Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning

Matthias Gander, Michael Felderer, Basel Katt, Adrian Tolbaru, Ruth Breu, Alessandro Moschitti

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Cloud computing is now on the verge of being embraced as a serious usage-model. However, while outsourcing services and workflows into the cloud provides indisputable benefits in terms of flexibility of costs and scalability, there is little advance in security (which can influence reliability), transparency and incident handling. The problem of applying the existing security tools in the cloud is twofold. First, these tools do not consider the specific attacks and challenges of cloud environments, e.g., cross-VM side-channel attacks. Second, these tools focus on attacks and threats at only one layer of abstraction, e.g., the network, the service, or the workflow layers. Thus, the semantic gap between events and alerts at different layers is still an open issue. The aim of this paper is to present ongoing work towards a Monitoring-as-a-Service anomaly detection framework in a hybrid or public cloud. The goal of our framework is twofold. First it closes the gap between incidents at different layers of cloud-sourced workflows, namely we focus both on the workflow and the infrastracture layers. Second, our framework tackles challenges stemming from cloud usage, like multi-tenancy. Our framework uses complex event processing rules and machine learning, to detect populate user-specified metrics that can be used to assess the security status of the monitored system.

Original languageEnglish
Title of host publicationCommunications in Computer and Information Science
PublisherSpringer Verlag
Pages103-116
Number of pages14
Volume379 CCIS
ISBN (Print)9783642452598
DOIs
Publication statusPublished - 1 Jan 2013
Externally publishedYes
Event2nd International Workshop on Trustworthy Eternal Systems via Evolving Software, Data and Knowledge, EternalS 2012 - Montpellier, France
Duration: 28 Aug 201228 Aug 2012

Publication series

NameCommunications in Computer and Information Science
Volume379 CCIS
ISSN (Print)18650929

Other

Other2nd International Workshop on Trustworthy Eternal Systems via Evolving Software, Data and Knowledge, EternalS 2012
CountryFrance
CityMontpellier
Period28/8/1228/8/12

Fingerprint

Learning systems
Outsourcing
Cloud computing
Transparency
Scalability
Semantics
Monitoring
Processing
Costs
Side channel attack

Keywords

  • Anomaly Detection
  • Behaviour
  • Clustering
  • Fingerprints
  • Monitoring

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Gander, M., Felderer, M., Katt, B., Tolbaru, A., Breu, R., & Moschitti, A. (2013). Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning. In Communications in Computer and Information Science (Vol. 379 CCIS, pp. 103-116). (Communications in Computer and Information Science; Vol. 379 CCIS). Springer Verlag. https://doi.org/10.1007/978-3-642-45260-4_8

Anomaly Detection in the Cloud : Detecting Security Incidents via Machine Learning. / Gander, Matthias; Felderer, Michael; Katt, Basel; Tolbaru, Adrian; Breu, Ruth; Moschitti, Alessandro.

Communications in Computer and Information Science. Vol. 379 CCIS Springer Verlag, 2013. p. 103-116 (Communications in Computer and Information Science; Vol. 379 CCIS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Gander, M, Felderer, M, Katt, B, Tolbaru, A, Breu, R & Moschitti, A 2013, Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning. in Communications in Computer and Information Science. vol. 379 CCIS, Communications in Computer and Information Science, vol. 379 CCIS, Springer Verlag, pp. 103-116, 2nd International Workshop on Trustworthy Eternal Systems via Evolving Software, Data and Knowledge, EternalS 2012, Montpellier, France, 28/8/12. https://doi.org/10.1007/978-3-642-45260-4_8
Gander M, Felderer M, Katt B, Tolbaru A, Breu R, Moschitti A. Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning. In Communications in Computer and Information Science. Vol. 379 CCIS. Springer Verlag. 2013. p. 103-116. (Communications in Computer and Information Science). https://doi.org/10.1007/978-3-642-45260-4_8
Gander, Matthias ; Felderer, Michael ; Katt, Basel ; Tolbaru, Adrian ; Breu, Ruth ; Moschitti, Alessandro. / Anomaly Detection in the Cloud : Detecting Security Incidents via Machine Learning. Communications in Computer and Information Science. Vol. 379 CCIS Springer Verlag, 2013. pp. 103-116 (Communications in Computer and Information Science).
@inproceedings{d81f3571b50d4f2ba68f5db9c211feed,
title = "Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning",
abstract = "Cloud computing is now on the verge of being embraced as a serious usage-model. However, while outsourcing services and workflows into the cloud provides indisputable benefits in terms of flexibility of costs and scalability, there is little advance in security (which can influence reliability), transparency and incident handling. The problem of applying the existing security tools in the cloud is twofold. First, these tools do not consider the specific attacks and challenges of cloud environments, e.g., cross-VM side-channel attacks. Second, these tools focus on attacks and threats at only one layer of abstraction, e.g., the network, the service, or the workflow layers. Thus, the semantic gap between events and alerts at different layers is still an open issue. The aim of this paper is to present ongoing work towards a Monitoring-as-a-Service anomaly detection framework in a hybrid or public cloud. The goal of our framework is twofold. First it closes the gap between incidents at different layers of cloud-sourced workflows, namely we focus both on the workflow and the infrastracture layers. Second, our framework tackles challenges stemming from cloud usage, like multi-tenancy. Our framework uses complex event processing rules and machine learning, to detect populate user-specified metrics that can be used to assess the security status of the monitored system.",
keywords = "Anomaly Detection, Behaviour, Clustering, Fingerprints, Monitoring",
author = "Matthias Gander and Michael Felderer and Basel Katt and Adrian Tolbaru and Ruth Breu and Alessandro Moschitti",
year = "2013",
month = "1",
day = "1",
doi = "10.1007/978-3-642-45260-4_8",
language = "English",
isbn = "9783642452598",
volume = "379 CCIS",
series = "Communications in Computer and Information Science",
publisher = "Springer Verlag",
pages = "103--116",
booktitle = "Communications in Computer and Information Science",

