Intrusion Detection in Hybrid Cloud Networks

The proliferation of cloud computing has significantly transformed the digital landscape, offering scalable resources and services over the Internet. However, this shift has also exposed cloud networks to a myriad of sophisticated cyber threats, necessitating robust and adaptive security mechanisms. Network Intrusion Detection Systems (NIDS) are put in place to manage some of these threats like denial of service attacks (DOS), distributed denial of service attacks (DDOS), scanning, and probing to name a few. This paper presents a novel approach to Network Intrusion Detection Systems (NIDS) tailored for hybrid cloud networks. The goal of our approach is to efficiently detect and mitigate an intruder by using a simple algorithm based on the data available in transmitted packets in a hybrid cloud network. Specifically, we identify potential network intruders assuming the very high data rates of modern data networks. Once the intruder is identified, their access to the network is restricted using the access control list on the switch. This approach can be done with very low latency and at line rate. We remove the suspected malicious user from the Access Control List (ACL) on a switch connected to the network admin server. We also propose a mechanism to reinstate the user if they successfully explain that they are not a network intruder. To evaluate the effectiveness of our approach, we conducted experiments in a simulated hybrid cloud network environment using data captured from a live data stream.