SECURITY AND COMMUNICATION NETWORKSSecurity Comm. Networks (2015)

Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1224

SPECIAL ISSUE PAPER

Intrusion detection techniques for mobile cloudcomputing in heterogeneous 5GKeke Gai1, Meikang Qiu1 *, Lixin Tao1 and Yongxin Zhu2

1 Department of Computer Science, Pace University, New York, NY, 10038, U.S.A.2 School of Microelectronics, Shanghai Jiaotong University, Shanghai, 200240, China

ABSTRACT

Mobile cloud computing is applied in multiple industries to obtain cloud-based services by leveraging mobile technolo-gies. With the development of the wireless networks, defending threats from wireless communications have been playing aremarkable role in the Web security domain. Intrusion detection system (IDS) is an efficient approach for protecting wire-less communications in the Fifth Generation (5G) context. In this paper, we identify and summarize the main techniquesbeing implemented in IDSs and mobile cloud computing with an analysis of the challenges for each technique. Address-ing the security issue, we propose a higher level framework of implementing secure mobile cloud computing by adoptingIDS techniques for applying mobile cloud-based solutions in 5G networks. On the basis of the reviews and synthesis, weconclude that the implementation of mobile cloud computing can be secured by the proposed framework because it willprovide well-protected Web services and adaptable IDSs in the complicated heterogeneous 5G environment. Copyright ©2015 John Wiley & Sons, Ltd.

KEYWORDSintrusion detection; mobile cloud computing; security; heterogeneous 5G

*CorrespondenceMeikang Qiu, Department of Computer Science, Pace University, New York, NY, 10038, U.S.A.E-mail: mqiu@pace.edu

1. INTRODUCTION

The recent rapid development of the advanced mobile tech-nologies has resulted in a great jump for the growth ofmobile cloud computing (MCC) [1,2]. The core benefit ofadopting MCC is to improve the performance of mobiledevices by integrating three Internet-related technologies[3], involving mobile computing, mobile Internet, andcloud computing. Considering the Fifth Generation (5G)context in the near future, MCC will have higher level per-formances in offloading computations by migrating dataprocessing and data storage to the cloud for improvingmobile devices’ capacities [4–7] by the reason of enhancedbandwidth. However, the advanced wireless networks willface many challenges in security domain [8,9], which hasbeen explored by prior research from various perspectives[10]. One of the challenges is that overcoming hazardsfrom intrusions is difficult because of high efficiency wire-less communications, mutual interferences between signalcells, improper user authentications, managing tool limita-tions, and intentional attacks. Advanced networking speedmay assist attackers to hide their intrusions.

This paper addresses security issues in MCC and syn-thesizes recent achievements in intrusion detection tech-niques in order to find the approaches that can effectivelyutilize the advances of heterogeneous 5G. In the domainof wireless security, preventing wireless communicationsfrom intrusions is a vital part. The intrusion detection-based approach is considered as an approach providingsecure communication environment for future networks.

As a traditional security approach, intrusion detectionsystem (IDS) is a dynamic discipline that has been associ-ated with diverse techniques. With the distinct features ofeach technique, each detection method has both predom-inance and limitations. The significance of being awareof IDSs is that it is a fundamental of generating futureoptimized models for securing MCC-based services in 5G.

The main contributions of this paper are twofold.

! It provides future 5G developers and users with alogical effective model to achieve secure data trans-mission in MCC by applying IDSs.

! It reviews and synthesizes all crucial security con-cerns in MCC from a technical perspective.

Copyright © 2015 John Wiley & Sons, Ltd.

Intrusion detection techniques for mobile cloud K. Gai et al.

The rest of this paper is structured as follows. Section 2provides an overview of MCC terminology in 5G andthree aspects addressing mobile computing, mobile Inter-net, and technologies behind cloud computing. Section 3gives a summary of IDSs with a review of its key technolo-gies. In Section 4, we give a discussion with a number offuture research suggestions. And the conclusion is drawnin Section 5.

2. MOBILE CLOUD COMPUTINGTERMINOLOGY IN FIFTHGENERATION

2.1. Mobile cloud computing

Mobile cloud computing is a paradigm integrating mobilecomputing and mobile Internet with cloud computing forthe purpose of acquiring cloud-based services in the mobileenvironment [11–14]. One of the crucial features of thismobile model is that both data storage and data process-ing are migrated to the cloud from mobile devices [15].With the migration of data storage and data processing,MCC model is designed to support applications running inthe cloud that offer higher-level centralized functions [16].Considering security concerns in MCC, the threats’ assess-ment can address security problems from three constituenttechnologies, namely, mobile computing, mobile Internet,and cloud computing.

Figure 1 represents a technique structure model forMCC, which illustrates main techniques being deployedin the current industry. For example, three key techniquessupporting cloud computing include parallel programmingmodel, virtualization, and mass distributed storage. Thefollowing subsections give detailed information concern-ing three fundamental technologies in MCC.

