Abstract
Virtual machines have attracted significant attention especially within the high performance computing community. However, there remain problems with respect to security in general and intrusion detection and diagnosis in particular which underpin the realization of the potential offered by this emerging technology. In this paper, one such problem has been highlighted, i.e., intrusion severity analysis for large-scale virtual machine based systems, such as clouds. Furthermore, the paper proposes a solution to this problem for the first time for clouds. The proposed solution achieves virtual machine specific intrusion severity analysis while preserving isolation between the security module and the monitored virtual machine. Furthermore, an automated approach is adopted to significantly reduce the overall intrusion response time. The paper includes a detailed description of the solution and an evaluation of our approach with the objective to determine the effectiveness and potential of this approach. The evaluation includes both architectural and experimental evaluation thereby enabling us to strengthen our approach at an architectural level as well. Finally, open problems and challenges that need to be addressed in order to make further improvements to the proposed approach have been highlighted.
Similar content being viewed by others
References
R. Subramanium. The Siamese Twins of IT Infrastructure: Grid and Virtualization, [Online], Available: http://www.ogf.org/OGF22/materials/1065/Virtualizatio n+Intel.pdf, May 28, 2011.
R. P. Goldberg. A survey of virtual machine research. IEEE Computer, vol. 7, pp. 34–45, 1974.
Amazon Elastic Computing Cloud, [Online], Available: http://aws.amazon.com/ec2/, May 29, 2011.
Google Cloud, [Online], Available: http://www.google.com/apps/intl/en/business/cloud.html, May 29, 2011.
GoGrid: Scalable Load-balanced Windows and Linux Cloud-server Hosting, [Online], Available: http://www.gogrid.com/, May 29, 2011.
Nimbus, [Online], Available: http://www.nimbusproject.org/, June 6, 2011.
OpenNebula Project, [Online], Available: http://www.opennebula.org, May 29, 2011.
A. Weiss. Computing in the clouds. netWorker, vol. 11, no. 4, pp. 16–25, 2007.
T. Garfinkel, M. Rosenblum. When virtual is harder than real: Security challenges in virtual machine based computing environments. In Proceedings of the 10th Conference on Hot Topics in Operating Systems, ACM, Berkeley, USA, vol. 10, pp. 20, 2005.
J. Arshad. Integrated intrusion detection and diagnosis for clouds. In Proceedings of Dependable Systems and Networks (DSN), Portugal, pp. 602, 2009.
L. O. Burchard, M. Hovestadt, O. Kao, A. Keller, B. Linnert. The virtual resource manager: An architecture for SLA-aware resource management. In Proceedings of IEEE International Symposium on Cluster Computing and the Grid, IEEE, pp. 126–133, 2004.
N. Stakhanova, S. Basu, J. Wong. A taxonomy of intrusion response systems. International Journal of Information and Computer Security, vol. 1, no. 1–2, pp. 169–184, 2007.
D. Schnackenberg, H. Holliday, R. Smith, K. Djahandari, D. Sterne. Cooperative intrusion traceback and response architecture (CITRA). In Proceedings of IEEE DARPA Information Survivability Conference and Exposition, IEEE, vol. 1, pp. 56–68, 2001.
P. Porras, P. Neumann. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of National Information Systems Security Conference, Baltimore, Maryland, pp. 353–365, 1997.
Community Emergency Response Team, [Online], Available: http://www.cert.org, June 7, 2011.
S. Northcutt, J. Novak. Network Intrusion Detection, 3rd ed., USA: Sams, 2002.
A Complete Guide to the Common Vulnerability Scoring System Version 2.0, [Online], Available: http://www.first.org/cvss/cvss-guide.html, May 29, 2011.
P. A. Porras, M. W. Fong, A. Valdes. A mission-impactbased approach to INFOSEC alarm correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection, IEEE, pp. 95–114, 2002.
J. Arshad, P. Townend, J. Xu. Quantification of security for compute intensive workloads in clouds. In Proceedings of the 15th International Conference on Parallel and Distributed Systems, ACM, Guangdong, PRC, pp. 479–486, 2009.
R. Kazman, M. Klein, M. Barbacci, T. Longstaff, H. Lipson, J. Carriere. The Architecture Tradeoff Analysis Method, [Online], Available: http://www.pst.ifi.lmu.de/lehre/WS0102/architektur/VL9/ATAM.pdf, May 29, 2011.
