Page 100 - IJEEE-2023-Vol19-ISSUE-1
P. 100

96 |                                                                 Baban & Hameed

  based IDS recognizes the network traffic or activity only in       computing technologies, can make it possible for the healthcare
  the known signatures in the database or file [26]. The most        sector to store data effectively and cheaply without using
  important job of these systems is to compare activities with       physical servers. The huge data issue can be solved via cloud
  pre-generated signatures. Signatures are usually a set of          computing. It provides endless storage capacity and makes the
  characteristic features that assign to the specific attack or      procedure of transferring patient data across healthcare
  pattern of attacks. Typically, there is no need for highly         facilities simpler.
  skilled administration to detect the attacker when misuse
  detection techniques are used. In addition above                                        X. THE PROPOSED SECURITY MODEL
  mentioned advantages, misuse-based IDSs operate
  efficiently and quickly[27]. Otherwise the anomaly-based                The proposed security model, shown in Figure 3, uses the
  methodology, the signature-based methodology system is             combination of AES and HMAC algorithms to produce a strong
  easy to set up because it does not need to learn the               system protection encrypted by a symmetric key that ensures a
  environment [28].                                                  secure transmission between server-client or client-client
                                                                     through encrypting the exchanged data and makes. While the
                  VII. ANOMALY DETECTION                             message integrity and authentication can be guaranteed by
                                                                     using HMAC.
     The anomaly detection approach includes two phases:             The procedure of the proposed security model is as follows:
firstly, a training phase which is based on the identification of
behavior and normal traffic by creating profiles of users,           1) The client uses the AES algorithm to encrypt its data using
network connections, and servers; and a testing phase where the           cipher keys of 128,192 and 256 bits.
learned profile is applied to new data [25].
                                                                     2) HMAC algorithm is used to ensure message integrity and
                  VIII. HONEYPOT SYSTEM                                   the source of origin using hash function (SHA-256).

     The Honeypot systems are based on attracting intruders.         3) The data on the cloud is vulnerable to attackers thus a
These systems are used as a trap for unauthorized interaction in          honeypot system that represents a real computer system, is
networks. Also, honeypot systems are used to learn about                  used as a trap for unauthorized communications in the
stranger behavior. They are not used to solve specific problems           network. Besides Honeypot technologies, other security
such as firewalls or IDSs. Honeypot systems are used as a part            tools are implemented such as the Intrusion Detection
of security systems with other equipment. When using the                  System (IDS) which provides two functions; first, the
honeypots, network administrators can calculate the number of             information required for an attack, i.e signature, in order to
attacker succeeded prevent subsequent attacks, and identify               develop a fast and appropriate response in real-time, and
security vulnerabilities in the network.[29].Honeypots get their          second, the time required to execute that response. When
strength from their assailable options to attract the hackers [30].       the attack occurs, a honeypot can be used in analyzing an
A honeypot is considered an isolated resource that looks like a           attacker’s activity by comparing the observed signature
real database used to attract the attackers to them allowing              with the known list of attack signatures, and if they match
explorers to analyze any pattern of aggressive or violation               then it will be classified as a breach of the security policy
behavior[31]. Honeypots gathered with IDS system’s main                   or as an attack.
usage purposes specify below like;

1) Get more information on security weak points and
     intruder’s behavior.

2) Discovering the intruders and all unwanted traffic by using
     setting up a trap system.

3) Detecting malicious activities that are interior the network,
     and attacks from outside of the network.

4) Hiding the real systems, which are created within the
     honeypots.

5) Increasing the system security [32].

                     IX. CLOUD COMPUTING                                     Fig. 3: Architecture of Proposed Security Model.

      A form of Internet-based computing known as "cloud                    XI. SYSTEM IMPLEMENTATION AND RESULTS
computing" makes data and shared computing resources
available instantly to computers and other devices. In cloud         A. System Implementation
computing, users are provided with resources based on their               A web application with login details of the patients was
need, and resources are simply assigned and released based on
user demand. Data management and storage may both be                 developed to collect raw data in plaintext to be encrypted by the
facilitated by cloud computing, making it more convenient for        AES and combined with HMAC-SHA256 for integrity and
businesses to access their data. By implementing cloud               message authentication. The testing of the outcome of the
   95   96   97   98   99   100   101   102   103   104   105