An agent based business aware incident detection system for cloud environments

AbstractClassic intrusion detection mechanisms are not flexible enough to cope with cloud specific characteristics such as frequent infrastructure changes. This makes them unable to address new cloud specific security issues. In this paper we introduce the cloud incident detection system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous agents, which are aware of underlying business driven intercommunication of cloud services. This enables the presented SAaaS architecture to be flexible and to supported cross customer event monitoring within a cloud infrastructure. A contribution of this paper it to provide a high-level design of the SAaaS architecture, an introduction into the proposed Security Business Flow Language (SBFL), a first prototype of an autonomous agent and an evaluation about, which cloud specific security problems are addressed by the presented architecture. It is shown that autonomous agents and behaviour analysis are fertile approaches to detect cloud specific security problems and can create a cloud audit system.

[1]  Michael Luck,et al.  Proceedings of the First International Conference on Multi-Agent Systems , 1995 .

[2]  Christofer Hoff,et al.  CloudAudit 1.0 - Automated Audit, Assertion, Assessment, and Assurance API (A6) , 2010 .

[3]  Fabio A. González,et al.  CIDS: An agent-based intrusion detection system , 2005, Comput. Secur..

[4]  Guillermo Navarro-Arribas,et al.  Agent mobility architecture based on IEEE-FIPA standards , 2009, Comput. Commun..

[5]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[6]  Liang Xu,et al.  Design and implementation of intrusion detection based on mobile agents , 2008, 2008 IEEE International Symposium on IT in Medicine and Education.

[7]  Miguel Correia,et al.  Anomaly-based intrusion detection in software as a service , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[8]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[9]  Karsten Schwan,et al.  Extending virtualization services with trust guarantees via behavioral monitoring , 2009, VDTS '09.

[10]  Peng Ning,et al.  Managing security of virtual machine images in a cloud environment , 2009, CCSW '09.

[11]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[12]  Christopher Krügel,et al.  SPARTA A Mobile Agent based Intrusion Detection System , 2001 .

[13]  Benny Rochwerger,et al.  A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.

[14]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[15]  K.J.Jagdish Devi Parvathy Mohan Dynamic Audit Services for Outsourced Storages in Clouds , 2014 .

[16]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[17]  Stephen S. Yau,et al.  Dynamic Audit Services for Outsourced Storages in Clouds , 2013, IEEE Transactions on Services Computing.

[18]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[19]  Luis Miguel Vaquero Gonzalez,et al.  Locking the sky: a survey on IaaS cloud security , 2010, Computing.

[20]  Anthony Sulistio,et al.  Cloud Infrastructure & Applications - CloudIA , 2009, CloudCom.

[21]  Arne Koschel,et al.  An Active DBMS Style Activity Service for Cloud Environments , 2010 .

[22]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[23]  Anand S. Rao,et al.  BDI Agents: From Theory to Practice , 1995, ICMAS.

[24]  Philipp Winter,et al.  Anomalieerkennung in Computernetzen , 2011, Datenschutz und Datensicherheit - DuD.

[25]  Byrav Ramamurthy,et al.  Agent based intrusion detection and response system for wireless LANs , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[26]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[27]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[28]  Jeffrey M. Bradshaw,et al.  An introduction to software agents , 1997 .

[29]  Jaydip Sen An architecture of a distributed intrusion detection system using cooperating agents , 2006, 2006 International Conference on Computing & Informatics.

[30]  Dawn Song,et al.  Proceedings of the 2009 ACM workshop on Cloud computing security , 2009, CloudCom 2009.

[31]  Anthony Sulistio,et al.  Designing Cloud Services Adhering to Government Privacy Laws , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[32]  Martin Knahl,et al.  Sicherheitsprobleme für IT-Outsourcing durch Cloud Computing , 2014, HMD Praxis der Wirtschaftsinformatik.

[33]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[34]  G. Motuzova The Third International Conference , 2011 .

[35]  T. S. Eugene Ng,et al.  The Impact of Virtualization on Network Performance of Amazon EC2 Data Center , 2010, 2010 Proceedings IEEE INFOCOM.

[36]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[37]  Vamsi Popuri Intrusion detection for grid and cloud computing , 2011 .