AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (1.5 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

An Anomalous Behavior Detection Model in Cloud Computing

Xiaoming YeXingshu Chen( )Haizhou WangXuemei ZengGuolin ShaoXueyuan YinChun Xu
College of Computer Science, Cybersecurity Research Institute, Sichuan University, Chengdu 610065, China.
Show Author Information

Abstract

This paper proposes an anomalous behavior detection model based on cloud computing. Virtual Machines (VMs) are one of the key components of cloud Infrastructure as a Service (IaaS). The security of such VMs is critical to IaaS security. Many studies have been done on cloud computing security issues, but research into VM security issues, especially regarding VM network traffic anomalous behavior detection, remains inadequate. More and more studies show that communication among internal nodes exhibits complex patterns. Communication among VMs in cloud computing is invisible. Researchers find such issues challenging, and few solutions have been proposed—leaving cloud computing vulnerable to network attacks. This paper proposes a model that uses Software-Defined Networks (SDN) to implement traffic redirection. Our model can capture inter-VM traffic, detect known and unknown anomalous network behaviors, adopt hybrid techniques to analyze VM network behaviors, and control network systems. The experimental results indicate that the effectiveness of our approach is greater than 90%, and prove the feasibility of the model.

Keywords

virtual machinenetwork behavioranomaly detectioncloud computing

References

[1]
Antonopoulos N. and Gillam L., Cloud Computing: Principles, Systems and Applications. Springer Science Business Media, 2010.
Google Scholar
[2]
Grobauer B., Walloschek T., and Stocker E., Understanding cloud computing vulnerabilities, IEEE Security & Privacy, vol. 9, no. 2, pp. 50-57, 2011.
Crossref Google Scholar
[3]
Oktay U. and Sahingoz O. K., Attack types and intrusion detection systems in cloud computing, in 2013 6th International Information Security & Cryptology Conference, 2013, pp. 71-76.
Crossref
[4]
George R., Cloud Application Architectures: Building Applications and Infrastructure in the Cloud. O’Reilly Media, Inc., 2009.
Google Scholar
[5]
Gartner Press Release, Gartnesr says 60 percent of virtualized servers will be less secure than the physical servers they replace through 2012, http:// www.gartner.com/newsroom/id/1322414, 2015.
[6]
Lee J. H., Park M. W., Eom J. H., and Chung T. M., Multilevel intrusion detection system and log management in cloud computing, in Advanced Communication Technology (ICACT), 2011 13th International Conference on. IEEE, 2011, pp. 552-555.
[7]
Tupakula U., Varadharajan V., and Akku N., Intrusion detection techniques for infrastructure as a service cloud, in Dependable Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on, 2011, pp. 744-751.
Crossref
[8]
Casas P., Mazel J., Owezarski P., Casas P., and Mazel J., Unsupervised network intrusion detection systems: Detecting the unknown without  knowledge, Computer Communications, vol. 35, no. 7, pp. 772-783, 2012.10.1016/j.comcom.2012.01.016
Crossref Google Scholar
[9]
Koc L., Mazzuchi T. A., and Sarkani S., A network intrusion detection system based on a hidden naïve Bayes multiclass classifier, Expert Systems with Applications, vol. 39, no. 18, pp. 13492-13500, 2012.
Crossref Google Scholar
[10]
Snort, https://www.snort.org, 2015.
[11]
Snort Users Manual, http://manual.snort.org, 2015.
[12]
Modi C. N., Patel D. R., Patel A., and Muttukrishnan R., Bayesian classifier and Snort based network intrusion detection system in cloud computing, in Computing Communication & Networking Technologies (ICCCNT), 2012 Third International Conference on, 2012, pp. 1-7.
Crossref
[13]
Xing T., Huang D., Xu L., Chung C. J., and Khatkar P., Snortflow: A openflow-based intrusion prevention system in cloud environment, in Research and Educational Experiment Workshop (GREE), 2013 Second GENI, 2013, pp. 89-92.
Crossref
[14]
