Abstract: Cloud security is one in every of most significant problems that has attracted lots of analysis and development effort in past few years. Notably, attackers will explore vulnerabilities of a cloud system and compromise virtual machines to deploy any large-scale Distributed Denial-of- Service (DDoS). DDoS attacks typically involve early stage actions like multistep exploitation, low-frequency vulnerability scanning, and compromising known vulnerable virtual machines as zombies, and eventually DDoS attacks through the compromised zombies. Among the cloud system, particularly the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extraordinarily troublesome. This is often as a result of cloud users might install vulnerable applications on their virtual machines. To stop vulnerable virtual machines from being compromised within the cloud, I tend to propose a point in time distributed vulnerability detection, menstruation, and measure choice mechanism known as NICE, that is constructed on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The planned framework leverages Open Flow schedule Apis to make a monitor and management plane over distributed programmable virtual switches to considerably improve attack detection and mitigate attack consequences. The system and Security evaluations demonstrate the potency and effectiveness of the planned answer.

Keywords: Attack Graph, Intrusion Detection, Cloud Computing, Network Security, Zombie Exploration Attacks.