An LOF-Based Adaptive Anomaly Detection Scheme for Cloud Computing

One of the most attractive things about cloud computing from the perspective of business people is that it provides an effective means to outsource IT. The behaviors of business applications on cloud are constantly evolving due to technical upgrading, cloud migration as well as social outbreaks. These changes bring the challenge of detecting anomalies during the change of applications on cloud. LOF (Local Outlier Factor) algorithm has already been proven as the most promising outlier detection method for detecting network intrusions. To improve the performance of detection, LOF needs a complete set of normal behaviors of business applications, which is usually not available in cloud computing. We present an adaptive anomaly detection scheme for cloud computing based on LOF. Our scheme learns behaviors of applications both in training and detecting phase. It is adaptive to the change during detecting. The adaptability of our scheme reduces demand of efforts on collecting training data before detecting. It also enables the ability to detect contextual anomalies. Experimental results show that our scheme can effectively detect contextual anomalies with relatively low computational overhead.

[1]  Rajkumar Buyya,et al.  Introduction to Cloud Computing , 2011, CloudCom 2011.

[2]  John C. Grundy,et al.  An Analysis of the Cloud Computing Security Problem , 2016, APSEC 2010.

[3]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[4]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[5]  Nick Roussopoulos,et al.  Nearest neighbor queries , 1995, SIGMOD '95.

[6]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[7]  Harold Willmington,et al.  What You Need to Know About You , 2010 .

[8]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[9]  Hans-Peter Kriegel,et al.  LOF: identifying density-based local outliers , 2000, SIGMOD '00.

[10]  Marios Hadjieleftheriou,et al.  R-Trees - A Dynamic Index Structure for Spatial Searching , 2008, ACM SIGSPATIAL International Workshop on Advances in Geographic Information Systems.

[11]  TheodoridisYannis,et al.  Topological relations in the world of minimum bounding rectangles , 1995 .

[12]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[13]  Song Fu,et al.  An Anomaly Detection Framework for Autonomic Management of Compute Cloud Systems , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[14]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[15]  Jun Wei,et al.  Workload-Aware Online Anomaly Detection in Enterprise Applications with Local Outlier Factor , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference.

[16]  Byung Suk Lee,et al.  Performance Evaluation of Main-Memory R-tree Variants , 2003, SSTD.

[17]  Robert K. Cunningham,et al.  Results of the DARPA 1998 Offline Intrusion Detection Evaluation , 1999, Recent Advances in Intrusion Detection.

[18]  Abdul Hanan Abdullah,et al.  A Novel Method for Unsupervised Anomaly Detection Using  Unlabelled Data , 2008, 2008 International Conference on Computational Sciences and Its Applications.