designs a centralized intrusion detection system for the Openstack private cloud platform,reducing the consumption of the host resources and improving the detection efficiency of the system through Hadoop platform.In this paper,a centralized host-based intrusion detection system is designed for Openstack private cloud platform.Using Logstash tool to collect the log information from each instance machine,and writing the logs into Elasticsearch cluster.And then using decision tree C5.0 algorithm to the collected for abnormal detection.Finally,feeding back the test results to each instance according to the host tag which in the logs.The experiment result shows that this model can effectively reduce the occupation of the system resources by the intrusion detection system.Furthermore,in order to improve the efficiency of the anomaly detection center,the mixture of gaussian algorithm is implemented in Hadoop platform.During each iteration process,we use MapReduce to commit the job twice and calculate the model parameter: the mean vector,the mixture coefficient and the covariance matrix.At last,we deploy the experiment environment in the virtual machine which is used as the detection center.The result shows that our algorithm can improve the detection efficiency effectively.As a result,this project has a positive impact on reducing the occupancy of system resources used by the intrusion detection system and improving the detection efficiency.