Abstract
Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system.
To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired.
In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system’s internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system’s self-similarity cannot be maintained. So monitoring a system’s self-similarity can be used to detect the system’s anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing v2.1 (2009)
McHugh, J.: Intrusion and intrusion detection. International Journal of Information Security 1, 14–35 (2001)
Rawat, S., Sastry, C.S.: Network Intrusion Detection Using Wavelet Analysis. In: Das, G., Gulati, V.P. (eds.) CIT 2004. LNCS, vol. 3356, pp. 224–232. Springer, Heidelberg (2004)
Crovella, M.E., Bestavros, A.: Self-similarity in World Wide Web traffic: Evidence and possible causes. IEEE/ACM Transactions on networking 5(6), 835–845 (1997)
Willinger, W., Taqqu, M.S., Sherman, R., Wilson, D.V.: Self-similarity through high-variability; statistical analysis of Ethernet LAN traffic at the source level. IEEE/ACM Transactions on Networking 5(1), 71–86 (1997)
Schleifer, W., Mannle, M.: Online error detection through observation of traffic self-similarity. Proceedings of IEEE Communications 148(1), 38–42 (2001)
Allen, W.H., Marin, G.A.: On the self-similarity of synthetic traffic for the evaluation of intrusion detection systems. In: Proceedings Symposium on Applications and the Internet, pp. 242–248 (2003)
Li, M., Jia, W., Zhao, W.: Decision analysis of network based intrusion detection systems for denial-of-service attacks. In: Proceedings Conferences on ICII, vol. 5, pp. 1–6 (2001)
Nash, D.A., Ragsdale, D.: Simulation of self-similarity in network utilization patterns as a precursor to automated testing of intrusion detection systems. IEEE Transactions on Systems, Man and Cybernetics 31(4), 327–331 (2001)
Idris, M.Y., Abdullah, A.H., Maarof, M.A.: Iterative Windows Size Estimation on Self-Similarity Measurement for Network Traffic Anomaly Detection. International Journal of Computing & Information Sciences 2(2) (2004)
Microsoft Technet, Security Monitoring and Attack Detection (August 29, 2006), http://technet.microsoft.com/en-us/library/cc875806.aspx
Tenable Network Security, Nessus, http://www.nessus.org/nessus/
Wong, S.K.M., Yao, Y.Y.: A statistical similarity measure. In: Proceedings of the 10th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 3–12 (1987)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kwon, H., Kim, T., Yu, S.J., Kim, H.K. (2011). Self-similarity Based Lightweight Intrusion Detection Method for Cloud Computing. In: Nguyen, N.T., Kim, CG., Janiak, A. (eds) Intelligent Information and Database Systems. ACIIDS 2011. Lecture Notes in Computer Science(), vol 6592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20042-7_36
Download citation
DOI: https://doi.org/10.1007/978-3-642-20042-7_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20041-0
Online ISBN: 978-3-642-20042-7
eBook Packages: Computer ScienceComputer Science (R0)