Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning - Trustworthy Eternal Systems via Evolving, Software Data and Knowledge

Information Technology Reference

In-Depth Information

Anomaly Detection in the Cloud: Detecting

Security Incidents via Machine Learning

Matthias Gander 1 , Michael Felderer 1 , Basel Katt 1 , Adrian Tolbaru 1 ,

Ruth Breu 1 , and Alessandro Moschitti 2

1 Institute of Computer Science, University of Innsbruck, Austria

2 Information Engineering and Computer Science Department,

University of Trento, Italy

Abstract. Cloud computing is now on the verge of being embraced as a

serious usage-model. However, while outsourcing services and workflows

into the cloud provides indisputable benefits in terms of flexibility of costs

and scalability, there is little advance in security (which can influence re-

liability), transparency and incident handling. The problem of applying

the existing security tools in the cloud is twofold. First, these tools do

not consider the specific attacks and challenges of cloud environments,

e.g., cross-VM side-channel attacks. Second, these tools focus on attacks

and threats at only one layer of abstraction, e.g., the network, the ser-

vice, or the workflow layers. Thus, the semantic gap between events and

alerts at different layers is still an open issue. The aim of this paper is to

present ongoing work towards a Monitoring-as-a-Service anomaly detec-

tion framework in a hybrid or public cloud. The goal of our framework

is twofold. First it closes the gap between incidents at different layers of

cloud-sourced workflows, namely we focus both on the workflow and the

infrastracture layers. Second, our framework tackles challenges stemming

from cloud usage, like multi-tenancy. Our framework uses complex event

processing rules and machine learning, to detect populate user-specified

metrics that can be used to assess the security status of the monitored

system.

Keywords: Monitoring, Behaviour, Anomaly Detection, Clustering,

Fingerprints.

1

Introduction

Building your own monolithic IT infrastructure is slowly rendered obsolete by

cost ecient cloud solutions that promise on-demand scalability with leased

This work is supported by QE LaB-Living Models for Open Systems (FFG 822740),

and SECTISSIMO (FWF 20388) and has been partially supported by the Eu-

ropean Community's Seventh Framework Programme (FP7/2007-2013) under the

grants #247758: EternalS - Trustworthy Eternal Systems via Evolving Software,

Data and Knowledge, and #288024: LiMoSINe - Linguistically Motivated Semantic

aggregation engiNes.

Search WWH ::

Custom Search

Home