Aldribi, Abdulaziz2018-08-3020182018-08-30http://hdl.handle.net/1828/9994The adoption of cloud computing has increased dramatically in recent years due to at- tractive features such as flexibility, cost reductions, scalability, and pay per use. Shifting towards cloud computing is attracting not only industry but also government and academia. However, given their stringent privacy and security policies, this shift is still hindered by many security concerns related to the cloud computing features, namely shared resources, virtualization and multi-tenancy. These security concerns vary from privacy threats and lack of transparency to intrusions from within and outside the cloud infrastructure. There- fore, to overcome these concerns and establish a strong trust in cloud computing, there is a need to develop adequate security mechanisms for effectively handling the threats faced in the cloud. Intrusion Detection Systems (IDSs) represent an important part of such mech- anisms. Developing cloud based IDS that can capture suspicious activity or threats, and prevent attacks and data leakage from both inside and outside the cloud environment is paramount. However, cloud computing is faced with a multidimensional and rapidly evolv- ing threat landscape, which makes cloud based IDS more challenging. Moreover, one of the most significant hurdles for developing such cloud IDS is the lack of publicly available datasets collected from a real cloud computing environment. In this dissertation, we intro- duce the first public dataset of its kind, named ISOT Cloud Intrusion Dataset (ISOT-CID), for cloud intrusion detection. The dataset consists of several terabytes of data, involving normal activities and a wide variety of attack vectors, collected over multiple phases and periods of time in a real cloud environment. We also introduce a new hypervisor-based cloud intrusion detection system (HIDS) that uses online multivariate statistical change analysis to detect anomalous network behaviors. As a departure from the conventional monolithic network IDS feature model, we leverage the fact that a hypervisor consists of a collection of instances, to introduce an instance-oriented feature model that exploits indi- vidual as well as correlated behaviors of instances to improve the detection capability. The proposed approach is evaluated using ISOT-CID and the experiments along with results are presented.enAvailable to the World Wide WebCloud ComputingIntrusion DetectionCloud computing DatasetChange PointThesisAldribi A., Traore I., Moa B. (2018) Data Sources and Datasets for Cloud Intrusion Detection Modeling and Evaluation. In: Mishra B., Das H., Dehuri S., Jagadev A. (eds) Cloud Computing for Optimization: Foundations, Applications, and Challenges. Studies in Big Data, vol 39. Springer, ChamAldribi A., Traore I. (2015) A Game Theoretic Framework for Cloud Security Transparency. In: Qiu M., Xu S., Yung M., Zhang H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science, vol 9408. Springer, Cham 015, pp. 18-22. doi: 10.1109/PACRIM.2015.7334802A. Aldribi, I. Traore and G. Letourneau, "Cloud Slicing a new architecture for cloud security monitoring," 2015 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM), Victoria, BC, 2