2.1.1. Mobile computing.The term mobile computing refers to the platform sup-

ported by wireless networks that enable portable devices toaccess services on the Web [11,17]. The platform in mobilecomputing is the manner for end users to acquire Web

Figure 1. Techniques model for mobile cloud computing.

services in the wireless environment. The main advantageof leveraging mobile computing is to reduce applications’development time [18].

However, mobile computing relies on wireless technol-ogy and faces threats when communications take place viawireless networks, although it is often restricted by hard-ware capacities [19]. For example, one of the threats ofmobile computing [20] is that the wireless communicationscan be easily invaded when using virtual private networkbecause of the interconnecting various networks. The secu-rity level usually depends on the authentication means andencryption method for virtual private network access.

2.1.2. Mobile Internet.The mobile Internet is an advanced networking technol-

ogy derived from the development of wireless networks.Current active technologies include WiFi, Third Genera-tion (3G), and long-term evolution [21]. 5G is consideredas the future acquisition for mobile Internet. The coreconcept of mobile Internet is connecting two communi-cators via wireless networks and supporting Web-basedapplications, which can be also defined as Web services.

The term Web services [22,23] refers to the inte-grations of Web-based applications by using ExtensibleMarkup Language (XML); Simple Object Access Protocol(SOAP); Web Services Description Language (WSDL);and Universal Description, Discovery, and Integration(UDDI). The integration provides electronic devices witha networking-based communication approach.

In a perspective of mobile Internet, security concernsoften address service layer objects, such as [24] platform,application, and infrastructure layers, because the securitycriteria and requirements maybe varied. Nevertheless, nomatter which service layer is concentrated, the wirelessnetwork itself always faces threats from intrusions.

2.1.3. Behind cloud computing.The technologies supporting cloud computing are very

similar regardless of service types or deployments [25,26].We summarize three current operative technologies foradopting cloud computing, including the virtualization,mass distributed storage (MDS), and parallel programmingmodel (PPM) technologies [27–30].

First, virtualization is a service deployment approachthat is broadly used in cloud computing. The main pur-pose of the virtualization is to divide computing resourcesinto various service levels [28,31] by virtualizing objectresources, such as data, servers, networks, and physicalmachines [30]. Once the service levels are categorized,services are delivered by virtual machine (VM).

A VM in cloud computing is an approach of allocat-ing computing resources to a group of logic-related entities[32–34] and representing information to end users. It isan isolate application running on the operating system thatprovides end users with a virtualized functionality. Theprime motivations of using VMs [35] are reducing costs,saving energy [36,37], and simplifying maintenance.

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.

DOI: 10.1002/sec

K. Gai et al. Intrusion detection techniques for mobile cloud

Moreover, VMs can protect end users’ informationbecause of the platform independency [38,39], whichmeans that VMs are isolated from other components ofthe system. In a networking context, attackers can onlygain controls on VMs by attacking the lower layer hyper-visor [40]. Nevertheless, the greatest vulnerability in usingVMs is that it is hard to maintain a consistent secu-rity because of its dynamic nature [41]. Migrating VMsamong physical servers can result in security risks becausethere is no firewall segregating VMs within a virtualoperating environment.

Other concerns when adopting VMs include virtual-ization overhead and reliability [42]. To address theseissues, Lin et al. [43] proposed an approach that sup-ported hardware-assisted virtualization, which was termedas hybrid virtualization (HV).

Second, MDS technology [30,44,45] is a manner ofincreasing data reliability and infrastructure credibility byadopting multiple storage servers and applications. Thisapproach can avoid losing data from site disasters becausedata are stored in different places. The interconnectionsbetween heterogeneous networks can seamlessly connectdistributed services in MCC [46]. However, the securityconcern is that unreliable storage devices maybe used asa trusty infrastructure for users. Wireless traffics amongdifferent physical locations can lead more chances of intru-sions. In an intensive networking environment [46], thistechnique may cause services discontinuity, signals inter-ruptions, and networking management chaos. One solutionto MDS technology [46] is providing transparent cloud-base services for end users.

Finally, the PPM technology [30,47] is termed as acloud-based solution supporting synchronous tasks. Thistechnology is widely applied in parallel data processingby adopting parallel programming applications [47,48] thatdrill down tasks into a number of subtasks. It is also con-sidered as an efficient approach of solving large-size datatransmissions [48].

In summary, technologies behind cloud computing arefundamentals of our model, which are aligned with bothsecurity concerns and solutions. The following sectionreviews the concept of heterogeneous network that pro-vides networking platform for cloud computing.

2.2. Heterogeneous Fifth Generationnetworks

A heterogeneous wireless network describes an integratednetwork that connect end users’ portal devices with vari-ous operating systems or protocols without restrictions ofmanufacturers. This mixture-style network is a trend in theadvanced wireless era that supports Mobile Broadband ser-vices [49]. The desired high compatibility and performancesupported by applying new spectrums is a fashionableexpectation. However, current methods of allocating spec-trum need to take a long term to reach this expectedgoal [50].

Considering current performances of heterogeneousnetworks, some predictable features of future heteroge-neous 5G can be determined within a mobile cloud context.The first expectation is that heterogeneous 5G can enhancefuture devices’ performances. For example, mobile cloud-based heterogeneous networking solutions provide endusers with a means of managing performance and energyconsumption trade-off [51]. Leveraging distributed-basedapproaches will be implemented more broadly because thecapacity of 5G dramatically increases.

