Regenerating Cloud Attack Scenarios using LVM2 based System Snapshots for Forensic Analysis

Even though Cloud Computing has proved its utility and efficacy in many areas, security threats are a major obstacle in its widespread application. Cloud Forensics, with its existing equipment, has played an important role in improving our understanding of these threats, thereby contributing to the development of better and more robust cloud computing systems.In our earlier work, we introduced the use of fuzzy clustering techniques to detect and record malicious activities in cloudfor building strong and reliable evidences of the attacks. We now discuss the method in detail with certain essential aspects of its implementation. We also suggest ways to improve the time-complexity of the relevant back-end calculations.

[1]  Patrick Th. Eugster,et al.  VNsnap: Taking snapshots of virtual networked environments with minimal downtime , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[2]  Bernd Grobauer,et al.  Towards incident handling in the cloud: challenges and approaches , 2010, CCSW '10.

[3]  Toby Velte,et al.  Cloud Computing, A Practical Approach , 2009 .

[4]  Joshua Ojo Nehinbe,et al.  Guessing strategy for improving intrusion detections , 2010, 2010 2nd Computer Science and Electronic Engineering Conference (CEEC).

[5]  Chen Ding,et al.  Analysis of data clustering support for service , 2011, 2011 IEEE 2nd International Conference on Software Engineering and Service Science.

[6]  Sadaaki Miyamoto,et al.  Algorithms for Fuzzy Clustering - Methods in c-Means Clustering with Applications , 2008, Studies in Fuzziness and Soft Computing.

[7]  Leslie Lamport,et al.  Distributed snapshots: determining global states of distributed systems , 1985, TOCS.

[8]  Friedemann Mattern,et al.  Efficient Algorithms for Distributed Snapshots and Global Virtual Time Approximation , 1993, J. Parallel Distributed Comput..

[9]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[10]  Zhen Ling,et al.  Cyber Crime Scene Investigations (C²SI) through Cloud Computing , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[11]  Ulas C. Kozat,et al.  In-network live snapshot service for recovering virtual infrastructures , 2011, IEEE Network.

[12]  Joshua Ojo Nehinbe,et al.  A Framework for Evaluating Clustering Algorithm , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[13]  Abha Belorkar,et al.  Regeneration of events using system snapshots for cloud forensic analysis , 2011, 2011 Annual IEEE India Conference.