Claims:The scope of the invention is defined by the following claims:

Claim:
1. Transit Node Identification for IP Prefix Hijacking Location in Network Systems based on Cloud Environment comprising the steps of:
a) As a result, it is more effective than PageRank in identifying IP hijacking and its malicious transit nodes than other algorithms.
b) The proposed method, like PageRank, as in the original approach, it does not presume that AS will be distributed at random.
c) A better differentiation between regular nodes executing modest malicious transit activities and those performing big suspicious actions aids in the creation of accurate weights.
d) An online and real-time hijack detection system might use the TNI approach.

2. Transit Node Identification for IP Prefix Hijacking Location in Network Systems based on Cloud Environment in claim1, more effective than PageRank in identifying IP hijacking and its malicious transit nodes than other algorithms.

3. Transit Node Identification for IP Prefix Hijacking Location in Network Systems based on Cloud Environment in claim 1, method describes about PageRank, as in the original approach, it does not presume that AS will be distributed at random.

4. Transit Node Identification for IP Prefix Hijacking Location in Network Systems based on Cloud Environment in claim 1, creation of accurate weights is a better differentiation between regular nodes executing modest malicious transit activities and those performing big suspicious actions aids. , Description:Field of Invention
The IDS is designed to protect cloud computing platforms against malicious attacks. Insider and outsider assaults remain a key concern in dispersed cloud systems, and IDSs are frequently deployed as the first line of defence. Network intrusion detection systems (IDSs) keep an eye out for potential security risks and policy violations. Detecting modern cloud cyber risks is expensive and time consuming. As a result, good IDSs are critical for IT cloud security.
Background of the Invention
A variety of security approaches have been used to keep the cloud and networks safe from intrusions in the past. Additionally, whitelisting of applications such as firewalls and intrusion detection systems is included on this list (IDS and IPS). Because of the sheer size and complexity of cloud systems, there is no single method or strategy that can be used to handle all security issues. To keep a cloud computing system safe, a variety of protections need be put in place.
The IDS protects data privacy, infrastructure, and reputation when enterprises transfer workloads and resources to public cloud infrastructures like Amazon Web Services and Microsoft Azure. CIDSs are made up of many IDSs spread over huge distributed networks or individual servers that work together to identify cyberattacks. To improve the detection accuracy of a single IDS node, a CIDS is designed to correlate attack data from different subnets. DoS and DDoS, and malicious insider attacks can all be better monitored with these kinds of systems. Zero-day exploits might readily bypass an isolated IDS. Existing IDSs struggle to identify zero-day attacks and analyses enormous amounts of data from cloud networks.
The fact that cloud and virtualization technologies are built on top of existing internet infrastructures and platforms means that classic network attacks can be used against them. This attack is directed towards network protocols such as ARP, BGP, and DNS, among others (DNS). In most cases, these assaults are directed against protocols that were designed and deployed prior to any consideration being given to their overall security. There are no encryption, no identification, and no verification.
In the real world, spoofing can take many forms. BGP hijacking and DNS poisoning are just a few examples. DDoS attacks and the introduction of backdoors are just a couple of instances of what is possible (CN113472740A). As many nodes as possible are used to drain the target node's resources and prevent it from functioning (US20090013404A1)correctly in a distributed denial of service attack (DDoS). Many systems' bandwidth, memory, and open connection capabilities can be overwhelmed by a cluster of as many as 10,000 nodes. Often, the perpetrators are completely unaware that they have been hacked.
Transit Node Identification is a new technology we've developed (US20130254887A1) for detecting IP prefix hijacking attempts (TNI). Using this method, suspicious AS nodes and malicious events can be detected in real time within any transit node. TNI's new features have removed an external blacklist of hostile IP addresses, and malicious nodes are now identified using the weights of their neighbors. In the cloud, how do we deal with several CPs, each having a separate AS? BGP updates from these and other AS neighbors are used to train and test the proposed technique. The method separates a network into subgraphs and marks illegitimate paths with malicious nodes to track suspicious events.
True pathways and disconnected nodes are distinguished by the TAP metric. The model gives the discounted nodes a greater score than the real path. To better locate transit nodes, genuine (normal) nodes that are controlled by malicious nodes (US8451885B2). TAP scores help identify faulty network pathways that are likely to contain malicious transit nodes. Using TAP to divide the network into sub graphs with incorrect paths improves detection time.
The objective of the inventions are as follows: to propose a new Transit Node Identification (TNI) method that can detect malicious transit nodes in real-time; Identifying potentially illegal paths can be accomplished using a path verification approach, which we present here; malicious transit nodes were also quieted down. We suggest a graph-based Neighbor-Rank model that classifies illegitimate paths.
Summary of the Invention
Modern firewalls can protect against external assaults, but not against insider ones. Multiple defensive solutions are necessary to defend cloud infrastructure. Specifically, an IPS and adaptive IDS must be able to detect anomalies and assaults in a network, as well as distinguish between various scenarios observed when analyzing network behavior. Insider and outsider assaults on CIA cloud resources and services are widespread
Brief Description of Drawings
The invention will be described in detail with reference to the exemplary embodiments shown in the figures wherein:
Figure 1 Cloud visualization
Figure 2 Cloud system framework
Figure 3 Proposed architecture of transit node identification
Detailed Description of the Invention
Because of the internet's global reach, this type of attack is more likely. For example, in 2019, AWS infrastructure was repeatedly targeted by DDoS attacks, raising concerns regarding the use of AWS Shield DDoS prevention services. Insider assaults, while not unique to cloud-based systems, are concerning and can have serious consequences. They can be hostile employees or contractors or nearby tenants in multi-tenant systems. The impact of Edward Snowden's leaks as a US contractor was shown with the identification and mitigation of the former. Multi-tenanted cloud systems present a unique issue in dealing with adjacent tenants. It's possible for neighboring tenants to overwhelm their networks with traffic, breach systems, and sabotage systems by gaining access to their hypervisor.
The cloud computing revolution has been widely adopted in industry, commerce, and academia. This delivery paradigm allows virtualised resources to be quickly delivered based on demand, lowering costs and enhancing availability. These distinct features of cloud computing drive adoption of this new technology. However, dependency on cloud-based apps, networks, and infrastructure has created cloud-specific security flaws that are difficult to fix and highly costly. Cloud systems face both classic and new dangers. Moreover, Cloud providers and consumers collaborate to mitigate security dangers caused by these flaws. The rising cost of cybercrime drives the need for an effective and flexible Intrusion Detection System (IDS) that can identify known and undiscovered assaults on current cloud and network systems.
Attacks on CIA cloud resources and services are common. Cyber-extortion is the practise of threatening to divulge sensitive data until a ransom is paid. Second, cyberespionage steals sensitive data from government agencies. Attackers may utilise Advanced Persistent Attacks to collect sensitive data from high-profile organisations and governments (APT). APTs might disguise themselves as legitimate network traffic to avoid detection. Finally, cyber-warfare refers to state-sponsored threats that target ICT infrastructure. Malware attacks against virtualization systems are destructive and disruptive. DNS poisoning and ARP spoofing are examples of this. Authentication, validation, and privacy protection are absent.
The process of transforming a set of cloud artefacts, each node in the cloud responds to the visualisation request dependency on cloud-based apps, networks, and infrastructure has created cloud-specific security depicted in Figure 1. Routing anomalies, BGP Hijacking, data migration, live migration connections and communications can depicted in cloud system frameworks in Figure 2. Proposed architecture of transit node identification Transit Node Identification is a new technology we've developed for detecting IP prefix hijacking attempts (TNI) depicted in Figure 3.
4 claims & 3 Figures