However, there are also a number of concerns regardingsecurity. For instance, heterogeneous wireless networksallow end users to easily switch networks between WiFiand Fourth Generation (4G) and 5G, which leads to theconcerns of interoperability [52]. Lack of standardizedradio access may cause massive interferences for adopt-ing MCC, where it may provide attackers with intrusionopportunities. The following section reviews current activeor novel intrusion detection approaches in the advancedwireless context.

3. INTRUSION DETECTIONSYSTEMS

An IDS is a monitoring infrastructure or application thatsurveils all events or communication traffic taking placein a computing system or over networks and gener-ates reports to the management system by differentiat-ing intrusions, suspicious activities, and other maliciousbehaviors [41,53–55]. The term intrusion, also knownas attack, is a behavior of evading computer securitypolicy or standard [56,57], which can occur in varioussituations [58].

In a wireless networking environment, the IDS usu-ally focuses on observing the processes of wireless com-munications and examining the behaviors and activitiesrepresented in the processes. Considering the methods ofdata collection, there are two sorts of IDSs [58], namely,host-based IDS and network-based IDS. A host-based IDScollects data from specific system log files running onthe node. Instead, a network-based IDS gathers data bysurveilling and capturing the traffic.

Moreover, from a perspective of techniques, network-based IDSs can be grouped into five basic categories,including signature-based detection (SBD), anomaly-based detection (ABD), specification-based detection(SPBD), stateful protocol analysis detection (SPAD), andhybrid intrusion detection. Figure 2 represents a techniquemodel for IDSs with key characteristics of each technique.

3.1. Detection methodologies

This section reviews the concepts, deployments, limi-tations, and techniques of diverse IDSs, including theSBD, ABD, SPBD, SPAD, and hybrid intrusion detectionapproaches. Table I displays these approaches’ principles,performances, and limitations.

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.DOI: 10.1002/sec

Intrusion detection techniques for mobile cloud K. Gai et al.

Figure 2. Techniques model for intrusion detection systems.

Table I. Comparisons of different intrusion detection approaches.

Methodologies Principle Performance Limitations

SBD Seeking Rely on the pre- Common limitations of SBD includemalware installed intrusion 1. Limited ability to deal with new threats andsignature databases that are used encrypted packets

to compare the network 2. An excess network packet can causetraffics with the stored performance deductionssignatures at database 3. Inefficient supports for weak authorizations

ABD Monitoring Supported by three Different techniques may cause various risks. Twotraffics by techniques, including common challenges are as follows:seeking statistical-based,

1. Building a precise normal profile is difficultapparent knowledge-based, and

2. Defining parameters and criterion is difficultdivergences or machine learning-basedinconsistencies ABD. The type of techniques depends on the demands.

SPBD Behavior Examine the variable- Two restrictions for deploying SPBD involve:standard in length patterns for 1. A great workload of defining normala special- detecting new threats behavioral specificationsdemands or attacks with lower 2. Novel attacks or threats can be only detectedformation level false positive while the risks physically occur in most

situationsSPAD Separate Evaluate both TCP and Two major limitations are as follows:

abnormal UDP, Provide stateful 1. Highly rely on the protocol analysisevents from characteristics protocol 2. Cannot detect intrusions based on the singleroutines analysis request or response

HID Simultaneously Have a chance to gain Restrictions of adopting hybrid intrusion detectiondeploy advantages from includedetection the combination in 1. Combination design is hard due tomethodologies order to deal with complicated context and demands

advanced requirements 2. Packet overhead that may cause difficulty ofor complicated traffics implementations

SBD, Signature-based; ABD, anomaly-based; SPBD, specification-based; SPAD, stateful protocol analysis; TCP, Transmission ControlProtocol; UDP, User Datagram Protocol; HID, hybrid intrusion detection.

3.1.1. Signature-based detection and approach.An SBD is a widely acceptable approach for antivirus

software to identify malware by looking into malwaresignature. The term signature refers to the pattern orstring correlating with the known threatening interven-tions [41]. The process of SBD relies on the pre-installed

intrusion patterns or strings on the database. This operatingmanner limits its performance because the malware sig-nature will not be detected when the SDB system is notupdated. The IDS using SBD may not be able to identifythe new threats when the system connects to the Internetbecause the intrusions are dynamic.

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.

DOI: 10.1002/sec

K. Gai et al. Intrusion detection techniques for mobile cloud

This restriction can be partially solved by deployingan automated signature creator attached to the SDB sys-tems [59,60]. The signature creator can be generated fromcollecting and analyzing constituents of frequent or con-sistent behaviors [60,61]. However, the limitation of thissolution is that current algorithms cannot fully detectall malicious instances. Most approaches addressing thisissue determine the suspicious traffic by analyzing thedata streams’ reflections [61], which cannot entirely securethe outcomes.

