Total views : 154

Intrusion Detection and Prevention using Lockout policy with ACL on Cloud Computing


  • School of Computing, SASTRA University, Thirumalaisamudram, Thanjavur - 613401, Tamilnadu, India


Background/Objectives: Cloud computing supports many enterprise and government organizations in business perspective due to its advantage such as high scalability and high flexibility. However, despite potential gains that can be achieved, security is fundamental issue. Denial of service attack attempted by attacker to exhausts the resources available to a network, application or service. The orchestrated flow of attack patterns by attacker affect the customers in terms of financial cost cause service inability to legitimate users, attacker overloads target system with massive amount of request, which results in loss of equipment resources affecting network bandwidth. Methods: To address this issue, the proposed lockout policy with access control list is applied to prevent the access to illegitimate user without affecting legal users. Findings: The proposed technique helps in differentiating legitimate and illegitimate users. The attack can be controlled by locking out malicious user access. Thereby the financial cost can be controlled by preventing the resource consumption by malicious node. Applications The proposed methodology can be applied in signature based analysis and strong user identification. There by providing security by building Anti-spam devices at customer site such as E-commerce application. Applications: The proposed methodology can be applied in the signature based analysis and strong user identification. Thus providing security by building Anti-spam devices at customer site, such as in an e-commerce application.


Access Control List, Attack Pattern, DDoS, DoS, Lockout Policy, Service Inability.

Full Text:

 |  (PDF views: 149)


  • Mount MC, McCorry K, Papanikolaou N, Pearson S. Security and Privacy Governance in Cloud Computing via SLAS and a Policy Orchestration Service. Proceeding 2nd International Conference Cloud Computing Services; 2012 Apr; 670-74.
  • Lu K, Wu D, Fan J, Todorovic S. Nucci A. Robust and Efficient Detection of DDoS Attacks for Large-Scale Internet, Computer Networks. 2007 Dec; 51(18):5036-56.
  • Access Control List Mediation System for Large-Scale Network.Date Accessed: 5/12/2005. Available at:
  • Network Intrusion Prevention by Configuring ACLs on the Routers, Based on Snort IDS Alerts. Date Accessed: 18/10/2010. Available at: 5638482/.
  • Daly J, Liu AX, Torng E. A Difference Resolution Approach to Compressing Access Control Lists, IEEE/ACM Transactions on Networking. 2016 Feb; 24(1):610-23.
  • Ficco M, Rak M. Stealthy Denial of Service Strategy in Cloud Computing, IEEE Transactions on Cloud Computing.2015 Jan- Mar; 3(1):80-94
  • A Design of Diffie-Hellman Based Key Exchange using One-Time ID in Pre-Shared Key Model. Date Accessed: 29/03/2004. Available at: 1283932/.
  • Lopez M A, Duarte OCMB. Providing Elasticity to Intrusion Detection Systems in Virtualized Software Defined Networks, Communication and Information System Security Symposium; 2015. 7120-25.
  • Nivethitha Somu, Gangaa A, Shankar Sriram VS. Service in Hadoop using One Time pad, Indian Journal of Science and Technology. 2014 Apr; 7(S4):56-62.
  • Sabout Nagaraju, Latha Parthiban. SecAuthn: Provably Secure Multi-Factor Authentication for the Cloud Computing Systems, Indian Journal of Science and Technology. 2016 Mar; 9(9):1-18.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.