Abstract
We present a novel security monitoring framework for intrusion detection in IaaS cloud infrastructures. The framework uses statistical anomaly detection techniques over data monitored both inside and outside each Virtual Machine instance. We present the architecture of our monitoring framework and describe the implementation of the real-time monitors and detectors. We also describe how the framework is used in three different attack scenarios. For each of the three attack scenarios, we describe how the attack itself works and how it could be detected. We describe what data is monitored in our framework and how the detection is conducted using anomaly detection methods. We also present evaluation of the detection using synthetic and real data sets. Our experimental evaluation across all three scenarios shows that our tools perform well in practical situations and provide a promising direction for future research.
| Original language | English |
|---|---|
| Article number | 6735436 |
| Pages (from-to) | 281-284 |
| Number of pages | 4 |
| Journal | Proceedings of the International Conference on Cloud Computing Technology and Science, CloudCom |
| Volume | 2 |
| DOIs | |
| Publication status | Published - 2013 |
| Externally published | Yes |
| Event | 5th IEEE International Conference on Cloud Computing Technology and Science, CloudCom 2013 - Bristol, United Kingdom Duration: 2 Dec 2013 → 5 Dec 2013 |
Keywords
- Anomaly Detection
- Cloud Computing
- Security