In addition, an excess of network packet often causesthe performance deductions when the processing capabilitycannot match the wireless transmission ability [62]. Thissituation can be improved by migrating data processingand storage to the cloud and examining the parallel exclu-sive signature matching on the cloud-based servers [63].Through the analysis among parallel data transmissionsbetween end users and cloud-based servers, the cloud-based SBD system can achieve intrusion detection withoutnetwork packet overload.

3.1.2. Anomaly-based detection and approach.The ABD system refers to an approach of identifying

apparent divergences or inconsistencies between the targetevents and predefined normal transmissions [62,64–66].The comparison can determine whether there is a partitionbetween normal and unusual behaviors, and the unusualbehavior is considered as an active or potential attack,which depends on the level of differences. Three commontechniques [67] supporting comparisons include statistical-based [68], knowledge-based, and machine learning-basedtechniques [69,70].

Statistical-based technique tracks all networking trafficsand generates a profile examining whether there are anyimproper traffic by a statistical analysis [67]. The statisticsare formulated by evaluating the correlations among thedefined parameters, such as ports and devices, traffic rates,packets connecting to each protocol, and Internet Proto-col addresses. The difficulties for applying statistical-basedtechnique are twofold. First, positioning a proper balancebetween positive and negative behaviors is hard. Second,this technique may fail when the system is being attacked.

Next, the knowledge-based technique is applicable forthose systems that consist of specific knowledge struc-tures or attached to a set of rules [67], such as symbolicrepresentations. The rules are composed of features andclasses, which can be generated by experts or testingapproaches. The gathered data are categorized and allo-cated into different rules. The limitation of this technique isthat formulating quality knowledge-based rules can suffera prolonged development.

Finally, a machine learning-based technique [70,71] isa procedure of constructing new behavior models based onthe observations of activities, events, and behaviors. Themeans of data analysis is similar to statistical-based tech-nique. The difference is that the machine learning-basedtechnique can acquire new information model based onthe analysis [72]. The obstacle of adopting this technique

is the extensive requirement of computing resources [67],which imply that the examination is highly dependent onthe stored secure behavior assumptions.

In summary, the main challenges of ABD systeminclude the following: (i) building a precise normal pro-file is burdensome for the reason of the traffic variety anddynamic networking environment [73]; and (ii) definingparameters and criterion is tough because attackers can betrained in evading the apparent symptoms [70].

3.1.3. Specification-based detection andapproach.

Compared with ABD, an SPBD has a similar mode fordetecting deviations but needs users to establish a behav-ior evaluation standard in a special-demands formation[74]. The motivations of applying an SPBD system are toobtain higher level capabilities in detecting new attacks andincreasing accuracy. An SPBD approach is considered asan appropriate solution to examining the variable-lengthpatterns [75]. However, similar to other ABD systems, anSPBD system also requires a great workload of definingnormal behavioral specifications.

3.1.4. Stateful protocol analysis and approach.The SPAD is a novel approach of intrusion detection

that distinguishes irregular events from routine streams ina session by leveraging a pre-determined ubiquitous profile[76]. The profile provides end users with a list of secureand trusty activity definitions. Both Transmission ControlProtocol (TCP) and User Datagram Protocol (UDP) will beevaluated when performing the SPAD [77]. The main posi-tive feature of this technique is providing protocol analysiswith stateful characteristics.

Despite that the SPAD offers strong protocol analy-ses, there are two limitations in practice. First of all, thistechnique highly relies on the protocol analysis so thatattackers can avoid intruding the general accepted protocolcharacteristics in order to deceive the SPAD into believ-ing that the system is secure [78]. Moreover, this techniquedoes not completely solve the problem of detecting attacksbased on a single request or response. Addressing thisproblem, more stateful characteristics need to be added tothe protocol analysis profile, which synchronously causesheavy workloads and oversized packets.

3.1.5. Hybrid intrusion detections.Multiple intrusion detection approaches can be simul-

taneously deployed based on the security demands[71,74,79,80]. The purpose of combining two or moretechniques is to design new intrusion processes by tak-ing advantages of different techniques. For example [80],combining ABD with Knowledge-based Intrusion Detec-tion (KBD) has been proved that it can protect mobile adhoc networks from a range of attacks. Moreover, it alsohas been examined that integrating SPBD with ABD canenable the specification-based detection approaches to take

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.DOI: 10.1002/sec

Intrusion detection techniques for mobile cloud K. Gai et al.

advantage of machine-learning algorithm, which assiststhe SPBD system to obtain the ability of creating newpatterns [74].

The main challenge of this approach is that effectivelycombining multiple detection means is difficult. The bal-ance point of workload, efficiency, and security is hardto position. Because two or more detection manners worktogether, the packet overhead is hard to be avoided.

3.2. User authentication

In MCC, a password cannot match the security require-ments for an access authentication in those industries thatrequire higher level security. A number of approaches forgenerating strong user authentications have been created.The purpose of the authentication [81] is to verify users’identities by leveraging effective authentication mecha-nisms to ensure that the access requests are sent by theparties with proper authorizations.

