Network anomaly detection in the cloud: The challenges of virtual service migration

The use of virtualisation technology in the cloud enables services to migrate within and across geographically diverse data centres, e.g., to enable load balancing and fault tolerance. An important part of securing cloud services is being able to detect anomalous behaviour, caused by attacks, that is evident in network traffic. However, it is not clear whether virtual service migration adversely affects the performance of contemporary network-based anomaly detection approaches. In this paper, we explore this issue, and show that wide-area virtual service migration can adversely affect state of the art approaches to network flow-based anomaly detection techniques, potentially rendering them unusable.

[1]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[2]  Dominik Schatzmann,et al.  Correlating Flow-based Network Measurements for Service Monitoring and Network Troubleshooting , 2013 .

[3]  Kirila Adamova,et al.  Anomaly Detection with Virtual Service Migration in Cloud Infrastructures , 2013 .

[4]  David A. Maltz,et al.  Network traffic characteristics of data centers in the wild , 2010, IMC '10.

[5]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[6]  Gary B. Wills,et al.  Unsupervised Clustering Approach for Network Anomaly Detection , 2012, NDT.

[7]  Peter Filzmoser,et al.  Robust feature selection and robust PCA for internet traffic anomaly detection , 2012, 2012 Proceedings IEEE INFOCOM.

[8]  Yellu Sreenivasulu,et al.  FAST TRANSPARENT MIGRATION FOR VIRTUAL MACHINES , 2014 .

[9]  Kashi Venkatesh Vishwanath,et al.  Characterizing cloud computing hardware reliability , 2010, SoCC '10.

[10]  Wei Lu,et al.  Detecting Network Anomalies Using CUSUM and EM Clustering , 2009, ISICA.

[11]  M. A. C. Dekker Critical Cloud Computing. A CIIP perspective on cloud computing services , 2013 .

[12]  Didier Sornette,et al.  Accurate network anomaly classification with generalized entropy metrics , 2011, Comput. Networks.

[13]  Martin May,et al.  Impact of packet sampling on anomaly detection metrics , 2006, IMC '06.

[14]  Jennifer Rexford,et al.  Sensitivity of PCA for traffic anomaly detection , 2007, SIGMETRICS '07.

[15]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[16]  Martin May,et al.  FLAME: A Flow-Level Anomaly Modeling Engine , 2008, CSET.