Incident Detection for Cloud Environments

Security and privacy concerns hinder a broad adoption of cloud computing in industry. In this paper we identify cloud specific security risks and introduce the cloud incident detection system Security Audit as a Service (SAaaS). SAaaS is built on autonomous distributed agents feeding a complex event processing engine, informing about a cloud’s security state. In addition to technical monitoring factors like number of open network connections business process flows can be modelled to detect customer overlapping security incidents. In case of identified attacks actions can be defined to protect the cloud service assets. As contribution of this paper we provide a high-level design of the SAaaS architecture and a first prototype of a virtual machine agent. We show how an incident detection system for a cloud environment should be designed to address cloud specific security problems. Keywords-cloud computing; security; autonomous agents.

[1]  Karsten Schwan,et al.  Extending virtualization services with trust guarantees via behavioral monitoring , 2009, VDTS '09.

[2]  Giosue Vitaglione,et al.  Scalability and Per-formance of JADE Message Transport System , 2002 .

[3]  Mario Kusek,et al.  A Performance Analysis of Multi-Agent Systems , 2006, Int. Trans. Syst. Sci. Appl..

[4]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[5]  Jaydip Sen An architecture of a distributed intrusion detection system using cooperating agents , 2006, 2006 International Conference on Computing & Informatics.

[6]  Anthony Sulistio,et al.  Designing Cloud Services Adhering to Government Privacy Laws , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[7]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[8]  Luis Miguel Vaquero Gonzalez,et al.  Locking the sky: a survey on IaaS cloud security , 2010, Computing.

[9]  Guillermo Navarro-Arribas,et al.  Agent mobility architecture based on IEEE-FIPA standards , 2009, Comput. Commun..

[10]  Liang Xu,et al.  Design and implementation of intrusion detection based on mobile agents , 2008, 2008 IEEE International Symposium on IT in Medicine and Education.

[11]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[12]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[13]  Jeffrey M. Bradshaw,et al.  An introduction to software agents , 1997 .

[14]  Anthony Sulistio,et al.  Cloud Infrastructure & Applications - CloudIA , 2009, CloudCom.