An important mechanism category is biometric authen-tication that examines users by identifying individualfeatures [82–85], such as physical characteristics andbehaviors [86]. This approach is a complementary sup-port for password-based verifications, which can providea secure end users access. Nevertheless, this techniquedelivers personal information and uses the data as theaccesses to the authentication systems. Any intrusionsduring the wireless communications can cause threats topersonal privacy.

4. DISCUSSIONS

According to the aforementioned reviews, the imple-mentation of MCC within a heterogeneous 5G net-

work provides end users with many potential expectedfeatures, such as faster bandwidth. The new featurewill bring users positive user experiences as well aspotential risks including security concerns. For achiev-ing a secured networking environment, installing anIDS is able to increase the security level of mobiledevices, albeit this approach is restricted by the currentnetworks performance.

In order to address this issue, we propose a high levelframework of leveraging MCC-based IDSs for protect-ing mobile application utilizations that are explicated inFigure 3. In this framework, all data transmissions aredelivered by the heterogeneous 5G networks, which sig-nify the flexibility of networking choices for mobile users.All data processing required by intrusion detections aremigrated into cloud. Previous research has provided avariety of approaches for achieving secure networkingenvironment by adopting energy-aware security algorithmor embedded systems [9,87].

For a current typical cloud-based application, generat-ing private key and public key in most situations can onlyprotect the data transmissions. The reason of this phe-nomenon is that the restriction of networking bandwidthcannot support effective protections offered by the thirdparty in the cloud. Otherwise, mobile devices may facechallenges in energy loss and long latency.

Fortunately, the proposed framework highlights theadvantages of heterogeneous 5G and combines cloud-based IDSs with other applications in the cloud. Thewidened bandwidth provides an effective networking plat-form that can give strong supports to the intrusion detec-tion activities. The IDSs interface running on mobiledevices can implement a background operation that isresponsible for traffic data collection. The normal pro-file database and dynamic machine-learning system in

Figure 3. High level framework of leveraging MCC-based IDSs on mobile applications.

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.

DOI: 10.1002/sec

K. Gai et al. Intrusion detection techniques for mobile cloud

the cloud can offer capable functions and performancesas the cloud-based data processing has less concernson power consumptions and storage. It is possible todevelop a functional IDS that consists of a full set ofprofile packages.

5. CONCLUSIONS AND FUTUREWORK

Being productions of networking technologies, MCC andheterogeneous 5G are desired to bring users more ben-efits. Nonetheless, wireless communications will not besecured unless the data transmissions are protected by anefficient approach. This paper reviewed essential conceptsand recent research achievements about MCC, heteroge-neous 5G, and IDSs. Based on the outcomes of the review,we proposed a high level framework that uses cloud-basedintrusion detection approach to gain a secure wirelesscommunication in 5G.

Moreover, we proposed a number of questions forfuture research.

(1) How can we prevent users’ privacy leaks whenadopting the cloud-based IDS? (2) What is a secure datatransmission method between end users and cloud-basedIDSs? (3) Whether we can develop an energy-aware modelfor mobile devices in order to ensure they can fully utilizethe benefits of heterogeneous 5G.

ACKNOWLEDGEMENT

This work was supported in part by the National Sci-ence Foundation under Grant numbers CNS-1457506 andCNS-1359557.

REFERENCES

1. Dihal S, Bouwman H, Reuver MD, Warnier M,Carlsson C. Mobile cloud computing: state of the artand outlook. Info, Emerald Group Publishing Limited2013; 15(1): 4–16.

2. Wang W, Yu C, Rashid A, Chuang H. Toward the trendof cloud computing. Journal of Electronic CommerceResearch 2011; 12(4): 238–242.

3. Ahujia SP, Rolli AC. Exploring the convergence ofmobile computing with cloud computing. Network andCommunication Technologies 2012; 1(1): 97–102.

4. Kumar K, Lu Y. Cloud computing for mobile users:can offloading computation save energy? Computer2010; 43(4): 51–56.

5. Shiraz M, Gani A, Khokhar RH, Buyya R. A reviewon distributed application processing frameworks insmart mobile devices for mobile cloud computing.

IEEE Communications Surveys & Tutorials 2013;15(3): 1294–1313.

6. Miettinen AP, Nurminen JK. Energy efficiency ofmobile clients in cloud computing, Proceedings ofthe 2nd USENIX Workshop on Hot Topics in CloudComputing, Boston, MA, 2010; 1–4.

7. Simoens P, Turck FD, Dhoedt B, Demeester P. Remotedisplay solutions for mobile cloud computing. IEEEInternet Computing 2011; 13(5): 46–53.

8. Qiu M, Su H, Chen M, Ming Z, Yang LT. Balanceof security strength and energy for a PMU monitoringsystem in smart grid. IEEE Communications Magazine2012; 50(5): 142–149.

9. Qiu M, Gao W, Chen M, Niu J, Zhang L. Energyefficient security algorithm for power grid wide areamonitoring system. IEEE Transactions on Smart Grid2011; 2(4): 715–723.

10. Qiu M, Zhang L, Ming Z, Chen Z, Qin X, Yang LT.Security-aware optimization for ubiquitous comput-ing systems with SEAT graph approach. Journal ofComputer and System Sciences 2013; 79(5): 518–529.

