Self-similarity based lightweight intrusion detection method for cloud computing

Hyukmin Kwon, Taesu Kim, Song Jin Yu, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

26 Citations (Scopus)

Abstract

Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system. To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired. In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system's internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system's self-similarity cannot be maintained. So monitoring a system's self-similarity can be used to detect the system's anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages353-362
Number of pages10
Volume6592 LNAI
EditionPART 2
DOIs
Publication statusPublished - 2011 Dec 1
Event3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011 - Daegu, Korea, Republic of
Duration: 2011 Apr 202011 Apr 22

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 2
Volume6592 LNAI
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other3rd International Conference on Intelligent Information and Database Systems, ACIIDS 2011
CountryKorea, Republic of
CityDaegu
Period11/4/2011/4/22

    Fingerprint

Keywords

  • Anomaly detection
  • Cloud computing
  • Information security
  • Intrusion detection
  • Lightweight
  • Self-similarity

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Kwon, H., Kim, T., Yu, S. J., & Kim, H. K. (2011). Self-similarity based lightweight intrusion detection method for cloud computing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (PART 2 ed., Vol. 6592 LNAI, pp. 353-362). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6592 LNAI, No. PART 2). https://doi.org/10.1007/978-3-642-20042-7_36