Self-similarity based lightweight intrusion detection method for cloud computing

Hyukmin Kwon, Taesu Kim, Song Jin Yu, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

25 Citations (Scopus)

Abstract

Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages353-362
Number of pages10
Volume6592 LNAI
EditionPART 2
DOIs
Publication statusPublished - 2011 Dec 1
Event3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011 - Daegu, Korea, Republic of
Duration: 2011 Apr 202011 Apr 22

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume6592 LNAI
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011
CountryKorea, Republic of
CityDaegu
Period11/4/2011/4/22

Fingerprint

Intrusion detection
Self-similarity
Intrusion Detection
Cloud computing
Cloud Computing
Security of data
Cost effectiveness
Degradation
Monitoring
Cost-effectiveness
Information Security
Anomaly Detection
Learning Process
Similarity Measure
Leakage
Outlier
Anomalous
Anomaly
System Performance
Resolve

Keywords

  • Anomaly detection
  • Cloud computing
  • Information security
  • Intrusion detection
  • Lightweight
  • Self-similarity

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kwon, H., Kim, T., Yu, S. J., & Kim, H. K. (2011). Self-similarity based lightweight intrusion detection method for cloud computing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (PART 2 ed., Vol. 6592 LNAI, pp. 353-362). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6592 LNAI, No. PART 2). https://doi.org/10.1007/978-3-642-20042-7_36

Self-similarity based lightweight intrusion detection method for cloud computing. / Kwon, Hyukmin; Kim, Taesu; Yu, Song Jin; Kim, Huy Kang.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6592 LNAI PART 2. ed. 2011. p. 353-362 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6592 LNAI, No. PART 2).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kwon, H, Kim, T, Yu, SJ & Kim, HK 2011, Self-similarity based lightweight intrusion detection method for cloud computing. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 2 edn, vol. 6592 LNAI, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 2, vol. 6592 LNAI, pp. 353-362, 3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011, Daegu, Korea, Republic of, 11/4/20. https://doi.org/10.1007/978-3-642-20042-7_36
Kwon H, Kim T, Yu SJ, Kim HK. Self-similarity based lightweight intrusion detection method for cloud computing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 2 ed. Vol. 6592 LNAI. 2011. p. 353-362. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2). https://doi.org/10.1007/978-3-642-20042-7_36
Kwon, Hyukmin ; Kim, Taesu ; Yu, Song Jin ; Kim, Huy Kang. / Self-similarity based lightweight intrusion detection method for cloud computing. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6592 LNAI PART 2. ed. 2011. pp. 353-362 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 2).
@inproceedings{6fdb455ebd5e4ce08def5ef8b5dac86a,
title = "Self-similarity based lightweight intrusion detection method for cloud computing",
abstract = "Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.",
keywords = "Anomaly detection, Cloud computing, Information security, Intrusion detection, Lightweight, Self-similarity",
author = "Hyukmin Kwon and Taesu Kim and Yu, {Song Jin} and Kim, {Huy Kang}",
year = "2011",
month = "12",
day = "1",
doi = "10.1007/978-3-642-20042-7_36",
language = "English",
isbn = "9783642200410",
volume = "6592 LNAI",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
number = "PART 2",
pages = "353--362",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
edition = "PART 2",

}

TY - GEN

T1 - Self-similarity based lightweight intrusion detection method for cloud computing

AU - Kwon, Hyukmin

AU - Kim, Taesu

AU - Yu, Song Jin

AU - Kim, Huy Kang

PY - 2011/12/1

Y1 - 2011/12/1

N2 - Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

AB - Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

KW - Anomaly detection

KW - Cloud computing

KW - Information security

KW - Intrusion detection

KW - Lightweight

KW - Self-similarity

UR - http://www.scopus.com/inward/record.url?scp=84872111291&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84872111291&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-20042-7_36

DO - 10.1007/978-3-642-20042-7_36

M3 - Conference contribution

AN - SCOPUS:84872111291

SN - 9783642200410

VL - 6592 LNAI

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 353

EP - 362

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -