Intercept the cloud network from Brute Force and DDoS attacks via Intrusion Detection and Prevention System

Cloud computing is considered to be the best technique for storing data online instead of using a hard drive. It includes three different types of computing services that are provided to remote users via the Internet. Cloud computing offers its end users a variety of options, such as cost savings, access to online resources and performance, but as the number of users in cloud computing grows, so does the likelihood of an attack. Various researchers have researched and provided many solutions to prevent these attacks. One of the best ways to detect an attack is through an Intrusion Detection System. This article will develop an efficient framework in which will use and discuss various security solutions for a network. Every device on the network will be attacked and the attack rate of the entire network will be monitored. After that, various solutions will be provided to protect the cloud server from attacks. Different principles will be used at the end of the article to test the accuracy of the results and from each conclusion it will be concluded to what extent the results of this paper are better than others.


I. INTRODUCTION
Cloud computing is becoming a necessity in the world right now [3]. Each company is moving to the cloud to run its business. Cloud computing offers many services free of cost to its users, including storing and accessing data from anywhere in the world. Cloud computing and distributed systems are two similar devices because, In a distributed system, data is distributed in different places and retrieved from anywhere in the world. In contrast, in cloud computing, all information is stored on the Internet and can be accessed remotely from anywhere. Client servers computing were used before the invention of cloud computing. Client server is a model in which all the data on the server can be retrieved only by clients connected to that server, while the server can use and change resources. If a clients want to access specific data from the server, they can easily connect their PC to the server-PC key and access the resources. Cloud computing was developed based on the concept of distributed systems and client-server systems. Cloud users are offered three cloud computing models: private model, public model, and hybrid model. The public model is a free model that is freely accessible from any part of the world. There is always a third party that runs and operates the cloud servers. The public cloud server is used in schools, libraries, universities, and shopping malls. Google Drive and OLX are two excellent examples of the public cloud where all kinds of data can be stored and retrieved. Various service providers are Amazon Web Service (AWS), Microsoft Azure, and Google Cloud. The private cloud is the second model of cloud computing. The private cloud is a much more reliable and safe cloud because this cloud is designed for one organization only and can be accessed within the organization. If users try to use the private cloud outside the organization, it will start to work as a public cloud. Many companies have moved their business from public cloud to private cloud because the private cloud is more secure than public cloud, and its access is extended to the same organization. Hybrid cloud is the third model of cloud computing that has the best features of both clouds. Hybrid cloud connects at least one private cloud and at least one public cloud with each other and provides protection, flexibility, and capabilities to any organization. Cloud computing requires two types of security to protect the cloud from malware [8]. One is data security, and the other is network security. Data security means protecting all the software and hardware connected to the cloud or playing some role in the cloud. Many threats in the cloud data center are trying to damage the cloud or try to stole or snatch the data from the cloud. When a person leaves the job, after leaving the job, he also has access to the account, but this account can also be a threat to the company or can use this account to misuse the resources. Therefore, as soon as possible should terminate the account.
Various researchers have shown that if an intrusion detection system is installed on every cloud device and every security measure is used on the device, then there will be very little chance of attacks. Many intruders design various attacking algorithms, encryption, and decryption techniques to snatch data from cloud servers. This invasive technique can destroy the data of the cloud server, and all the data can be corrupt. A secure architecture can preserve the cloud server.
When storing various information in a cloud server, security is also required after storing the data. A cloud can only be safe if it has a set of implementations, methods, and techniques. Different researchers have designed different algorithms, procedures, and strategies to secure the cloud. The best of these is Intrusion Detection System. An Intrusion Detection System (IDS) is a mechanism that controls doubtful actions and policy violations from a network [51]. A large variety of software is available online for monitoring and detecting attacks from the cloud server.
The Intrusion Detection System can detect malware from the cloud. It issues an alert to the cloud administrator when an intruder attempts to attack the cloud data center. The most significant advantage of the Intrusion Detection System (IDS) is that it monitors the arriving activities in the network and sees whether these activities are valid or invalid. Some Intrusion Detection Systems are so capable that they respond as soon as malware is discovered. There are vast arrays of Intrusion Detection System (IDS) available in antivirus, detecting intrusions from cloud servers. The most common Intrusion Detection System are [29] • Network Based Intrusion Detection System (NIDS) • Host Based Intrusion Detection System (HIDS) • Signature Based Intrusion Detection System (SIDS) • Anomaly Based Intrusion Detection System (AIDS) NIDS is used to detect interference from the network. It is an excellent technique for detecting any network intrusion that detects suspicious activity on the network. It is also used to monitor all devices connected to the network. Like NIDS, HIDS also plays an essential role in the network. HIDS is used to detect and monitor suspect actions on the host PCs or devices. NIDS works on network devices, while HIDS works on host PCs. Anomaly-Based IDS and Signature-Based IDS are the subsets of the Intrusion Detection System. In signaturebased IDS, a signature is used. Its function is to monitor the activity on the network, whether it is authentic or non-authentic. When an unoccupied packet arrives on the network, the Signature-Based Intrusion Detection System detects those packets. Packets in SIDS are in the form of bytes. If packets match with existing packets, it is authentic accessibility, and if packets do not match with existing packets, it is unauthentic accessibility. Anomaly-Based depend on system behavior. When an attacker tries to turn a normal behavior of the system into abnormal behavior, an anomalous detection system detects it. This article will design and work on the architecture to install a separate router in each country and use a unique port number for each router to distort the country. We will then associate IDS with each country and see how we can detect if someone attacks the router. Finally, we will apply some rules and conclude that if an effective algorithm is designed to detect an attack from the cloud, what is the probability of detecting an attack from the cloud. The rest of the papers are as follows. Section II will explore recent developments in introductory research. Section III will present our new proposed Methodology., In Section IV, we will represent the experimental results, and Section V will be the conclusion of the article

II. RELATED WORK
Vishal and Vasudha reviewed various papers and discussed that there are many possible causes for DOS attacks [1]. DOS attacks can be on cloud servers, websites, layers of OSI model, etc. According to authors, DOS attack fills servers with malicious traffic that completely blocks the website or provides incomplete resources to end users while DDoS uses various machines or computers and fill the machine with malicious traffic. DDOS Attack sends an unlimited number of requests to the server using illegal IP addresses and these addresses are difficult to locate. DDOS attack sends an unlimited number of requests to the server using illegal IP addresses and these addresses are difficult to locate. After reviewed, authors worked on OSI model and discussed all possible attacks on each layer of the OSI model, obtained from various papers. Finally, concluded that the accuracy of the Random Forest and Cat Boost algorithms is very high that is 99.99%. Narendra et al. worked on cloud security challenges and discusses how the cloud can be protect from the basic level [3]. In this paper, authors discussed several attacks, threats, and models on the cloud server. According to the authors, the cloud stores and manages all types of data, but there are a number of risks involved when storing data. The biggest problem with cloud computing is cloud security and its attacks. Each technology requires two stages. One stage leads to challenges and the other stage leads to prosperity. Similarly, in cloud computing, one phase provides benefits, and the other phase leads the cloud to challenges. Challenges includes inside attacks, lack of support and standardization, malware threats, etc. The article concludes with a key security issue, discusses the reasons for the privacy breach and also discussed some of the dangers of destroying clouds.
Gassais et al. worked on Intrusion Detection techniques and proposed an automated host-based framework [6]. This article connects user and core spaces and uses machine learning methods to detect Intrusion from smart devices. One of these is the tracking technique that automatically deals with devices and processes data by using machine learning algorithms and produced alert. One of the many algorithms used in this article is the deep learning algorithm, which can detect interruption. The author tested this solution inside a realistic home automation system with real risks and demonstrated how it can be adapted to various devices and explain how this solution works well, taking advantages of its host-oriented approach.
As data storage on the cloud server increases, so does the attack rate on the cloud server also increasing [7]. Cyber security is becoming the biggest problem right now. Failure to prevent the intrusion can damaged the reputation of security services. Jang Jacquard et al., reviewed various Intrusion Detection techniques. Two of them are the Signature-Based IDS and the Anomaly Based IDS. In addition, some data resource techniques were used for the cloud. At the end, the author draws conclusions from recent papers and seeks to find innovative models for improving AIDS performance as a solution to Intrusion Detection System (IDS) issues.
According to Jyoti Snehi [8], the Intrusion Detection System is a device that connects to the network and monitors suspicious activity within the network and notifies the network administrator after a breakdown. If a network engages in malicious activity, it could potentially destroy important information, such as user loyalty and data breaches. Whenever an organization uploads its data to the cloud server, it needs to save the data from internal and external threats such as password cracking. Anti-malware and firewall software alone is not sufficient to protect the entire network or provide protection alone. This article discusses the different datasets used in different articles and concluded that interference across the entire network could be detected using IDS.
Mehrnaz Mazini uses artificial bee colony technique for Anomaly based IDS [28] and develops a hybrid method and detects huge exposure charge with cheap definite charge using AdaBoost algorithm. Several features were selected with the help of Artificial Bay-Colony. While features are classified and tested using the Ada Boost algorithm. The meta-algorithm was used in the Ada Boost algorithm. It is related to the accuracy of the advanced method to organizing various attack groups. At the end of the paper, optimized the problem of Intrusion Detection System (IDS) by using Artificial Bee-colony metaalgorithm.
Aryachandra designed the architecture based on a network [51] where the architecture was implemented on an efficient tool name snort. This architecture used two cloud servers and two ports for interference. Port name are VMBR1 and VMBR2 whereas cloud server names are cloud server-1 and cloud server-2. In this article, the author uses Intrusion Detection System (IDS) in three different places at three different times. In the first time, Intrusion Detection System (IDS) was placed outside of the cloud server. In the second time, Intrusion Detection System (IDS) was placed inside of the cloud server. In the third time, Intrusion Detection System (IDS) was placed both side in the cloud servers. After the attack on the network, three truth tables were set up to indicate the possibility of an attack. At the end of the article, Snort examined the effect of RAM and CPU during execution and found that RAM affects only 0.25% during execution. In contrast, CPU has no effect during execution.
Many researchers have done research to make the cloud safer. Different algorithms designed in different research. Many architectural constructions were done to keep the architects safe. Some researchers surveyed different papers and demonstrated better detection techniques. In paper [1], The authors reviewed several papers and collected different types of DDOS attacks that occurred in different papers after that placed different attacks on each layer of the OSI model, and looked at which DDoS attack can possible on which layer but this article does not show any method to prevent the cloud from being attacked by DDoS, nor is there any discussion on DDoS attack detection techniques. This article will design a network topology in which DDoS attacks will be carried out inside the cloud server and Brute force and pattern matching attacks will be carried out outside the cloud server. HIDS will be used to protect the cloud from pattern matching attacks, while some brute force prevention methods will be discussed to protect the cloud server from brute force attacks. Similarly, the cloudflare technique will be used to prevent from DDoS attacks. After that, some mathematical rules will be applied to all the results and conclusions will be drawn based on these rules.

A. ARCHITECTURE
In this paper, we will develop a cloud that will work like a real-time cloud in which we will use three routers (R1. R2 and URP), shown in Fig 1. We will assign a separate port number to each router. We will assign port number 5162 to the URP router and and port number 5745 to cloud server. Similarly, we will assign port number 3295 to router R1 and port number 7635 to router R2. The URP router will act as an interface, and all the routers data will go to the cloud server through URP. We will rename the URP router as Business Layer because routers and PCs from all countries will use this router to connect to the cloud server. We used two routers for two different countries and two different port numbers for each country. The reason for using a separate port number for each country is that each country uses a unique address and communicates with the entire network using its own port number.

B. SUBNETTING
After designing an architecture, we will assign a unique IP address to each router using subnetting, shown in Figure 1. We use subnetting because we can provide an up-to-date address to each router like a real-time cloud. Instead of giving a separate IP address to each router, we will take an IP address and divide it into different IP addresses by using subnetting. If the PC wants to connect to its router, the client will receive a Class-C IP address. We will assign a public IP address to Router (R1 and R2), URP, and Cloud server while assigning a private IP name to Router R1 and Router R2 PCs.

Subnets
Network First of all, we will subnetting so that we will take the class-A IP address 13.62.5.3, then we will create subnets according to the network. We will use a formula 2n-2 to make subnets. After the calculation, we will get four different subsets, including Network ID, Broadcast ID, and Subnet Mask.

C. ROUTER R1
We will assign port number 3295 to Router R1. Our procedure for Router R1 will be to first enter the user's User-ID and password, and then we will use the term "Signature" for verification purposes. The job of the signature will be to check the authenticity and inauthenticity of the incoming packets. If the incoming packets are authentic, the user will go to the second step of verification. The second step will be the port number that will show the country router. We will create three admin users in this router. We will provide each user with a unique user ID and password, and when the user clears step 1 verification, the user must verify step 2.
If the user does not clear the step 1 verification, the signature will not allow the user to enter step 2. When the user confirms step-1 and enters the second step, HIDS will check all the incoming keys of step 1 and step-2 along with the existing keys. If all keys match the existing keys, it means that it is an authorized user and will provide admin authority. We will use brute force to attack this router.