}

TY - GEN

T1 - Anomaly Detection in the Cloud

T2 - Detecting Security Incidents via Machine Learning

AU - Gander, Matthias

AU - Felderer, Michael

AU - Katt, Basel

AU - Tolbaru, Adrian

AU - Breu, Ruth

AU - Moschitti, Alessandro

PY - 2013/1/1

Y1 - 2013/1/1

N2 - Cloud computing is now on the verge of being embraced as a serious usage-model. However, while outsourcing services and workflows into the cloud provides indisputable benefits in terms of flexibility of costs and scalability, there is little advance in security (which can influence reliability), transparency and incident handling. The problem of applying the existing security tools in the cloud is twofold. First, these tools do not consider the specific attacks and challenges of cloud environments, e.g., cross-VM side-channel attacks. Second, these tools focus on attacks and threats at only one layer of abstraction, e.g., the network, the service, or the workflow layers. Thus, the semantic gap between events and alerts at different layers is still an open issue. The aim of this paper is to present ongoing work towards a Monitoring-as-a-Service anomaly detection framework in a hybrid or public cloud. The goal of our framework is twofold. First it closes the gap between incidents at different layers of cloud-sourced workflows, namely we focus both on the workflow and the infrastracture layers. Second, our framework tackles challenges stemming from cloud usage, like multi-tenancy. Our framework uses complex event processing rules and machine learning, to detect populate user-specified metrics that can be used to assess the security status of the monitored system.

AB - Cloud computing is now on the verge of being embraced as a serious usage-model. However, while outsourcing services and workflows into the cloud provides indisputable benefits in terms of flexibility of costs and scalability, there is little advance in security (which can influence reliability), transparency and incident handling. The problem of applying the existing security tools in the cloud is twofold. First, these tools do not consider the specific attacks and challenges of cloud environments, e.g., cross-VM side-channel attacks. Second, these tools focus on attacks and threats at only one layer of abstraction, e.g., the network, the service, or the workflow layers. Thus, the semantic gap between events and alerts at different layers is still an open issue. The aim of this paper is to present ongoing work towards a Monitoring-as-a-Service anomaly detection framework in a hybrid or public cloud. The goal of our framework is twofold. First it closes the gap between incidents at different layers of cloud-sourced workflows, namely we focus both on the workflow and the infrastracture layers. Second, our framework tackles challenges stemming from cloud usage, like multi-tenancy. Our framework uses complex event processing rules and machine learning, to detect populate user-specified metrics that can be used to assess the security status of the monitored system.

KW - Anomaly Detection

KW - Behaviour

KW - Clustering

KW - Fingerprints

KW - Monitoring

UR - http://www.scopus.com/inward/record.url?scp=84904698372&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84904698372&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-45260-4_8

DO - 10.1007/978-3-642-45260-4_8

M3 - Conference contribution

AN - SCOPUS:84904698372

SN - 9783642452598

VL - 379 CCIS

T3 - Communications in Computer and Information Science

SP - 103

EP - 116

BT - Communications in Computer and Information Science

PB - Springer Verlag

ER -