Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning

Gander, M.; Felderer, M.; Katt, B.; Moschitti, Alessandro; Breu, R.

doi:10.1007/978-3-642-45260-4_8

Cloud computing is now on the verge of being embraced as a serious usage-model. However, while outsourcing services and workflows into the cloud provides indisputable benefits in terms of flexibility of costs and scalability, there is little advance in security (which can influence reliability), transparency and incident handling. The problem of applying the existing security tools in the cloud is twofold. First, these tools do not consider the specific attacks and challenges of cloud environments, e.g., cross-VM side-channel attacks. Second, these tools focus on attacks and threats at only one layer of abstraction, e.g., the network, the service, or the workflow layers. Thus, the semantic gap between events and alerts at different layers is still an open issue. The aim of this paper is to present ongoing work towards a Monitoring-as-a-Service anomaly detection framework in a hybrid or public cloud. The goal of our framework is twofold. First it closes the gap between incidents at different layers of cloud-sourced workflows, namely we focus both on the workflow and the infrastracture layers. Second, our framework tackles challenges stemming from cloud usage, like multi-tenancy. Our framework uses complex event processing rules and machine learning, to detect populate user-specified metrics that can be used to assess the security status of the monitored system.

Scheda prodotto non validato

I dati visualizzati non sono stati ancora sottoposti a validazione formale da parte dello Staff di IRIS, ma sono stati ugualmente trasmessi al Sito Docente Cineca (Loginmiur).

Titolo:	Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning
Autori:	M. Gander; M. Felderer; B. Katt; A. Moschitti; R. Breu
Autori Unitn:	M. Gander M. Felderer B. Katt Moschitti, Alessandro R. Breu mostra contributor esterni nascondi contributor esterni
Titolo del volume contenente il saggio:	The Joint workshop on Intelligent Methods for Software System Engineering (JIMSE) held in ECAI 2012
Luogo di edizione:	France
Casa editrice:	ECAI 2012
Anno di pubblicazione:	2012
Codice identificativo Scopus:	2-s2.0-84904698372
ISBN:	978-3-642-45259-8
Handle:	http://hdl.handle.net/11572/95278
Appare nelle tipologie:	04.1 Saggio in atti di convegno (Paper in proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

CINECA IRIS Institutional Research Information System

Scheda prodotto non validato

File in questo prodotto: