Skip to main content
SpringerLink
Log in

An automatic intrusion diagnosis approach for clouds

  • Published:
International Journal of Automation and Computing Aims and scope Submit manuscript

Abstract

Virtual machines have attracted significant attention especially within the high performance computing community. However, there remain problems with respect to security in general and intrusion detection and diagnosis in particular which underpin the realization of the potential offered by this emerging technology. In this paper, one such problem has been highlighted, i.e., intrusion severity analysis for large-scale virtual machine based systems, such as clouds. Furthermore, the paper proposes a solution to this problem for the first time for clouds. The proposed solution achieves virtual machine specific intrusion severity analysis while preserving isolation between the security module and the monitored virtual machine. Furthermore, an automated approach is adopted to significantly reduce the overall intrusion response time. The paper includes a detailed description of the solution and an evaluation of our approach with the objective to determine the effectiveness and potential of this approach. The evaluation includes both architectural and experimental evaluation thereby enabling us to strengthen our approach at an architectural level as well. Finally, open problems and challenges that need to be addressed in order to make further improvements to the proposed approach have been highlighted.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. R. Subramanium. The Siamese Twins of IT Infrastructure: Grid and Virtualization, [Online], Available: http://www.ogf.org/OGF22/materials/1065/Virtualizatio n+Intel.pdf, May 28, 2011.

  2. R. P. Goldberg. A survey of virtual machine research. IEEE Computer, vol. 7, pp. 34–45, 1974.

    Google Scholar 

  3. Amazon Elastic Computing Cloud, [Online], Available: http://aws.amazon.com/ec2/, May 29, 2011.

  4. Google Cloud, [Online], Available: http://www.google.com/apps/intl/en/business/cloud.html, May 29, 2011.

  5. GoGrid: Scalable Load-balanced Windows and Linux Cloud-server Hosting, [Online], Available: http://www.gogrid.com/, May 29, 2011.

  6. Nimbus, [Online], Available: http://www.nimbusproject.org/, June 6, 2011.

  7. OpenNebula Project, [Online], Available: http://www.opennebula.org, May 29, 2011.

  8. A. Weiss. Computing in the clouds. netWorker, vol. 11, no. 4, pp. 16–25, 2007.

    Article  Google Scholar 

  9. T. Garfinkel, M. Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In Proceedings of the 10th Conference on Hot Topics in Operating Systems, ACM, Berkeley, USA, vol. 10, pp. 20, 2005.

    Google Scholar 

  10. J. Arshad. Integrated intrusion detection and diagnosis for clouds. In Proceedings of Dependable Systems and Networks (DSN), Portugal, pp. 602, 2009.

  11. L. O. Burchard, M. Hovestadt, O. Kao, A. Keller, B. Linnert. The virtual resource manager: An architecture for SLA-aware resource management. In Proceedings of IEEE International Symposium on Cluster Computing and the Grid, IEEE, pp. 126–133, 2004.

  12. N. Stakhanova, S. Basu, J. Wong. A taxonomy of intrusion response systems. International Journal of Information and Computer Security, vol. 1, no. 1–2, pp. 169–184, 2007.

    Article  Google Scholar 

  13. D. Schnackenberg, H. Holliday, R. Smith, K. Djahandari, D. Sterne. Cooperative intrusion traceback and response architecture (CITRA). In Proceedings of IEEE DARPA Information Survivability Conference and Exposition, IEEE, vol. 1, pp. 56–68, 2001.

    Article  Google Scholar 

  14. P. Porras, P. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of National Information Systems Security Conference, Baltimore, Maryland, pp. 353–365, 1997.

  15. Community Emergency Response Team, [Online], Available: http://www.cert.org, June 7, 2011.

  16. S. Northcutt, J. Novak. Network Intrusion Detection, 3rd ed., USA: Sams, 2002.

    Google Scholar 

  17. A Complete Guide to the Common Vulnerability Scoring System Version 2.0, [Online], Available: http://www.first.org/cvss/cvss-guide.html, May 29, 2011.

  18. P. A. Porras, M. W. Fong, A. Valdes. A mission-impactbased approach to INFOSEC alarm correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, IEEE, pp. 95–114, 2002.

  19. J. Arshad, P. Townend, J. Xu. Quantification of security for compute intensive workloads in clouds. In Proceedings of the 15th International Conference on Parallel and Distributed Systems, ACM, Guangdong, PRC, pp. 479–486, 2009.

    Chapter  Google Scholar 

  20. R. Kazman, M. Klein, M. Barbacci, T. Longstaff, H. Lipson, J. Carriere. The Architecture Tradeoff Analysis Method, [Online], Available: http://www.pst.ifi.lmu.de/lehre/WS0102/architektur/VL9/ATAM.pdf, May 29, 2011.

