Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning

Matthias Gander, Michael Felderer, Basel Katt, Adrian Tolbaru, Ruth Breu, Alessandro Moschitti

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Cloud computing is now on the verge of being embraced as a serious usage-model. However, while outsourcing services and workflows into the cloud provides indisputable benefits in terms of flexibility of costs and scalability, there is little advance in security (which can influence reliability), transparency and incident handling. The problem of applying the existing security tools in the cloud is twofold. First, these tools do not consider the specific attacks and challenges of cloud environments, e.g., cross-VM side-channel attacks. Second, these tools focus on attacks and threats at only one layer of abstraction, e.g., the network, the service, or the workflow layers. Thus, the semantic gap between events and alerts at different layers is still an open issue. The aim of this paper is to present ongoing work towards a Monitoring-as-a-Service anomaly detection framework in a hybrid or public cloud. The goal of our framework is twofold. First it closes the gap between incidents at different layers of cloud-sourced workflows, namely we focus both on the workflow and the infrastracture layers. Second, our framework tackles challenges stemming from cloud usage, like multi-tenancy. Our framework uses complex event processing rules and machine learning, to detect populate user-specified metrics that can be used to assess the security status of the monitored system.

Original languageEnglish
Title of host publicationTrustworthy Eternal Systems via Evolving Software, Data and Knowledge - 2nd International Workshop, EternalS 2012, Revised Selected Papers
PublisherSpringer Verlag
Pages103-116
Number of pages14
ISBN (Print)9783642452598
DOIs
Publication statusPublished - 1 Jan 2013
Event2nd International Workshop on Trustworthy Eternal Systems via Evolving Software, Data and Knowledge, EternalS 2012 - Montpellier, France
Duration: 28 Aug 201228 Aug 2012

Publication series

NameCommunications in Computer and Information Science
Volume379 CCIS
ISSN (Print)1865-0929

Other

Other2nd International Workshop on Trustworthy Eternal Systems via Evolving Software, Data and Knowledge, EternalS 2012
CountryFrance
CityMontpellier
Period28/8/1228/8/12

    Fingerprint

Keywords

  • Anomaly Detection
  • Behaviour
  • Clustering
  • Fingerprints
  • Monitoring

ASJC Scopus subject areas

  • Computer Science(all)
  • Mathematics(all)

Cite this

Gander, M., Felderer, M., Katt, B., Tolbaru, A., Breu, R., & Moschitti, A. (2013). Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning. In Trustworthy Eternal Systems via Evolving Software, Data and Knowledge - 2nd International Workshop, EternalS 2012, Revised Selected Papers (pp. 103-116). (Communications in Computer and Information Science; Vol. 379 CCIS). Springer Verlag. https://doi.org/10.1007/978-3-642-45260-4_8