11. Asrani P. Mobile cloud computing. International Jour-nal of Engineering and Advanced Technology 2013;2(4): 606–609.

12. Fernando N, Loke SW, Rahayu W. Mobile cloudcomputing: a survey. Journal of Future GenerationComputer Systems 2013; 29(1): 84–106.

13. Latif SA, Hakak S, Amin G. A review on mobile cloudcomputing and issues in it. International Journal ofComputer Applications 2013; 75(11): 1–4.

14. Satyanarayanan M. Mobile computing: the nextdecade. ACM SIGMOBILE Mobile Computing andCommunications Review 2011; 15(2): 2–10.

15. Khalifa I, El-Sayed H, El-Gaber IA. Enhanced mobilecloud computing platform. International Journal ofComputer Applications 2013; 63(7): 12–18.

16. Christensen JH. Using RESTful web-services andcloud computing to create next generation mobileapplications, Proceedings of the 24th ACM SIGPLANConference Companion on Object Oriented Program-ming Systems Languages and Applications, Orlando,Florida, USA, 2011; 627–634.

17. Cuddy C. Mobile computing. Journal of ElectronicResources in Medical Libraries 2009; 6(1): 64–68.

18. Rubin Y, Guy N, Shachor G, Kallner S, Ben-HarrushI. Puremeap - a mobile enterprise application plat-form: a bird’s-eye view of the software architecture,Proceedings of the 2013 ACM Workshop on MobileDevelopment Lifecycle, Indianapolis, Indiana, USA,2013; 17–18.

19. Jararweh Y, Tawalbeh L, Ababneh F, KhreishahA, Dosari F. Scalable cloudlet-based mobile com-puting model, Proceedings of the 9th International

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.DOI: 10.1002/sec

Intrusion detection techniques for mobile cloud K. Gai et al.

Conference on Future Networks and Communi-cations (FNC’14)/The 11th International Confer-ence on Mobile Systems and Pervasive Computing(MobiSPC’14)/Affiliated Workshops, Niagara Falls,Ontario, Canada, 2014; 434–441.

20. Deepak G, Pradeep BS. Challenging issues and limi-tations of mobile computing. International Journal ofComputer Technology and Applications 2012; 3 (1):177–181.

21. Kaikkonen A. Mobile Internet: past, present, and thefuture. International Journal of Mobile Human Com-puter Interaction 2009; 1: 29–45.

22. Chinnici R, Moreau JJ, Ryman A, Weerawarana S.Web services description language (WSDL) version2.0 part 1: core language, W3C, 2007. http://www.w3.org/TR/2006/CR-wsdl20-20060327/wsdl20-z.pdf[Accessed on December 2014].

23. Messaoud E HB, Diouri O. Web service secu-rity: overview, analysis and challenges. InternationalJournal of Computer Science Issues 2014; 11(2):124–138.

24. Mahanti A, Sen S. High-performance mobile internet.IEEE Internet Computing 2014; 18(1): 8–11.

25. Hu F, Qiu M, Li J, Grant T, Taylor D, McCalebS, et al. A review on cloud computing: designchallenges in architecture and security. Journal ofComputing and Information Technology 2011; 19 (1):25–55.

26. Gai K, Li S. Towards cloud computing: a literaturereview on cloud computing and its development trends,2012 Fourth International Conference on MultimediaInformation Networking and Security, Nanjing, China,2012; 142–146. IEEE.

27. Marozzo F, Talia D, Trunfio P. P2P-MapReduce: par-allel data processing in dynamic cloud environments.Journal of Computer and System Sciences 2012; 78(5):1382–1402.

28. Masdari M, Zebardast B, Lotfi Y. Towards virtual-ization in cloud computing. International Journal ofAdvanced Research in Computer Science 2013; 4(3):96–101.

29. Wang Y, Sun W, Zhou S, Pei X, Li X. Key tech-nologies of distributed storage for cloud computing.Journal of Software 2012; 23(4): 232–242.

30. Zhang S, Yan H, Chen X. Research on key tech-nologies of cloud computing. In Physics Procedia.Elsevier: Beijing, China, 2012; 1791–1797.

31. Baroncelli F, Martini B, Castoldi P. Network virtual-ization for cloud computing. Annals of Telecommuni-cations 2010; 65(11–12): 713–721.

32. Ma Z, Sheng Z, Gu L. DVM: a big virtual machine forcloud computing. IEEE Transactions on Computers2013; 63(9): 2245–2258.

33. Luo Y. Network I/O virtualization for cloud com-puting. IT Professional Magazine 2010; 12 (5):36–41.

34. Chaudhary D, Chhillar RS. Reverse host allocationapproach for virtual machine cloud computing envi-ronment. International Journal of Computer Applica-tions 2013; 72(17): 45–49.

35. Langer SG, French T. Virtual machine performancebenchmarking. Journal of Digital Imaging 2011;24(5): 883–889.

36. Bright PP, Bijolin EE. Energy efficient virtual machinemonitoring architecture for green cloud computing.International Journal of Computer Applications 2013;65(3): 15–18.