McKeown N., Anderson T., Balakrishnan H., Parulkar G., Peterson L., Rexford J., Shenker S., and Turner J., OpenFlow: Enabling innovation in campus networks, Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008.
Crossref Google Scholar
[15]
Shin S. and Gu G., CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?),   in Network Protocols (ICNP), 2012 20th IEEE International Conference on, 2012, pp. 1-6.
[16]
Callado A., Kamienski C., Szabo G., Ger B. P., Kelner J., Fernandes S., and Sadok D., A survey on internet traffic identification, IEEE Communications Surveys and Tutorials - COMSUR, vol. 11, no. 3, pp. 37-52, 2009.
Crossref Google Scholar
[17]
Zhang J., Xiang Y., Zhou W., and Wang Y., Unsupervised traffic classification using flow statistical properties and IP packet payload, Journal of Computer and System Sciences, vol. 79, no. 5, pp. 573-585, 2013.
Crossref Google Scholar
[18]
Zhang J., Xiang Y., Wang Y., Zhou W., Xiang Y., and Guan Y., Network traffic classification using correlation information, IEEE Transactions on Parallel and Distributed Systems, vol. 24, no. 1, pp. 104-117, 2013.
Crossref Google Scholar
[19]
Jin Y., Duffield N., Erman J., Haffner P., Sen S., and Zhang Z., A modular machine learning system for flow-level traffic classification in large networks,  ACM Transactions on Knowledge Discovery From Data (TKDD), vol. 6, no.1, p. 4, 2012.10.1145/2133360.2133364
Crossref Google Scholar
[20]
Tongaonkar A., Torres R., Iliofotou M., Keralapura R., and Nucci A., Towards self adaptive network traffic classification, Computer Communications, vol. 56, no. 1, pp. 35-46, 2015.
Crossref Google Scholar
[21]
Freund Y. and Schapire R. E., Experiments with a new boosting algorithm, in Int’l Conf. Machine Learning (ICML), 1996, pp. 148-156.
[22]
Liu B., Carey M. J., and Ceri S., Web Data Mining. Springer, 2011.
Google Scholar
[23]
Box G. E. P., Jenkins G. M., and Reinsel G. C., Time Series Analysis: Forecasting and Control. John Wiley & Sons, 2008.
Crossref Google Scholar
[24]
Zhao D., Traore I., Sayed B., Lu W., Saad S., Ghorbani A., and Garant D., Botnet detection based on traffic behavior analysis and flow intervals, Computers & Security, vol. 39, pp. 2-16, 2013.
Crossref Google Scholar
[25]
Lin Y. D., Lai Y. C., Lu C. N., Hsu P. K., and Lee C. Y., Three-phase behavior-based detection and classification of known and unknown malware, Security and Communication Networks, vol. 8, no. 11, pp. 2004-2015, 2015.
Crossref Google Scholar
[26]
Koch R., Golling M., and Rodosek G. D., Behavior-based intrusion detection in encrypted environments, Communications Magazine, vol. 52, no. 7, pp. 124-131, 2014.
Crossref Google Scholar
[27]
Chen L., Chen X. S., Jiang J. F., Yin X. Y., and Shao G. L., Research and practice of dynamic network security architecture for IaaS platforms, Tsinghua Science and Technology, vol. 19, no. 5, pp. 496-507, 2014.
Crossref Google Scholar
[28]
KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/ kddcup99/kddcup99.html, 2015.
[29]
Kumar P. A. R. and Selvakumar S., Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems, Computer Communications, vol. 36, no. 3, pp. 303-319, 2013.
Crossref Google Scholar
[30]
Sathya S. S., Ramani R. G., and Sivaselvi K., Discriminant analysis based feature selection in kdd intrusion dataset, International Journal of Computer Applications, vol. 31, no. 11, pp. 1-7, 2011.
Google Scholar
[31]
Casas P., Mazel J., and Owezarski P., Unsupervised network intrusion detection systems: Detecting the unknown without knowledge, Computer Communications, vol. 35, no. 7, pp. 772-783, 2011.
Crossref Google Scholar
Tsinghua Science and Technology
Volume 21 Issue 3,
June 2016
Pages 322-332
DOI: 10.1109/TST.2016.7488743
Cite this article:
Ye X, Chen X, Wang H, et al. An Anomalous Behavior Detection Model in Cloud Computing. Tsinghua Science and Technology, 2016, 21(3): 322-332. https://doi.org/10.1109/TST.2016.7488743

735

Views

38

Downloads

18

Crossref

N/A

Web of Science

24

Scopus

7

CSCD

Altmetrics
Received: 09 January 2016
Accepted: 07 March 2016
Published: 13 June 2016
© The author(s) 2016
Return