An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment

Cloud computing is a well-known architecture that provides Computing and data Storage services remotely over Internet on a pay per usage model which results in better utilization of resources with reduced cost for individuals to access it. As Cloud Computing is a shared facility and is accessed remotely, it is vulnerable to various attacks including hosts and network based attacks that require immediate attention. This paper focuses on attacks that are due to malicious Syscall executions from subverted programs, Rootkits, Worms and Trojans on Hosts in a Cloud Computing environment. The paper critically describes and discusses the present techniques for malicious System Call detection and proposes a new Immediate Syscall signature structure based technique to determine malicious program executions in Cloud. The proposed technique is efficient in terms of complexity involved and resources utilized by it, so as to justify its feasible deployment is low cost and platform independent in Cloud environment. The proposed technique has also been validated on all available UNM (University of New Mexico) datasets and with a 98% accuracy in program wide detection for detecting intrusive processes. The functional prototype is deployed on a private Cloud environment using open nebula and virtual box for analysis and results.

[1]  Cong Wang,et al.  Ensuring data storage security in Cloud Computing , 2009, 2009 17th International Workshop on Quality of Service.

[2]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[3]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Bo Yan,et al.  An Intrusion Detection Approach Based on System Call Sequences and Rules Extraction , 2010, 2010 2nd International Conference on E-business and Information System Security.

[5]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[6]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[7]  Jinzhu Kong,et al.  AdjointVM: a new intrusion detection model for cloud computing , 2011 .

[8]  Huy Kang Kim,et al.  Self-similarity Based Lightweight Intrusion Detection Method for Cloud Computing , 2011, ACIIDS.

[9]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[10]  V. Rao Vemuri,et al.  Using Text Categorization Techniques for Intrusion Detection , 2002, USENIX Security Symposium.

[11]  Ajith Abraham,et al.  A fingerprinting system calls approach for intrusion detection in a cloud environment , 2012, 2012 Fourth International Conference on Computational Aspects of Social Networks (CASoN).

[12]  Sugata Sanyal,et al.  A New Trusted and Collaborative Agent Based Approach for Ensuring Cloud Security , 2011, ArXiv.

[13]  Mário M. Freire,et al.  Security issues in cloud environments: a survey , 2014, International Journal of Information Security.

[14]  Hai Jin,et al.  A VMM-based intrusion prevention system in cloud computing environment , 2013, The Journal of Supercomputing.

[15]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[16]  Jie Xu,et al.  A novel intrusion severity analysis approach for Clouds , 2013, Future Gener. Comput. Syst..

[17]  Yoshiyasu Takefuji,et al.  A novel approach for a file-system integrity monitor tool of Xen virtual machine , 2007, ASIACCS '07.

[18]  Philip K. Chan,et al.  Learning Patterns from Unix Process Execution Traces for Intrusion Detection , 1997 .

[19]  Ronald L. Krutz,et al.  Cloud Security: A Comprehensive Guide to Secure Cloud Computing , 2010 .

[20]  Paolo D'Arco,et al.  Toward tracing and revoking schemes secure against collusion and any form of secret information leakage , 2012, International Journal of Information Security.

[21]  Xin Wang,et al.  Research on the Intrusion detection mechanism based on cloud computing , 2010, 2010 International Conference on Intelligent Computing and Integrated Systems.

[22]  Weiqing Sun,et al.  Collabra: A Xen Hypervisor Based Collaborative Intrusion Detection System , 2011, 2011 Eighth International Conference on Information Technology: New Generations.