TY - GEN
T1 - Self-similarity based lightweight intrusion detection method for cloud computing
AU - Kwon, Hyukmin
AU - Kim, Taesu
AU - Yu, Song Jin
AU - Kim, Huy Kang
PY - 2011/12/1
Y1 - 2011/12/1
N2 - Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.
AB - Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.
KW - Anomaly detection
KW - Cloud computing
KW - Information security
KW - Intrusion detection
KW - Lightweight
KW - Self-similarity
UR - http://www.scopus.com/inward/record.url?scp=84872111291&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84872111291&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-20042-7_36
DO - 10.1007/978-3-642-20042-7_36
M3 - Conference contribution
AN - SCOPUS:84872111291
SN - 9783642200410
VL - 6592 LNAI
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 353
EP - 362
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
T2 - 3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011
Y2 - 20 April 2011 through 22 April 2011
ER -