  21. R. Kazman, L. Bass, G. Abowd, M. Webb. SAAM: A method for analyzing the properties of software architectures. In Proceedings of the 16th International Conference on Software Engineering, IEEE, Sorrento, Italy, pp. 81–90, 1994.

    Chapter  Google Scholar 

  22. P. Bengtsson, N. Lassing, J. Bosch, H. V. Vliet. Architecture-level modifiability analysis. Journal of Systems and Software, vol. 69, no. 1–2, pp. 129–147, 2004.

    Article  Google Scholar 

  23. A. Raza, H. Abbas. Security evaluation of software architectures using ATAM. In Proceedings of IPID ICT4D PG Symposium, Joensuu, Finland, 2008.

  24. D. Necsulescu, Y. W. Jiang, B. Kim. Neural network based feedback linearization control of an unmanned aerial vehicle. International Journal of Automation and Computing, vol. 4, no. 1, pp. 71–79, 2007.

    Article  Google Scholar 

  25. W. G. Yi, M. Y. Lu, Z. Liu. Regression analysis of the number of association rules. International Journal of Automation and Computing, vol. 8, no. 1, pp. 78–82, 2011.

    Article  Google Scholar 

  26. J. MacQueen. Some methods for classification and analysis of multivariate observations. In Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability, Mendeley, California, USA, vol. 1, pp. 281–297, 1967.

    MathSciNet  Google Scholar 

  27. J. R. Quinlan. C4.5: Programs for Machine Learning, San Francisco, USA: Morgan Kaufmann Publishers, 1993.

    Google Scholar 

  28. W. Jie, J. Arshad, R. Sinnott, P. Townend, Z. Lei. A review of grid authentication and authorization technologies and support for federated access control. ACM Computing Surveys, vol. 43, no. 2, Article No. 12, 2011.

  29. A. Avizienis, J. C. Laprie, B. Randell, C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 1, pp. 11–33, 2004.

    Article  Google Scholar 

  30. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery, I. Pratt, A. Warfield. Xen and the art of virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, ACM, Bolton Landing, USA, pp. 164–177, 2003.

    Google Scholar 

  31. M. Bernaschi, E. Gabrieli, L. V. Mancini. Remus: A security-enhanced operating system. ACM Transactions on Information and System Security, vol. 5, no. 1, pp. 36–61, 2002.

    Article  Google Scholar 

  32. The MathWorks — MATLAB and Simulink for Technical Computing, [Online], Available: http://www.mathworks.com, May 29, 2011.

  33. Information on See5/C5.0, [Online], Available: http://www.rulequest.com/see5-info.html, May 29, 2011.

  34. J. R. Quinlan. C4.5: Programs for Machine Learning, San Francisco, USA: Morgan Kaufmann, 1993.

    Google Scholar 

  35. D. K. Kang, D. Fuller, V. Honavar. Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In Proceedings of IEEE Workshop on Information Assurance and Security, IEEE, West Point, USA, pp. 118–125, 2005.

    Chapter  Google Scholar 

  36. Severity Levels, [Online], Available: http://www.internetbankingaudits.com/severitylevels.htm, May 29, 2011.

  37. J. Huai, Q. Li, C. Hu. CIVIC: A hypervisor based computing environment. In Proceedings of International Conference on Parallel Processing Workshops, IEEE, pp. 809–820, 2007.

Download references

Author information

Authors and Affiliations

  1. School of Computing, University of Leeds, Leeds, LS2 9JT, UK

    Junaid Arshad, Paul Townend & Jie Xu

Authors
  1. Junaid Arshad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Townend
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jie Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Junaid Arshad.

Additional information

Junaid Arshad is a Ph.D. candidate in the School of Computing, University of Leeds, UK.

His research interests include security for grid computing, virtualization, and cloud computing.

Paul Townend is a research fellow in the School of Computing, University of Leeds, UK.

His research interests include fault tolerance, fault injection, grid computing, web services, provenance techniques, JSR-168 compatible portlets, and distributed storage.

Jie Xu is chair of computer science in the School of Computing, University of Leeds, UK and leads the research at Leeds on distributed systems and Internet computing. He has worked in the field of dependable distributed systems and fault-tolerant computing for over eighteen years. He is the winner of the 2002 BCS Brendan Murphy Prize for his work with Prof.Brian Randell and Dr.Alexander Romanovsky on “Concurrent Exception Handling and Resolution in Distributed Object Systems”.

His research interests include computer system fault diagnosis, fault-tolerant software, and dependable distributed systems.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Arshad, J., Townend, P. & Xu, J. An automatic intrusion diagnosis approach for clouds. Int. J. Autom. Comput. 8, 286–296 (2011). https://doi.org/10.1007/s11633-011-0584-2

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11633-011-0584-2

Keywords

Search

Navigation