Page 100 - IJEEE-2023-Vol19-ISSUE-1
P. 100
96 | Baban & Hameed
based IDS recognizes the network traffic or activity only in computing technologies, can make it possible for the healthcare
the known signatures in the database or file [26]. The most sector to store data effectively and cheaply without using
important job of these systems is to compare activities with physical servers. The huge data issue can be solved via cloud
pre-generated signatures. Signatures are usually a set of computing. It provides endless storage capacity and makes the
characteristic features that assign to the specific attack or procedure of transferring patient data across healthcare
pattern of attacks. Typically, there is no need for highly facilities simpler.
skilled administration to detect the attacker when misuse
detection techniques are used. In addition above X. THE PROPOSED SECURITY MODEL
mentioned advantages, misuse-based IDSs operate
efficiently and quickly[27]. Otherwise the anomaly-based The proposed security model, shown in Figure 3, uses the
methodology, the signature-based methodology system is combination of AES and HMAC algorithms to produce a strong
easy to set up because it does not need to learn the system protection encrypted by a symmetric key that ensures a
environment [28]. secure transmission between server-client or client-client
through encrypting the exchanged data and makes. While the
VII. ANOMALY DETECTION message integrity and authentication can be guaranteed by
using HMAC.
The anomaly detection approach includes two phases: The procedure of the proposed security model is as follows:
firstly, a training phase which is based on the identification of
behavior and normal traffic by creating profiles of users, 1) The client uses the AES algorithm to encrypt its data using
network connections, and servers; and a testing phase where the cipher keys of 128,192 and 256 bits.
learned profile is applied to new data [25].
2) HMAC algorithm is used to ensure message integrity and
VIII. HONEYPOT SYSTEM the source of origin using hash function (SHA-256).
The Honeypot systems are based on attracting intruders. 3) The data on the cloud is vulnerable to attackers thus a
These systems are used as a trap for unauthorized interaction in honeypot system that represents a real computer system, is
networks. Also, honeypot systems are used to learn about used as a trap for unauthorized communications in the
stranger behavior. They are not used to solve specific problems network. Besides Honeypot technologies, other security
such as firewalls or IDSs. Honeypot systems are used as a part tools are implemented such as the Intrusion Detection
of security systems with other equipment. When using the System (IDS) which provides two functions; first, the
honeypots, network administrators can calculate the number of information required for an attack, i.e signature, in order to
attacker succeeded prevent subsequent attacks, and identify develop a fast and appropriate response in real-time, and
security vulnerabilities in the network.[29].Honeypots get their second, the time required to execute that response. When
strength from their assailable options to attract the hackers [30]. the attack occurs, a honeypot can be used in analyzing an
A honeypot is considered an isolated resource that looks like a attacker’s activity by comparing the observed signature
real database used to attract the attackers to them allowing with the known list of attack signatures, and if they match
explorers to analyze any pattern of aggressive or violation then it will be classified as a breach of the security policy
behavior[31]. Honeypots gathered with IDS system’s main or as an attack.
usage purposes specify below like;
1) Get more information on security weak points and
intruder’s behavior.
2) Discovering the intruders and all unwanted traffic by using
setting up a trap system.
3) Detecting malicious activities that are interior the network,
and attacks from outside of the network.
4) Hiding the real systems, which are created within the
honeypots.
5) Increasing the system security [32].
IX. CLOUD COMPUTING Fig. 3: Architecture of Proposed Security Model.
A form of Internet-based computing known as "cloud XI. SYSTEM IMPLEMENTATION AND RESULTS
computing" makes data and shared computing resources
available instantly to computers and other devices. In cloud A. System Implementation
computing, users are provided with resources based on their A web application with login details of the patients was
need, and resources are simply assigned and released based on
user demand. Data management and storage may both be developed to collect raw data in plaintext to be encrypted by the
facilitated by cloud computing, making it more convenient for AES and combined with HMAC-SHA256 for integrity and
businesses to access their data. By implementing cloud message authentication. The testing of the outcome of the