D. ROUTER R2
Router R2 will work like Router R1. We will use all the techniques and procedures that were used in Router R1. We will Bot and automatic Data Hiding Attack on Router R2. The user will first enter the user ID and password, and then the user will enter the port number. If a user steals a key using a keylogger, HIDS will check all incoming keys and match existing keys. If all the keys in step 1 and step 2 match the existing keys, it will provide access to the user. We will use eth-1 to connect different client PCs with Router R2.

E. User Routing Protocol (URP)
UPR is an interface that will act as an interface. The function of URP will that it will connect multiple routers and clients of routers with a cloud server. We will assign port number 5162 to the URP router. When clients of routers (R1 and R2) and routers want to connect to the cloud server, they will communicate via URP. We will use NIDS and Firewall with URP to protect the cloud server.

F. HOST BASED INTRUSION DETECTION SYSTEM (HIDS)
HIDS's job is to monitor incoming Host packets and detect malicious activities from packets. If an unauthorized person tries to access the cloud using invalid keys, HIDS will check the keys, then allow or disallow the user.

G. NETWORK BASED INTRUSION DETECTION SYSTEM (NIDS)
When the routers (R1 and R2) connect to the URP, NIDS will monitor packets across the network and check incoming activity on the URP and cloud server.

H. FIREWALL
The function of the firewall is that when the routers (R1 and R2) are connected to the URP and try to retrieve data from the cloud server, NIDS will monitor the packet and if the packets are malicious, so firewall will block it.

I. CLOUD SERVER
The cloud server will act as a data center where all the data will be stored. we will use port number 5745 for cloud server. We will not connect any router directly to the cloud server so that attacks on the cloud server are minimized or not. We will connect the cloud server to the URP via serial 0/1. We will DDoS attack on the cloud server because the cloud server is secure and powerful and can only be accessed using URP. There are two possibilities for DDOS to attack a cloud server. If a URP user attacks the cloud server and the other is if a user accesses the cloud server using URP. In this article we will attack the cloud server by URP user.

A. ATTACKS ON ROUTER R1
Whenever an invalid user tries to access the cloud server, invalid user always uses pattern matching techniques. The keys are estimated using pattern matching. This paper has designed a framework to protect the cloud server from pattern matching attacks so that the user can search or insert the keys for a limited time. After this limited time, that IP address will not be able to access the cloud server. Router R1 has been attacked with pattern matching and HIDS has been used to protect the cloud server from pattern matching attacks. R1 consist of 16-users and each user provide a unique Login ID and Password. Suppose a user enters an incorrect user ID, password, or both, then the cloud server gives him a second chance to re-enter the keys. If the user enters the wrong key a second time, the cloud server gives him one last chance, but repeatedly inserting the wrong keys means that this is an invalid user who is trying to guesses the keys repeatedly. In this case, the Host-Based Intrusion Detection System detected the intrusion by the host and generated multiple alerts at a time, as shown in  When the right user forgot the keys and entered the wrong keys in the first attempt, a second chance was given. If the second time also entered the wrong keys, a last chance was given. A right user will consider the wrong user because of using repeatedly wrong keys. If the user forgets the keys, the keys can be recovered via two-step verification. If the user enters incorrect keys and then entered the correct keys. The user must verify the account in order to identify the correct user and incorrect user as shown in Fig 3 and prevent the cloud server from being misused. Instead of using a graphical user interface to provide effective security to the cloud, various commands were developed and worked on it. Each command is given a unique functionality. "ipdispall" is the first command, whose job is to show all the devices which accessing the Router R1, as shown in Fig 4. The second command is "ipconfigdet_ipaddress" that is used inside the "ipdisplall" command to display the status of any PC. Fig 5 accessed the status of PC-3 by using the "ipconfigdet192.168.15.3" command. Two-parent commands were created in Router R1. One is "ipdispall", and the other is "ipdataaccess". A command name "ipconfigdet_ipaddress" is a subcommand of "ipdispall". The functionality of "ipdispall" is that it will display the IP address of each PC, which have already discussed. The second command is, "ipdataaccess". With the help of this command, various data was viewed on the cloud servers of Router R1. Router R1 data can be accessed using file numbers instead of various commands.

Prevention from Pattern Matching Attacks
The best way to prevent cloud servers from attacking pattern matching is to give the user limited access to login keys. The cloud server should then be locked for a while, but when the key is inserted repeatedly, the IP address should be blocked for 24 to 48 hours. The advantage of blocking IP address is that pattern matching will not be possible with this IP address. Until unlocked it.
To show the better results of Router R1, a mathematical law was used to accurately represent the product and prove its accuracy as shown in Table 2. The user cannot enter the port number until use the valid user-ID and password. The results of Router R1 are enforced in the Commutative Act where the user-ID is represented by "A" and the password is represented by "B". "X" is the result of accessing the cloud. Unless "A" and "B" are correct, access to the port will not be possible. Port accessibility is represented by "Y". When the user enters the correct user-ID and password, the port is then accessed. Port number is represented by "C". If "X" = True and "C" = False. So be it X^C or C^X, in both case, cloud access is not possible, which is shown in Table-2. If "X" = True and "C" = True, So be it X^C or C^X, in both case, cloud access is possible.

B. ATTACKS ON ROUTER R2
Two attacks were carried on router R1. One attack was made while accessing the router. When repeatedly trying to access the router using the wrong keys, which is shown in Fig 1. While the second attacked was done by brute force. If the intruder gets the user ID of any user, the attacker can search for the password using brute force. We used twostep verification for Router R2 Whenever an attacker attacks a cloud server, the first attempt of an attacker is Pattern Matching. With the help of which attacker enters every password he deems possible, but when there will be a signature matching prevention technique in the cloud which has already been discussed in this article, the attacker will use another technique that is Brute Force can be used in two ways. The first use is to create a dictionary and attack the cloud server using this dictionary and the second use is to design an algorithm and attack the cloud with this algorithm. The dictionary attacked has been done in this paper in which different passwords have been searched and it has been concluded that the longer the password length, the harder it will be to search for passwords. In Figure 6, the password = "admin" is found after 2 hours and 43 minutes. The Index number of this password has been found is "1883426". Passwords are less likely to be attacked if they contain special symbols and uppercase letters.

Prevention form Brute Force Attack
Cloud servers can be protected from Brute attacks in three ways. The first solution is to use two-step verification techniques. If a user obtains a cloud password using brute force, the cloud server will require two-step verification from the user. Then grant access to the cloud server. The second solution is that when the user accesses the cloud server, the user must verify OTP before accessing. The third solution is that the password length should be greater than 8, including at least two capital letters and two special symbols. Special symbols are safe and Brute Force attack do not work on the special symbols and there are very rarely chances of brute force attacks on special symbols. The longer and more secure the password, the harder the attack will be. After testing Router R2, all the results of Router R2 were applied to the mathematical property called "identity property" and two numbers (0 and 1) were used to indicate the accuracy and error of the results. 0 indicates incorrect results while 1 indicates correct results. According to "identity property", if multiply the correct number by 1, the result will be correct. Conversely, if multiply the correct number by 0, the result will be incorrect. Apply this property to Router R2 results where User-ID and password are equal to X and port number is equal to Y as shown in Table 3. Such as User-Id + Password = X and port number = Y. Suppose Y = 0, when X is multiplied by Y, the output will be zero, which means that Router R2 will not be accessible. Similarly, if Y = 1, when X multiplied by Y, the output will be 1, which means that Router R2 will be accessible due to the correct user-ID, password, and correct port number.

C. USER ROUTING PROTOCOL (URP)
The URP used an interface called Business Layer to connect the Router R1 and the router R2 to the cloud server. The URP has two users and is granted full access to Router R1 and Router R2. The URP router uses the command "ipshortport" that displays the sub-ports connected to the router, as shown in

D. Attacks on Cloud Server
In this paper, the cloud server acted as the data center. Cloud server can only be accessed through URP router, no other router can access cloud server directly. An internal attack on the cloud server may be possible through the cloud server user. DDoS attacks were carried out inside the cloud server in which the attackers sent various bots to the cloud server.
When an attacker wants to access or distort cloud server data, the attacker will send spam in the form of a bot, as shown in Fig 8. This bot will have an injection that will hide all data from the bot cloud server as soon as this bot offer is accepted. If the bot offer is rejected, the cloud server will return to normal. When the user accepts the attacker's offer, the bot of cloud deletes and corrupts all the data on the cloud server without any information. If the user does not agree with DDoS's offer, the figure Fig 9 will appear on the screen after a while. In this Bot, the attacker uses a new phishing technique in the message. The attacker detected 40 infected files from cloud servers. These files are not in the cloud server but the attacker uses this message to deceive us. There are two options in the bot of Fig 9. One is to delete infectious files using the "Remove" command and the other is to keep infectious files using the "Continue" command. If type the command "Remove", the cloud server will be attacked by a bot and all the data of a cloud server will be deleted and corrupted. If type the "Continue" command, then the bot will disappear from the cloud server screen and after a while it will come with a new name, shown in Fig 10. The attacker will remain to send these types of zombies again and again until accept it. Here are two other DDoS zombies are shown in Fig 9 and   If do not accept DDoS bot request, cloud server will not be attacked and as soon as accept the request, DDoS will attack the cloud server and all data will be deleted from the cloud server, shown in

