Abstract
PaaS delivery model let cloud customers share cloud provider resources through their cloud applications. This structure requires a strong security mechanism that isolates customer applications to prevent interference. For concurrent configurations of common providers, cloud applications are mostly deployed as server side web applications that share a common thread pool. In this paper, a malicious thread behavior detection framework that utilizes machine learning algorithms is proposed to classify whether the cloud platform executes a malicious flow in the currently active thread. The framework uses CPU metrics of worker threads and N-Gram frequencies of basic, privacy-friendly user operations as its features during machine learning phase. The proof of concept results are evaluated on a real-life cloud application scenario using Random Forest, Adaboost and Bagging ensemble learning algorithms. The scenario results indicate that the malicious request detection accuracy of the proposed framework is up to 87.6%. It is foreseen that better feature selection and targeted classifiers may end up with better ratios.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arshad, J., Townend, P., Xu, J.: An abstract model for integrated intrusion detection and severity analysis for clouds. In: Cloud Computing Advancements in Design, Implementation, and Technologies, vol. 1 (2012)
Banerjee, C., Kundu, A., Basu, M., Deb, P., Nag, D., Dattagupta, R.: A service based trust management classifier approach for cloud security. In: 2013 15th International Conference on Advanced Computing Technologies (ICACT), pp. 1–5. IEEE (2013)
Bazm, M.M., Lacoste, M., Südholt, M., Menaud, J.M.: Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures, March 2017. https://hal.inria.fr/hal-01591808. Working paper or preprint
Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: 2013 5th Conference on Information and Knowledge Technology (IKT), pp. 113–120. IEEE (2013)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52, 16–25 (2016)
Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: NDSS, vol. 3, pp. 191–206 (2003)
Hamad, H., Al-Hoby, M.: Managing intrusion detection as a service in cloud networks. Int. J. Comput. Appl. 41(1), 35–40 (2012)
Hu, W., Hu, W., Maybank, S.: Adaboost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 38(2), 577–583 (2008)
Kiczales, G., et al.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0053381
Mamitsuka, N.A.H., et al.: Query learning strategies using boosting and bagging. In: Machine Learning: Proceedings of the Fifteenth International Conference (ICML 1998), vol. 1 (1998)
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)
Networking, C.V.: Ciscoglobal cloud index: forecast and methodology, 2015–2020. White paper (2017)
Özdemir, C.D., Sandıkkaya, M.T., Yaslan, Y.: Classifying malicious thread behavior in PaaS web services. In: Proceedings of the 8th International Conference on Cloud Computing and Services Science - vol. 1: CLOSER, pp. 418–425. INSTICC, SciTePress (2018). https://doi.org/10.5220/0006688204180425
Pirscoveanu, R.S., Hansen, S.S., Larsen, T.M., Stevanovic, M., Pedersen, J.M., Czech, A.: Analysis of malware behavior: type classification using machine learning. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–7. IEEE (2015)
Sandikkaya, M.T., Harmanci, A.E.: A security paradigm for paas clouds. Proc. Rom. Acad. Ser. A Math. Phys. Tech. Sci. Inf. Sci. 16(2), 345–356 (2015)
Sandıkkaya, M.T., Ödevci, B., Ovatman, T.: Practical runtime security mechanisms for an aPaaS cloud. In: Globecom Workshops (GC Wkshps), pp. 53–58. IEEE (2014)
Sanjay Ram, M.: Secure cloud computing based on mutual intrusion detection system. Int. J. Comput. Appl. 1(2), 57–67 (2012)
Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y.: Detecting unknown malicious code by applying classification techniques on opcode patterns. Secur. Inf. 1(1), 1 (2012)
Su, Z., Yang, Q., Lu, Y., Zhang, H.: Whatnext: a prediction system for web requests using n-gram sequence models. In: Proceedings of the First International Conference on Web Information Systems Engineering, vol. 1, pp. 214–221. IEEE (2000)
Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of API sequences. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2337–2342. IEEE (2014)
Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1–35 (2010)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 990–1003. ACM (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Özdemir, C.D., Sandıkkaya, M.T., Yaslan, Y. (2019). Malicious Behavior Classification in PaaS. In: Muñoz, V., Ferguson, D., Helfert, M., Pahl, C. (eds) Cloud Computing and Services Science. CLOSER 2018. Communications in Computer and Information Science, vol 1073. Springer, Cham. https://doi.org/10.1007/978-3-030-29193-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-29193-8_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29192-1
Online ISBN: 978-3-030-29193-8
eBook Packages: Computer ScienceComputer Science (R0)