37. Lovsz G, Niedermeier F, Meer HD. Performancetradeoffs of energy-aware virtual machine consolida-tion. Cluster Computing 2013; 16(3): 481–496.

38. Zhang F, Chen H. Security-preserving live migrationof virtual machine in the cloud. Journal of Networkand Systems Management 2013; 21: 562–587.

39. Wang Z, Liu M, Zhang S, Qiu M. Sensor virtualiza-tion for underwater event detection. Journal of SystemsArchitecture 2014; 60(8): 619–629.

40. Modi C, Patel D, Borisaniya B, Patel H. A survey ofinstrusion detection techniques in cloud. Journal ofNetwork and Computer Applications 2013; 36: 42–57.

41. Liao H, Lin CR, Lin Y, Tung K. Intrusion detectionsystem: a comprehensive review. Journal of Networkand Computer Applications 2013; 36: 16–24.

42. Zhang W, Liu J, Liu C, Zheng Q, Zhang W.Workload modeling for virtual machine-hostedapplication. Expert Systems with Applications 2014;42(4): 1835–1844.

43. Lin Q, Qi Z, Wu J, Dong Y, Guan H. Optimizing vir-tual machines using hybrid virtualization. Journal ofSystems and Software 2012; 85: 2593–2603.

44. Liao X, Li H, Jin H, Hou H, Jiang Y, Liu H.VMStore: distributed storage system for multiple vir-tual machines. Science China Information Sciences2011; 54(6): 1104–1118.

45. Chockler G, Guerraoui R, Keidar I, Vukolic M. Reli-able distributed storage. IEEE Computer 2009; 42(4):60–67.

46. Gani A, Nayeem GM, Shiraz M, Sookhak M,Whaiduzzaman M, Khan S. A review on interwork-ing and mobility techniques for seamless connectivityin mobile cloud computing. Journal of Network andComputer Applications 2014; 43: 84–102.

47. Tapkire MD, Patil BM, Chandode VM. Parallel dataprocessing in the cloud using nephele. InternationalJournal of Computer Applications 2013; 69 (16):1–8.

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.

DOI: 10.1002/sec

K. Gai et al. Intrusion detection techniques for mobile cloud

48. Dobre C, Xhafa F. Parallel programming paradigmsand frameworks in big data era. International Journalof Parallel Programming 2014; 42(5): 710–738.

49. Jasim AA, Mawjoud SA. LTE heterogeneous net-work: a case study. International Journal of ComputerApplications 2013; 61(8): 1–6.

50. Lei W, Hai W, Yu Y, Fei Z. Heterogeneous networkin LTE-advanced system, Proceedings of 2010 IEEEInternational Conference on Communication Systems,Singapore, 2010; 156–160.

51. Tian Y, Lin C, Li K. Managing performance andpower consumption tradeoff for multiple heteroge-neous servers in cloud computing. Cluster Computing2014; 17: 943–955.

52. Barbu OE, Fratu O. An enabler of interoperabilityin heterogeneous wireless networks, 2011 2nd Inter-national Conference on Wireless Communication,Vehicular Technology, Information Theory andAerospace & Electronic Systems Technology, Chennai,2011; 1–5.

53. Patil AA, Patil SR. Intrusion detection system usingtraffic prediction model. International Journal of Com-puter Applications 2014; 95(23): 25–28.

54. Ochieng N, Mwangi W, Ategy I. A tour of the com-puter worm detection space. International Journal ofComputer Applications 2014; 104(1): 29–33.

55. Cao D, Qiu M, Chen Z, Hu F, Zhu Y, Wang B. Intel-ligent fuzzy anomaly detection of malicious software.International Journal of Advanced Intelligence 2012;4(1): 69–86.

56. Catania CA, Garino CG. Automatic network intru-sion detection: current techniques and open issues.Computers and Electrical Engineering 2012; 38:1062–1072.

57. Qiu M, Wu J, Huang H, Li W. Hardware ControlledSystematic Approach to Detect and Prevent Virus,Handbook of Security and Networks, 2011, 285–299.

58. Stamouli I, Argyroudis PG, Tewari H. Real-time intru-sion detection for ad hoc networks, Proceedings of thesixth IEEE International Symposium on a World ofWireless Mobile and Multimedia Networks, Oak RidgeNational Laboratory, TN, USA, 2005; 374–380.

59. Ocampo F, Castillo T, Gomez M. Automated signaturecreator for a signature based intrusion detection systemwith network attack detection capabilities. Interna-tional Journal of Cyber-Security and Digital Forensics2013; 2: 25–35.

60. Anbar M, Manickam S, Hosam A, Chai K, BakliziM, Almomani A. Behaviour based worm detection andsignature automation. Journal of Computer Science2011; 7: 1724–1728.

61. Cherniak A, Zadorozhny VI. Signature-based detec-tion of notable transitions in numeric data streams.

IEEE Transactions on Knowledge and Data Engineer-ing 2013; 25(12): 2867–2879.

