CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model

Ibrahim, Amani S.; Hamlyn-Harris, James H.; Grundy, John; Almorsy, Mohamed

doi:10.1109/icnss.2011.6059967

Cited by 69 publications

(47 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In particular, the studies in [15], [16] aimed to adjust the performance of traditional Intrusion Detection Systems (IDS) under signature-based techniques that employ Deep Packet Inspection (DPI) on network packets. Moreover, work in [17], [18] studied system-related features on monitored VMs by employing Virtual Machine Introspection (VMI) methods in order to detect threats on a given VM's Operating System (OS).…”

Section: Malware and Detection Methodsmentioning

confidence: 99%

“…Considering feature extraction takes in the order of seconds to complete 17 , the time taken to train the classifier is negligible, especially since it is only required to take place once during the lifetime of the classifier. In scenarios where the role of a server changes significantly and frequently the classifier would need to be retrained in order to produce a model of normal behaviour that sufficiently characterises the new normal behaviour patterns.…”

Section: Training and Classification Cost Analysismentioning

confidence: 99%

See 1 more Smart Citation

Malware Detection in Cloud Computing Infrastructures

2018

IJRTER

View full text Add to dashboard Cite

Abstract-Cloud services are prominent within the private, public and commercial domains. Many of these services are expected to be always on and have a critical nature; therefore, security and resilience are increasingly important aspects. In order to remain resilient, a cloud needs to possess the ability to react not only to known threats, but also to new challenges that target cloud infrastructures. In this paper we introduce and discuss an online cloud anomaly detection approach, comprising dedicated detection components of our cloud resilience architecture. More specifically, we exhibit the applicability of novelty detection under the one-class support Vector Machine (SVM) formulation at the hypervisor level, through the utilisation of features gathered at the system and network levels of a cloud node. We demonstrate that our scheme can reach a high detection accuracy of over 90% whilst detecting various types of malware and DoS attacks. Furthermore, we evaluate the merits of considering not only system-level data, but also network-level data depending on the attack type. Finally, the paper shows that our approach to detection using dedicated monitoring components per VM is particularly applicable to cloud scenarios and leads to a flexible detection system capable of detecting new malware strains with no prior knowledge of their functionality or their underlying instructions.Index Terms-Security, resilience, invasive software, multi-agent systems, network-level security and protection.

show abstract

Section: Malware and Detection Methodsmentioning

confidence: 99%

Section: Training and Classification Cost Analysismentioning

confidence: 99%

Malware Detection in Cloud Computing Infrastructures

2018

IJRTER

View full text Add to dashboard Cite

show abstract

“…This proofbased system is critical to enabling security guarantees in SLAs, wherein clients pay for a desired level of security and are assured they will receive a certain compensation in the event of cloud misbehavior. CloudSec [11] it provides active, transparent and real-time security monitoring for multiple concurrent VMs hosted on a cloud platform in an IaaS setting.…”

Section: B Challenges To Security Monitoring In Cloudsmentioning

confidence: 99%

Security SLA Based Monitoring in Clouds

Kaaniche

Mohamed

Laurent

et al. 2017

2017 IEEE International Conference on Edge Computing (EDGE)

View full text Add to dashboard Cite

“…Regarding virtual machine security, work has been done building on introspection capabilities to identify security incidents [18]. Approaches like CloudSec [19] follow this path by offering in depth memory inspection of the monitored virtual machine. Other systems, like Revirt [20], operate below the operating system for doing both the logging and log-based intrusion detection on hypervisor-built logs.…”

Section: Related Workmentioning

confidence: 99%

Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

Mathieu

Doyen²,

Mallouli

et al. 2015

2015 10th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-Network operators are currently very cautious before deploying a new network equipment. This is done only if the new networking solution is fully monitored, secured and can provide rapid revenues (short Return of Investment). For example, the NDN (Named Data Networking) solution is admitted as promising but still uncertain, thus making network operators reluctant to deploy it. Having a flexible environment would allow network operators to initiate the deployment of new network solutions at low cost and low risk. The virtualization techniques, appeared a few years ago, can help to provide such a flexible networking architecture. However, with it, emerge monitoring and security issues which should be solved. In this paper, we present our secure virtualized networking environment to deploy new functions and protocol stacks in the network, with a specific focus on the NDN use-case as one of the potential Future Internet technology. As strong requirements for a network operator, we then focus on monitoring and security components, highlighting where and how they can be deployed and used. Finally, we introduce our preliminary evaluation, with a focus on security, before presenting the testbed, involving end-users consuming real contents, that we will set up for the assessment of our approach.

show abstract

CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model

Cited by 69 publications

References 7 publications

Malware Detection in Cloud Computing Infrastructures

Malware Detection in Cloud Computing Infrastructures

Security SLA Based Monitoring in Clouds

Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

Contact Info

Product

Resources

About