CIDD: A Cloud Intrusion Detection Dataset for Cloud Computing and Masquerade Attacks

Masquerade attacks pose a serious threat for cloud system due to the massive amount of resource of these systems. Lack of datasets for cloud computing hinders the building of efficient intrusion detection of these attacks. Current dataset cannot be used due to the heterogeneity of user requirements, the distinct operating systems installed in the VMs, and the data size of Cloud systems. This paper presents a Cloud Intrusion Detection Dataset (CIDD) that is the first one for cloud systems and that consists of both knowledge and behavior based audit data collected from both UNIX and Windows users. With respect to current datasets, CIDD has real instances of host and network based attacks and masquerades, and provides complete diverse audit parameters to build efficient detection techniques. The final statistic tables for each user are built by Log Analyzer and Correlator System (LACS) that parses and analyzes user´s binary log files, and correlates audits data according to user IP address(es) and audit time. We describe in details the components and the architecture of LACS and CIDD, and the attacks distribution in CIDD.