Skip to main content
SpringerLink
Log in

Malicious Behavior Classification in PaaS

  • Conference paper
  • First Online:
Cloud Computing and Services Science (CLOSER 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1073))

Included in the following conference series:

  • 573 Accesses

Abstract

PaaS delivery model let cloud customers share cloud provider resources through their cloud applications. This structure requires a strong security mechanism that isolates customer applications to prevent interference. For concurrent configurations of common providers, cloud applications are mostly deployed as server side web applications that share a common thread pool. In this paper, a malicious thread behavior detection framework that utilizes machine learning algorithms is proposed to classify whether the cloud platform executes a malicious flow in the currently active thread. The framework uses CPU metrics of worker threads and N-Gram frequencies of basic, privacy-friendly user operations as its features during machine learning phase. The proof of concept results are evaluated on a real-life cloud application scenario using Random Forest, Adaboost and Bagging ensemble learning algorithms. The scenario results indicate that the malicious request detection accuracy of the proposed framework is up to 87.6%. It is foreseen that better feature selection and targeted classifiers may end up with better ratios.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://cloud.google.com/appengine/.

  2. 2.

    https://www.heroku.com/.

  3. 3.

    https://aws.amazon.com/elasticbeanstalk/.

  4. 4.

    https://www.docker.com/.

  5. 5.

    https://www.cloudfoundry.org/.

References

  1. Arshad, J., Townend, P., Xu, J.: An abstract model for integrated intrusion detection and severity analysis for clouds. In: Cloud Computing Advancements in Design, Implementation, and Technologies, vol. 1 (2012)

    Google Scholar 

  2. Banerjee, C., Kundu, A., Basu, M., Deb, P., Nag, D., Dattagupta, R.: A service based trust management classifier approach for cloud security. In: 2013 15th International Conference on Advanced Computing Technologies (ICACT), pp. 1–5. IEEE (2013)

    Google Scholar 

  3. Bazm, M.M., Lacoste, M., Südholt, M., Menaud, J.M.: Side Channels in the Cloud: Isolation Challenges, Attacks, and Countermeasures, March 2017. https://hal.inria.fr/hal-01591808. Working paper or preprint

  4. Bazrafshan, Z., Hashemi, H., Fard, S.M.H., Hamzeh, A.: A survey on heuristic malware detection techniques. In: 2013 5th Conference on Information and Knowledge Technology (IKT), pp. 113–120. IEEE (2013)

    Google Scholar 

  5. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

  6. Fan, Y., Ye, Y., Chen, L.: Malicious sequential pattern mining for automatic malware detection. Expert Syst. Appl. 52, 16–25 (2016)

    Article  Google Scholar 

  7. Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: NDSS, vol. 3, pp. 191–206 (2003)

    Google Scholar 

  8. Hamad, H., Al-Hoby, M.: Managing intrusion detection as a service in cloud networks. Int. J. Comput. Appl. 41(1), 35–40 (2012)

    Google Scholar 

  9. Hu, W., Hu, W., Maybank, S.: Adaboost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 38(2), 577–583 (2008)

    Article  Google Scholar 

  10. Kiczales, G., et al.: Aspect-oriented programming. In: Akşit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0053381

    Chapter  Google Scholar 

  11. Mamitsuka, N.A.H., et al.: Query learning strategies using boosting and bagging. In: Machine Learning: Proceedings of the Fifteenth International Conference (ICML 1998), vol. 1 (1998)

    Google Scholar 

  12. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)

    Article  Google Scholar 

  13. Networking, C.V.: Ciscoglobal cloud index: forecast and methodology, 2015–2020. White paper (2017)

    Google Scholar 

  14. Özdemir, C.D., Sandıkkaya, M.T., Yaslan, Y.: Classifying malicious thread behavior in PaaS web services. In: Proceedings of the 8th International Conference on Cloud Computing and Services Science - vol. 1: CLOSER, pp. 418–425. INSTICC, SciTePress (2018). https://doi.org/10.5220/0006688204180425

  15. Pirscoveanu, R.S., Hansen, S.S., Larsen, T.M., Stevanovic, M., Pedersen, J.M., Czech, A.: Analysis of malware behavior: type classification using machine learning. In: 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), pp. 1–7. IEEE (2015)

    Google Scholar 

  16. Sandikkaya, M.T., Harmanci, A.E.: A security paradigm for paas clouds. Proc. Rom. Acad. Ser. A Math. Phys. Tech. Sci. Inf. Sci. 16(2), 345–356 (2015)

    MathSciNet  Google Scholar 

  17. Sandıkkaya, M.T., Ödevci, B., Ovatman, T.: Practical runtime security mechanisms for an aPaaS cloud. In: Globecom Workshops (GC Wkshps), pp. 53–58. IEEE (2014)

    Google Scholar 

  18. Sanjay Ram, M.: Secure cloud computing based on mutual intrusion detection system. Int. J. Comput. Appl. 1(2), 57–67 (2012)

    Google Scholar 

  19. Shabtai, A., Moskovitch, R., Feher, C., Dolev, S., Elovici, Y.: Detecting unknown malicious code by applying classification techniques on opcode patterns. Secur. Inf. 1(1), 1 (2012)

    Article  Google Scholar 

  20. Su, Z., Yang, Q., Lu, Y., Zhang, H.: Whatnext: a prediction system for web requests using n-gram sequence models. In: Proceedings of the First International Conference on Web Information Systems Engineering, vol. 1, pp. 214–221. IEEE (2000)

    Google Scholar 

  21. Uppal, D., Sinha, R., Mehra, V., Jain, V.: Malware detection and classification based on extraction of API sequences. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2337–2342. IEEE (2014)

    Google Scholar 

  22. Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1–35 (2010)

    Article  Google Scholar 

  23. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 990–1003. ACM (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Engineering Department, Istanbul Technical University, Sarıyer, 34469, Istanbul, Turkey

    Cemile Diler Özdemir, Mehmet Tahir Sandıkkaya & Yusuf Yaslan

Authors
  1. Cemile Diler Özdemir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mehmet Tahir Sandıkkaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yusuf Yaslan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cemile Diler Özdemir .

Editor information

Editors and Affiliations

  1. Escola d’Enginyeria, Bellaterra, Barcelona, Spain

    Víctor Méndez Muñoz

  2. Columbia University, New York, USA

    Donald Ferguson

  3. Dublin City University, Dublin 9, Ireland

    Markus Helfert

  4. Free University of Bozen-Bolzano, Bolzano, Bolzano, Italy

    Claus Pahl

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Özdemir, C.D., Sandıkkaya, M.T., Yaslan, Y. (2019). Malicious Behavior Classification in PaaS. In: Muñoz, V., Ferguson, D., Helfert, M., Pahl, C. (eds) Cloud Computing and Services Science. CLOSER 2018. Communications in Computer and Information Science, vol 1073. Springer, Cham. https://doi.org/10.1007/978-3-030-29193-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29193-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29192-1

  • Online ISBN: 978-3-030-29193-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation