A novel intrusion severity analysis approach for Clouds

Cloud computing presents exciting opportunities to foster research for scientific communities; virtual machine technology has a profound role in this. Among other benefits, virtual machine technology enables Clouds to offer large scale and flexible computing infrastructures that are available on demand to address the diverse requirements of scientific research. However, Clouds introduce novel security challenges which need to be addressed to facilitate widespread adoption. This paper is focused on one such challenge-intrusion severity analysis. In particular, we highlight the significance of intrusion severity analysis for the overall security of Clouds. Additionally, we present a novel method to address this challenge in accordance with the specific requirements of Clouds for intrusion severity analysis. We also present rigorous evaluation to assess the effectiveness and feasibility of the proposed method to address this challenge for Clouds. HighlightsSignificance of intrusion severity analysis for Clouds has been highlighted. ? Parameters for intrusion severity analysis along with their significance have been highlighted. ? A machine learning based approach is presented to address intrusion severity analysis. ? Rigorous evaluation demonstrated success rates of above 90% for the proposed method.

[1]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[2]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[3]  Alfonso Valdes,et al.  A Mission-Impact-Based Approach to INFOSEC Alarm Correlation , 2002, RAID.

[4]  Vasant Honavar,et al.  Learning Classifiers for Misuse Detection Using a Bag of System Calls Representation , 2005, ISI.

[5]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[6]  Heekuck Oh,et al.  Neural Networks for Pattern Recognition , 1993, Adv. Comput..

[7]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[8]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[9]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[10]  Axel Keller,et al.  The virtual resource manager: an architecture for SLA-aware resource management , 2004, IEEE International Symposium on Cluster Computing and the Grid, 2004. CCGrid 2004..

[11]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[12]  Muni S. Srivastava,et al.  Regression Analysis: Theory, Methods, and Applications , 1991 .

[13]  Jie Xu,et al.  Quantification of Security for Compute Intensive Workloads in Clouds , 2009, 2009 15th International Conference on Parallel and Distributed Systems.

[14]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[15]  D. Sterne,et al.  Cooperative Intrusion Traceback and Response Architecture (CITRA) , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[16]  Lior Rokach,et al.  An Introduction to Decision Trees , 2007 .

[17]  Stephanie Forrest,et al.  Automated response using system-call delays , 2000 .

[18]  M. V. Velzen,et al.  Self-organizing maps , 2007 .

[19]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[20]  Dae-Ki Kang,et al.  Learning classifiers for misuse and anomaly detection using a bag of system calls representation , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[21]  Junaid Arshad An Integrated Intrusion Detection and Diagnosis for Clouds , 2009 .

[22]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[23]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[24]  Massimo Bernaschi,et al.  Remus: a security-enhanced operating system , 2002, TSEC.

[25]  Jie Xu,et al.  An automatic intrusion diagnosis approach for clouds , 2011, Int. J. Autom. Comput..

[26]  Alberto Maria Segre,et al.  Programs for Machine Learning , 1994 .

[27]  Ben J. A. Kröse,et al.  Efficient Greedy Learning of Gaussian Mixture Models , 2003, Neural Computation.