62. Meng W, Li W, Kwok L. EFM: enhancing the perfor-mance of signature-based network intrusion detectionsystems using enhanced filter mechanism. Computers& Security 2014; 43: 189–204.

63. Meng W, Li W, Kwok L. EFM: Enhancing the perfor-mance of signature-based network intrusion detectionsystems using enhanced filter mechanism. Computers& Security 2014; 43: 189–204.

64. Nagarajan N. An anomaly-based network intrusiondetection system using fuzzy logic. International Jour-nal of Computer Science and Information Security2010; 8: 185–193.

65. Nagarajan N. An anomaly-based network intrusiondetection system using fuzzy logic. International Jour-nal of Computer Science and Information Security2010; 8: 185–193.

66. Sha W, Zhu Y, Huang T, Qiu M, Zhu Y,Zhang Q. A multi-order markov chain basedscheme for anomaly detection, 2013 IEEE 37thAnnual Computer Software and Applications Confer-ence Workshops (COMPSACW), IEEE, Japan, 2013;83–88.

67. Kheyri D, Karami M. A comprehensive surveyon anomaly-based intrusion detection in MANET.Computer and Information Science 2012; 5 (4):132–139.

68. Chora M, Saganowski L, Renk R, Houbowicz W. Sta-tistical and signal based network traffic recognitionfor anomaly detection. Expert Systems 2012; 29(3):232–245.

69. George A. Anomaly detection based on machine learn-ing: dimensionality reduction using PCA and classifi-cation using SVM. International Journal of ComputerApplications 2012; 47(21): 5–8.

70. Wagh SK, Pachghare VK, Kolhe SR. Survey on intru-sion detection system using machine learning tech-niques. International Journal of Computer Applica-tions 2013; 78(16): 30–37.

71. Omar S, Ngadi A, Jebur HH. Machine learning tech-niques for anomaly detection: an overview. Interna-tional Journal of Computer Applications 2013; 79(2):33–41.

72. Shakhatreh AYI, Bakar KA. A review of clusteringtechniques based on machine learning approach inintrusion detection systems. International Journal ofComputer Science Issues 2011; 8(5): 373–381.

73. Shakhatreh AYI, Bakar KA. A review of clusteringtechniques based on machine learning approach inintrusion detection systems. International Journal ofComputer Science Issues 2011; 8(5): 373–381.

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.DOI: 10.1002/sec

Intrusion detection techniques for mobile cloud K. Gai et al.

74. Stakhanova N, Basu S, Wong J. On the symbiosisof specification-based and anomaly-based detection.Computer & Security 2010; 29: 253–268.

75. Stakhanova N, Basu S, Wong J. On the symbiosisof specification-based and anomaly-based detection.Computer & Security 2010; 29: 253–268.

76. Whitman ME, Mattord HJ. Principles of InformationSecurity, 4th edn. Information Security Professionals:Boston, MA, 2009.

77. Frederick KK. Network intrusion detection sig-natures, part five, Symantec, November 2010.http://www.symantec.com/connect/articles/network-intrusion-detection-signatures-part-five[Accessed on December 2014].

78. Scarfone K, Mell P. Guide to Intrusion Detec-tion and Prevention Systems (IDPS). National Insti-tute of Standards and Technology: Gaithersburg,MD, 2007. http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf [Accessed on December 2014].

79. Gogoi P, Bhattacharyya DK, Borah B, Kalita K. MLH-IDS: a multi-level hybrid intrusion detection method.The Computer Journal 2014; 57: 602–623.

80. Nadeem A, Howarth M. Protection of MANETs froma range of attacks using an intrusion detection and pre-vention system. Telecommunication Systems 2013; 52(4): 2047–2058.

81. Altinkemer K, Tawei W. Cost and benefit analysisof authentication systems. Decision Support System2011; 51(3): 394–404.

82. Li J, Ding Y, Xiong Z, Liu S. An improved biometric-based user authentication scheme for C/S system.International Journal of Distributed Sensor Networks2014; 2014: 1–9.

83. Teh PS, Teoh A BJ, Yue S. A survey of keystrokedynamics biometrics. The Scientific World Journal2013; 2013: 1–24.

84. Bhattacharyya D, Ranjan R, Alisherov FA, Choi M.Biometric authentication: a review. International Jour-nal of U- and E-Service, Science andTechnology 2009;2(3): 13–27.

85. Babaeizadeh M, Bakhtiari M, Maarof MA. Keystrokedynamic authentication in mobile cloud computing.International Journal of Computer Applicatios 2014;90(1): 29–36.

86. Frank M, Biedert R, Ma E, Martinovic I, Song D.Touchalytics: on the applicability of touchscreen inputas a behavioral biometric for continuous authentica-tion. IEEE Transactions on Information Forensics andSecurity 2014; 8(1): 136–148.

87. Shao Z, Xue C, Zhuge Q, Qiu M, Xiao B, Sha E.Security protection and checking for embedded sys-tem integration against buffer overflow attacks viahardware/software. IEEE Transactions on Computers2006; 55(4): 443–453.

Security Comm. Networks (2015) © 2015 John Wiley & Sons, Ltd.

DOI: 10.1002/sec