Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning - Trustworthy Eternal Systems via Evolving, Software Data and Knowledge

Information Technology Reference

In-Depth Information

monitoring tools such as Snort 14 and Ossec 15 to get a more elaborate profile

for hosts.

- Finding anomalies is a good first step, but it serves a wider purpose, i.e.,

the semi-automatic labeling of clusters via supervised learning. First, normal

and anomalous clusters are labeled, then based on the fingerprints in these

clusters training data for supervised learning, e.g., Naive-Bayes, Random

Forests, is easily generated. New fingerprints can then be readily classified

as a specific form of behaviour.

References

1. Amazon, EC: Amazon elastic compute cloud (amazon ec2). Amazon Elastic Com-

pute Cloud, Amazon EC2 (2010)

2. Armbrust, M., Fox, A., Grith, R., Joseph, A., Katz, R., Konwinski, A., Lee, G.,

Patterson, D., Rabkin, A., Stoica, I., et al.: A view of cloud computing. Commu-

nications of the ACM 53(4), 50-58 (2010)

3. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud:

exploring information leakage in third-party compute clouds. In: Proceedings of the

16th ACM Conference on Computer and Communications Security, pp. 199-212.

ACM (2009)

4. Walker-Morgan, D.: Vsftpd backdoor discovered in source code. Website (2011),

http://h-online.com/-1272310 (visited: July 4, 2011)

5. Hoglund, G., Butler, J.: Rootkits: subverting the Windows kernel. Addison-Wesley

Professional (2006)

6. Koziol, J.: Intrusion Detection with Snort, 1st edn. Sams, Indianapolis (2003)

7. Trend Micro, Inc.: Ossec documentation, http://www.ossec.net/ (accessed: De-

cember 14, 2010)

8. Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Fernandez, G., Vazquez, E.: Anomaly-

based Network Intrusion Detection: Techniques, Systems and Challenges. Comput-

ers & Security 28(1-2), 18-28 (2009)

9. Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using

clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to

Security (2001)

10. Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detec-

tion using clusters. In: Proceedings of the Twenty-eighth Australasian Conference

on Computer Science, vol. 38, pp. 333-342 (2005)

11. Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: A survey. ACM Com-

puting Surveys (CSUR) 41(3), 15 (2009)

12. Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network

trac for protocol-and structure-independent botnet detection. In: Proceedings of

the 17th Conference on Security Symposium, pp. 139-154 (2008)

13. Eckert, M., Bry, F.: Complex Event Processing, CEP (2009)

14. Breu, R., Innerhofer-Oberperfler, F., Yautsiukhin, A.: Quantitative assessment of

enterprise security system. In: The Third International Conference on Availability,

Reliability and Security, pp. 921-928. IEEE (2008)

14 http://www.snort.org/ , Accessed: July 30, 2012.

15 http://www.ossec.net/ , Accessed: July 30, 2012.

Trustworthy Eternal Systems via Evolving, Software Data and Knowledge

Search WWH ::

Custom Search

Home