R. Kazman, L. Bass, G. Abowd, M. Webb. SAAM: A method for analyzing the properties of software architectures. In Proceedings of the 16th International Conference on Software Engineering, IEEE, Sorrento, Italy, pp. 81–90, 1994.
P. Bengtsson, N. Lassing, J. Bosch, H. V. Vliet. Architecture-level modifiability analysis. Journal of Systems and Software, vol. 69, no. 1–2, pp. 129–147, 2004.
A. Raza, H. Abbas. Security evaluation of software architectures using ATAM. In Proceedings of IPID ICT4D PG Symposium, Joensuu, Finland, 2008.
D. Necsulescu, Y. W. Jiang, B. Kim. Neural network based feedback linearization control of an unmanned aerial vehicle. International Journal of Automation and Computing, vol. 4, no. 1, pp. 71–79, 2007.
W. G. Yi, M. Y. Lu, Z. Liu. Regression analysis of the number of association rules. International Journal of Automation and Computing, vol. 8, no. 1, pp. 78–82, 2011.
J. MacQueen. Some methods for classification and analysis of multivariate observations. In Proceedings of the 5th Berkeley Symposium on Mathematical Statistics and Probability, Mendeley, California, USA, vol. 1, pp. 281–297, 1967.
J. R. Quinlan. C4.5: Programs for Machine Learning, San Francisco, USA: Morgan Kaufmann Publishers, 1993.
W. Jie, J. Arshad, R. Sinnott, P. Townend, Z. Lei. A review of grid authentication and authorization technologies and support for federated access control. ACM Computing Surveys, vol. 43, no. 2, Article No. 12, 2011.
A. Avizienis, J. C. Laprie, B. Randell, C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 1, pp. 11–33, 2004.
P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery, I. Pratt, A. Warfield. Xen and the art of virtualization. In Proceedings of the 19th ACM Symposium on Operating Systems Principles, ACM, Bolton Landing, USA, pp. 164–177, 2003.
M. Bernaschi, E. Gabrieli, L. V. Mancini. Remus: A security-enhanced operating system. ACM Transactions on Information and System Security, vol. 5, no. 1, pp. 36–61, 2002.
The MathWorks — MATLAB and Simulink for Technical Computing, [Online], Available: http://www.mathworks.com, May 29, 2011.
Information on See5/C5.0, [Online], Available: http://www.rulequest.com/see5-info.html, May 29, 2011.
J. R. Quinlan. C4.5: Programs for Machine Learning, San Francisco, USA: Morgan Kaufmann, 1993.
D. K. Kang, D. Fuller, V. Honavar. Learning classifiers for misuse and anomaly detection using a bag of system calls representation. In Proceedings of IEEE Workshop on Information Assurance and Security, IEEE, West Point, USA, pp. 118–125, 2005.
Severity Levels, [Online], Available: http://www.internetbankingaudits.com/severitylevels.htm, May 29, 2011.
J. Huai, Q. Li, C. Hu. CIVIC: A hypervisor based computing environment. In Proceedings of International Conference on Parallel Processing Workshops, IEEE, pp. 809–820, 2007.
Author information
Authors and Affiliations
Corresponding author
Additional information
Junaid Arshad is a Ph.D. candidate in the School of Computing, University of Leeds, UK.
His research interests include security for grid computing, virtualization, and cloud computing.
Paul Townend is a research fellow in the School of Computing, University of Leeds, UK.
His research interests include fault tolerance, fault injection, grid computing, web services, provenance techniques, JSR-168 compatible portlets, and distributed storage.
Jie Xu is chair of computer science in the School of Computing, University of Leeds, UK and leads the research at Leeds on distributed systems and Internet computing. He has worked in the field of dependable distributed systems and fault-tolerant computing for over eighteen years. He is the winner of the 2002 BCS Brendan Murphy Prize for his work with Prof.Brian Randell and Dr.Alexander Romanovsky on “Concurrent Exception Handling and Resolution in Distributed Object Systems”.
His research interests include computer system fault diagnosis, fault-tolerant software, and dependable distributed systems.
Rights and permissions
About this article
Cite this article
Arshad, J., Townend, P. & Xu, J. An automatic intrusion diagnosis approach for clouds. Int. J. Autom. Comput. 8, 286–296 (2011). https://doi.org/10.1007/s11633-011-0584-2
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11633-011-0584-2