期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2017
卷号:5
期号:4
页码:6827
DOI:10.15680/IJIRCCE.2017.0504036
出版社:S&S Publications
摘要:Cloud services are prominent within the private, public and commercial domains. Many of theseservices are expected to be always on and have a critical nature; therefore, security and resilience are increasinglyimportant aspects. In order to remain resilient, a cloud needs to possess the ability to react not only to known threats,but also to new challenges that target cloud infrastructures. In this paper we introduce and discuss an online cloudanomaly detection approach, comprising dedicated detection components of our cloud resilience architecture. Morespecifically, we exhibit the applicability of novelty detection under the one-class support Vector Machine(SVM)formulation at the hypervisor level, through the utilization of features gathered at the system and network levels of acloud node. We demonstrate that our scheme can reach a high detection accuracy of over 90 percent whilst detectingvarious types of malware and DoS attacks. Furthermore, we evaluate the merits of considering not only system-leveldata, but also network-level data depending on the attack type. Finally, the paper shows that our approach to detectionusing dedicated monitoring components per VM is particularly applicable to cloud scenarios and leads to a flexibledetection system capable of detecting new malware strains with no prior knowledge of their functionality or theirunderlying instructions.
关键词:Security; invasive software; network-level security and protection