Prevention form DDoS Attack
The cloud can be protected from DDoS in two ways. The first method is to permanently block the IP address if the attacker is sending DDOS using a static IP address. Alternatively, if the attacker is attacking DDoS via a dynamic IP address, the best solution is to use Cloudflare for the cloud server. But Cloudflare should act as an interface. Whenever different addresses try to access the cloud server, only the IP addresses that the cloud server allows access to the cloud server. Cloudflare should block all other invalid addresses as shown in Fig-12, which greatly reduces the chances of DDoS attacks on the cloud server.

E. Comparative Analysis
Various researchers have researched and developed many solutions to keep the cloud server safe and protect the data from suspicious attack. In 2018, Researchers surveyed to evaluate the performance of various data mining algorithms [23] and discussed that Fuzzy c-means is the best algorithm that provide an accuracy of 98.7% and detection time of DDoS attack 0.15 seconds. In 2019, Researchers suggest two ways to detect DDoS attacks [26]. One is the degree of attack and the other is the use of ML algorithm and discussed that the accuracy of ML (DDAML) is better than KNN, SVM and CIC-SVM algorithms. In 2020, Researchers have worked on cloud security challenges [3] and discussed that if the cloud is protected from the surface, then very rarely chances of malware attacks on the cloud servers, after that discussed several attacks, threats, and models for the cloud server. In 2020, some other researchers worked on Intrusion Detection techniques and proposed an automated host-based framework and combined the user and kernel spaces and used some machine learning techniques to detect Intrusion from smart devices. In 2021, Researchers reviewed various papers [1] and discussed that many possible causes for DOS attacks. After reviewed, worked on OSI model and discussed all possible attacks on each layer. Finally, concluded that the accuracy of the Random Forest and Cat Boost algorithms is very high that is 99.99%. Many researchers have worked on the algorithm and obtained different results from these algorithms but none of the researchers have experimentally proved the accuracy of the algorithm and have not discussed which technique can prevent the cloud from various attacks. ‫۔‬ If an attacker attacks a cloud server, how can the cloud be prevented from attack. This article developed an effective framework for providing security to the cloud server that can be used to secure the cloud server from inside and outside and also discussed all possible types of attacks that attackers typically use to attack a cloud server and disrupt cloud server. Various experiments were performed on the cloud server and discussed all techniques to prevent the cloud server from attacks and it was concluded that if a secure mechanism is implemented on the cloud server, then the cloud server can be protected from various attacks. If cloud servers and all cloud server devices are secure, then there is less chances of a cloud server attacks. A cloud can be secure if its algorithm is secure.

V. CONCLUSION
After developing and testing the software concluded that an intrusion detection system is an excellent technique for catching intervention from the cloud. Cloud can be protected from intrusion attacks if a secure algorithm for cloud computing is developed Clouds can only be secured when a secure architecture design for it. When an attacker tries to steal keys using spyware, the attacker can immediately access the cloud. The cloud can be saved if an alert and signature system is used in the cloud. Strict warnings can be issued if the attacker repeatedly enters the wrong keys. Cloud servers should use different authentication methods to provide better security, such as encryption, two-step authentication techniques, signatures, and so on.
This article develops an effective tool and then builds an architecture that uses HIDS, SIDS and NIDS to protect the various routers and cloud servers. The cloud server was then attacked in three different scenarios. In the first scenario, attacked Router R1. In the second scenario, attacked Router R2, and in the third scenario, attacked on the cloud server. Different tables were set for each scenario after the attack. and implemented the different laws into tables to check the table result accuracy. In conclusion, a cloud intrusion can be prevented if a better way is used to detect cloud intrusion as well as protect it from attacks.
In future, a secure algorithm will be developed for the cloud and will check the effect of various components of the system (RAM, CPU, and cache) in time of Intrusion Detection System (IDS) execution and will also compare multiple tools such as Snort, Suricata, OSSEC with this tool and develop a better algorithms and techniques for this tool and secure the cloud.