Self-similarity based lightweight intrusion detection method for cloud computing

Hyukmin Kwon; Taesu Kim; Song Jin Yu; Huy Kang Kim

doi:10.1007/978-3-642-20042-7_36

Self-similarity based lightweight intrusion detection method for cloud computing

Hyukmin Kwon, Taesu Kim, Song Jin Yu, Huy Kang Kim

Graduate School of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

25 Citations (Scopus)

Abstract

Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages	353-362
Number of pages	10
Volume	6592 LNAI
Edition	PART 2
DOIs	https://doi.org/10.1007/978-3-642-20042-7_36
Publication status	Published - 2011 Dec 1
Event	3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011 - Daegu, Korea, Republic of Duration: 2011 Apr 20 → 2011 Apr 22

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Number	PART 2
Volume	6592 LNAI
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Other

Other	3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011
Country	Korea, Republic of
City	Daegu
Period	11/4/20 → 11/4/22

Fingerprint

Intrusion detection

Self-similarity

Intrusion Detection

Cloud computing

Cloud Computing

Security of data

Cost effectiveness

Degradation

Monitoring

Cost-effectiveness

Information Security

Anomaly Detection

Learning Process

Similarity Measure

Leakage

Outlier

Anomalous

Anomaly

System Performance

Resolve

Keywords

Anomaly detection
Cloud computing
Information security
Intrusion detection
Lightweight
Self-similarity

ASJC Scopus subject areas

Computer Science(all)
Theoretical Computer Science

Cite this

Kwon, H., Kim, T., Yu, S. J., & Kim, H. K. (2011). Self-similarity based lightweight intrusion detection method for cloud computing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (PART 2 ed., Vol. 6592 LNAI, pp. 353-362). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6592 LNAI, No. PART 2). https://doi.org/10.1007/978-3-642-20042-7_36

Self-similarity based lightweight intrusion detection method for cloud computing. / Kwon, Hyukmin; Kim, Taesu; Yu, Song Jin; Kim, Huy Kang.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6592 LNAI PART 2. ed. 2011. p. 353-362 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6592 LNAI, No. PART 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kwon, H, Kim, T, Yu, SJ & Kim, HK 2011, Self-similarity based lightweight intrusion detection method for cloud computing. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 2 edn, vol. 6592 LNAI, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 2, vol. 6592 LNAI, pp. 353-362, 3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011, Daegu, Korea, Republic of, 11/4/20. https://doi.org/10.1007/978-3-642-20042-7_36

Kwon H, Kim T, Yu SJ, Kim HK. Self-similarity based lightweight intrusion detection method for cloud computing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 2 ed. Vol. 6592 LNAI. 2011. p. 353-362. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2). https://doi.org/10.1007/978-3-642-20042-7_36

Kwon, Hyukmin ; Kim, Taesu ; Yu, Song Jin ; Kim, Huy Kang. / Self-similarity based lightweight intrusion detection method for cloud computing. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6592 LNAI PART 2. ed. 2011. pp. 353-362 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2).

@inproceedings{6fdb455ebd5e4ce08def5ef8b5dac86a,

title = "Self-similarity based lightweight intrusion detection method for cloud computing",

abstract = "Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.",

keywords = "Anomaly detection, Cloud computing, Information security, Intrusion detection, Lightweight, Self-similarity",

author = "Hyukmin Kwon and Taesu Kim and Yu, {Song Jin} and Kim, {Huy Kang}",

year = "2011",

month = "12",

day = "1",

doi = "10.1007/978-3-642-20042-7_36",

language = "English",

isbn = "9783642200410",

volume = "6592 LNAI",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

number = "PART 2",

pages = "353--362",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

edition = "PART 2",

}

TY - GEN

T1 - Self-similarity based lightweight intrusion detection method for cloud computing

AU - Kwon, Hyukmin

AU - Kim, Taesu

AU - Yu, Song Jin

AU - Kim, Huy Kang

PY - 2011/12/1

Y1 - 2011/12/1

N2 - Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

AB - Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

KW - Anomaly detection

KW - Cloud computing

KW - Information security

KW - Intrusion detection

KW - Lightweight

KW - Self-similarity

UR - http://www.scopus.com/inward/record.url?scp=84872111291&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84872111291&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-20042-7_36

DO - 10.1007/978-3-642-20042-7_36

M3 - Conference contribution

AN - SCOPUS:84872111291

SN - 9783642200410

VL - 6592 LNAI

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 353

EP - 362

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -

Access to Document

10.1007/978-3-642-20042-7_36