What is it about?
This primarily focus on Cloud Security. DDoS attacks are increasing in cloud platform like OpenStack. This study introduces an intrusion detection system along with SIEM to promptly and accurately identify DDoS attacks within the OpenStack infrastructure and also mitigate it. The Suricata IDS and Wazuh security monitoring platform at free cost. This article aims to demonstrate how easily one can begin using Wazuh Cluster for log management and security event correlation, which integrates seamlessly with Suricata to address threats automatically. Wazuh is the central hub for gathering, evaluating and handling Suricata notifications. Using the guidance of the recommended IDS, OpenStack administrators will be able to rapidly identify assaults in real time and take appropriate action in response to any potential DDoS threats. This paper shows the DDoS attack detection using Wazuh SIEM and IDS in an OpenStack. In this practically conducted attack on OpenStack and shows the outcome in Wazuh.
Featured Image
Photo by Growtika on Unsplash
Why is it important?
The global proliferation of Distributed Denial of Service (DDoS) attacks poses a challenge to the reliability of network services in cloud environments like OpenStack. These attacks have evolved from victim servers with volume of harmful data traffic (high-rate attacks) to employing low-rate attacks. Detecting low-rate attacks presents a difficulty due to their inconspicuous nature making them hard to distinguish from normal background traffic. For organizations that rely on OpenStack for their infrastructure requirements, defending against these attacks has taken on a renewed significance. In proposed approach, Wazuh acts as security monitoring platform. We took advantage of its abilities to detect Distributed Denial of Service (DDoS) threats, with an OpenStack environment. Wazuh played a role in gathering and analyzing logs from OpenStack nodes providing us with insights into network activities and system events. We were capable to modify the configuration in Wazuh to get accurate identification of DDoS attack signs. These customized rules, combined with alerts helps to find and address activities. Additionally linking Wazuh with Suricata, a network intrusion detection system enhanced the security features. Together these tools formed a defense mechanism that enhanced the security of the OpenStack cloud and enabled mitigation of DDoS threats. The comprehensive approach using the Wazuh platform yielded outcomes. Demonstrated significant potential for broader application in safeguarding cloud environments, against various threats.
Perspectives
Cloud technology is one of the trending technology according to present scenario. Most of the companies are migrating their data from on-premises to cloud like AWS cloud, Microsoft Azure, Google cloud, IBM cloud etc which provides paid services like storage, security, compute etc. But there is an open source cloud called OpenStack. Here we tried to detect DDoS attack in an OpenStack and secure it using suricata IDS (open-source) and Wazuh SIEM security monitoring platform. Also, proven by pratical demonstration by conducting DDoS attack using open-source tool and observes the outcome.
Suhas M
Read the Original
This page is a summary of: Detection of DDoS attack in OpenStack cloud using Wazuh, January 2025, American Institute of Physics,
DOI: 10.1063/5.0243062.
You can read the full text:
Resources
Contributors
The following have contributed to this page
