A design of firewall based on feedback of intrusion detection system in cloud environment

Abstract

Security is critical to cloud services, this paper introduces a design of firewall, which based on IDS's feedback t change rules in order to detect attack flexible. It combines firewall and Intrusion Detection Systems(IDS) by using Intrusion Detection Systems, which detects ICMP, TCP, UDP attacks. Usually, a cloud service is a service built on a virtual machine. The virtual device is virtualized to achieve the purpose of multiplexing. Therefore, if you want to implement cloud security detection, you can listen to the physical device's network card. There are two types of Intrusion Detection System, one is host- based intrusion detection system(HIDS) and another is network intrusion detection system(NIDS). What's more, in order to highlight the importance of the firewall, the IDS monitoring data is analyzed and added to the firewall's defense strategy automatically. Finally, we measure the effectiveness of the system by False Negative(FN) and False Positive(FP), and verify that feedback plays a crucial role in improving the effectiveness of the system, improving the efficiency of the entire system filtering attacks.