Skip to main content
SpringerLink
Log in

An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Cloud computing is a well-known architecture that provides Computing and data Storage services remotely over Internet on a pay per usage model which results in better utilization of resources with reduced cost for individuals to access it. As Cloud Computing is a shared facility and is accessed remotely, it is vulnerable to various attacks including hosts and network based attacks that require immediate attention. This paper focuses on attacks that are due to malicious Syscall executions from subverted programs, Rootkits, Worms and Trojans on Hosts in a Cloud Computing environment. The paper critically describes and discusses the present techniques for malicious System Call detection and proposes a new Immediate Syscall signature structure based technique to determine malicious program executions in Cloud. The proposed technique is efficient in terms of complexity involved and resources utilized by it, so as to justify its feasible deployment is low cost and platform independent in Cloud environment. The proposed technique has also been validated on all available UNM (University of New Mexico) datasets and with a 98% accuracy in program wide detection for detecting intrusive processes. The functional prototype is deployed on a private Cloud environment using open nebula and virtual box for analysis and results.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Brown, E. (2012). NIST issues cloud computing guidelines for managing security and privacy (pp. 800–144). National Institute of Standards and Technology Special Publication.

  2. Fernandes, D. B., et al. (2013). Security issues in cloud environments: A survey. International Journal of Information Security, 12(303), 1–58.

    Google Scholar 

  3. Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. London: Wiley.

    Google Scholar 

  4. Wang, X., Huang, T.-L., & Liu, X.-Y. (2010). Research on the intrusion detection mechanism based on cloud computing. In Intelligent computing and integrated systems (ICISS), 2010 international conference on.

  5. Chi-Chun, L., Chun-Chieh, H., & Ku, J. (2010). A cooperative intrusion detection system framework for cloud computing networks. In Parallel processing workshops (ICPPW), 2010 39th international conference on.

  6. Pal, S., Khatua, S., Chaki, N., & Sanyal, S. (2011). A new trusted and collaborative agent based approach for ensuring cloud security. arXiv preprint arXiv:1108.4100.

  7. Cong, W., et al. (2009). Ensuring data storage security in cloud computing. In Quality of service, 2009. IWQoS. 17th international workshop on.

  8. Quynh, N.A., & Takefuji, Y. (2007). A novel approach for a file-system integrity monitor tool of Xen virtual machine. In Proceedings of the 2nd ACM symposium on information, computer and communications security. Singapore: ACM.

  9. Steven, A. H., Stephanie, F., & Anil, S. (1998). Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3/1998), 151–180.

    Google Scholar 

  10. Lee, W., Stolfo, J. S., & Chan P. K. (1997). Learning patterns from unix process execution traces for intrusion detection. In Proceedings of AAAI97 workshop on AI methods in fraud and risk management.

  11. Warrender, C., & Forrest, S., Pearlmutter, B. (1999). Detecting intrusions using system calls: Alternative data models. In IEEE symposium on security and privacy. IEEE.

  12. Ghosh, A. K., Schwartzbard, A. & Schatz, M. (1999). Learning program behavior profiles for intrusion detection. In Proceedings of 1st USENIX workshop on intrusion detection and network monitoring. Santa Clara, CA, USA.

  13. Liao, Y., & Rao Vemuri, V. (2002). Using text categorization techniques for intrusion detection. In Proceedings of the 11th USENIX security symposium. San Francisco, California, USA.

  14. Ye, Q., Wu, X., & Yan, B. (2010). An intrusion detection approach based on system call sequences and rules extraction. In e-business and information system security (EBISS), 2010 2nd international conference on. Wuhan, China: IEEE.

  15. Bharadwaja, S., et al. (2011) Collabra: A xen hypervisor based collaborative intrusion detection system. In Information technology: New generations (ITNG), 2011 eighth international conference on. Las Vegas, NV: IEEE.

  16. Arshad, J., Townend, P., & Xu, J. (2011). A novel intrusion severity analysis approach for clouds. Future Generation Computer Systems. The International Journal of Grid Computing and eScience, 28(7), 965–1154.

    Google Scholar 

  17. Jin, H., et al. (2013). A VMM-based intrusion prevention system in cloud computing environment. The Journal of Supercomputing, 66(3), 1133–1151.

  18. Vogl, S. (2010). A bottom-up approach to VMI-based Kernel-level Rootkit detection. Ph.D. thesis in Computer Science, Technische Unversität München.

  19. Kwon, H., et al. (2011). Self-similarity based lightweight intrusion detection method for cloud computing intelligent information and database systems. In N. Ngoc Thanh, K. Chong-Gun, and J. Adam, (Eds). Third international conference, ACIIDS 2011, Daegu, Korea, April 20–22, 2011, proceedings, Part II. Berlin, Heidelberg: Springer, pp. 353–362.

  20. Jinzhu, K. (2011). AdjointVM: A new intrusion detection model for cloud computing. Energy Procedia, 13(1), 7902–7911.

  21. Patel, A., et al. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications, 36(1), 25–41.

    Article  Google Scholar 

  22. Modi, C., et al. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36(1), 42–57.

    Article  MathSciNet  Google Scholar 

  23. Gupta, S., et al. (2012). A fingerprinting system calls approach for intrusion detection in a cloud environment. In Computational aspects of social networks (CASoN), 2012 fourth international conference on, Sao Carlos, Brazil: IEEE.

  24. Center, C. S. D. F. E. Computer Immune Systems Data Sets. 1998 [cited 2013 21 April]; Available from: http://www.cs.unm.edu/~immsec/data/synth-sm.html.

Download references

Author information

Authors and Affiliations

  1. IIT Roorkee, Roorkee, India

    Sanchika Gupta & Padam Kumar

Authors
  1. Sanchika Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Padam Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sanchika Gupta.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gupta, S., Kumar, P. An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment. Wireless Pers Commun 81, 405–425 (2015). https://doi.org/10.1007/s11277-014-2136-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-014-2136-x

Keywords

Search

Navigation