research-article

CPU and network traffic anomaly detection method for cloud data center

Authors:

Jing LiAuthors Info & Claims

AISS '19: Proceedings of the 1st International Conference on Advanced Information Science and System

Article No.: 24, Pages 1 - 7

https://doi.org/10.1145/3373477.3373501

Published: 15 January 2020 Publication History

Abstract

With the development of the cloud service market, the number of network security attacks on cloud data centers is gradually increasing. The existing anomaly detection methods are all aimed at the research of known attacks, and there is not much progress on the research of some unknown attacks and workload peaks of cloud platforms. In order to deal with the unknown attack of the cloud platform and distinguish the behavior after the attack from the peak load under normal work, this paper studies a cloud data center anomaly detection method for Distributed Denial of Service(DDoS) attacks. We built a virtual machine cluster on openstack, simulated DDoS attacks on virtual machines, collected CPU utilization and network traffic data before and after the attack, and performed anomaly detection and analysis through a single class classification algorithm and analysis of time window sequences. We evaluated the performance of this method through lab-based experiments and real-world cloud data center experiments.

References

[1]

Renesse R, Birman K, Vogels W. Astrolabe: A Robust and Scalable Technology for Distributed System Monitoring, Management, and Data Mining [J]. ACM Transactions on Computer Systems, 2003, 21(2):164--206

Digital Library

[2]

Kang H, Chen H, Jiang G. PeerWatch:A fault detection and diagnosis tool for virtualized consolidation system [C]. Proceeding of the 7th International Conference on Autonomic Computing, 2010:119--128.

[3]

Wang D Y. Research and implementation of anomaly detection technology for cloud computing[D]. Thesis of Shanghai Jiao Tong University, 2013.

[4]

Li D R. Service Performance Monitoring and Analysis System in Cloud Computing Platform[D]. Thesis of Huazhong University of Science and Technology, 2012.

[5]

Li M W. Research on Methods for Detecting Virtual Machine Abnormal Behaviors in Cloud Computing Platforms[D]. Thesis of Chongqing University, 2014.

[6]

Meng S, Liu L, Wang T. State monitoring in cloud datacenters [J]. IEEE Transactions on Knowledge and Data Engineering, 2011, 23(9): 1328-- 1344.

Digital Library

[7]

Stewart c, Shen K, Iyengar A, Yin J. Entomo Model: Understanding and avoiding performance anomaly manifestations [C]. 18th IEEE/ACM International Symposium on Modeling Analysis & Simulation of Computer and Telecommunications Systems, 2010: 3-- 13.

[8]

Smith D, Guan Q, Song F. An anomaly detection framework for automatic management of compute cloud systems[C]. 34th Annual IEEE International Computer Software and Applications Conference Workshop, 2010: 376--381.

[9]

Shen S, Beek.v.V, Iosup. Statistical characterization of business-critical workloads hosted in cloud datacenters[C] //ACM International Symposium on Cluster, Cloud and Grid Computing. IEEE. 2015: 465--474.

[10]

Li Z, Sun W, Wang L. A Neural Network Based Distributed Intrusion Detection System On Cloud Platform[C]// 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems (CCIS). 0.

[11]

Pandeeswari N, Kumar G. Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN[J]. Mobile Networks and Applications, 2016, 21(3):494--505.

Digital Library

[12]

Shirazi S N, Simpson S, Gouglidis A, et al. Anomaly Detection in the Cloud Using Data Density[C]// IEEE International Conference on Cloud Computing. IEEE, 2017.

[13]

Angelov P, Yager R. Simplified Fuzzy Rule-based Systems using Non-parametric Antecedents and relative Data Density[C]// Evolving & Adaptive Intelligent Systems. IEEE, 2011.

[14]

Luo N, Qian F. Estimation of Distribution Algorithm sampling under Gaussian and Cauchy distribution in continuous domain[C]//IEEE International Conference on Control & Automation. IEEE, 2010.

[15]

Cao J, Yu B, Dong F, et al. Entropy-Based Denial of Service Attack Detection in Cloud Data Center[C]// 2014 Second International Conference on Advanced Cloud and Big Data (CBD). IEEE, 2014.

[16]

Lakhina A, Crovella M, Diot C. [ACM Press the 2005 conference - Philadelphia, Pennsylvania, USA (2005.08.22-2005.08.26)] Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, - SIGCOMM \ - Mining anomalies using traffic feature distributions[J]. 2005:217.

[17]

Zhao L, Wang F. An efficient entropy-based network anomaly detection method using MIB[C]// International Conference on Progress in Informatics & Computing. IEEE, 2014.

[18]

Behal S, Kumar K. Detection of DDoS attacks and flash events using novel information theory metrics[J]. Computer Networks, 2017, 116:96--110.

Digital Library

[19]

Callegari C, Giordano S, Pagano M. Entropy-based network anomaly Detection[C]// International Conference on Computing. IEEE, 2017.

Cited By

Tang LZhao YXue CJiang ZZou WLiang YChen Q(2024)Swarm learning anomaly detection framework for cloud data center using multi-channel BiWGAN-GTN and CEEMDANDigital Communications and Networks10.1016/j.dcan.2024.08.009Online publication date: Aug-2024
https://doi.org/10.1016/j.dcan.2024.08.009
Chow KDeshpande USeshadri SLiu LBromberg YKermarrec AKozyrakis C(2022)DeepRestProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519564(181-198)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519564
Köksal SDalveren YMaiga BKara A(2021)Distributed denial‐of‐service attack mitigation in network functions virtualization‐based 5G networks using management and orchestrationInternational Journal of Communication Systems10.1002/dac.482534:9Online publication date: 14-Apr-2021
https://doi.org/10.1002/dac.4825

Index Terms

CPU and network traffic anomaly detection method for cloud data center
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning
        Supervised learning by classification
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
  2. Systems security
    1. Distributed systems security

Recommendations

Entropy-based denial-of-service attack detection in cloud data center

Cloud data centers today usually lack network resource isolation. Meanwhile, it is easy to deploy and terminate large number of malicious virtual machines in a few seconds, while the administrator is probably difficult to identify these malicious ...
Study of Multistage Anomaly Detection for Secured Cloud Computing Resources in Future Internet
DASC '11: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing

Future Internet Groups have been studying networking virtualization and computing virtualization for Test bed. Specially, GENI have adopted cloud computing as computing virtualization technique. In this paper, we describe the multistage anomaly ...
Entropy-Based Denial of Service Attack Detection in Cloud Data Center
CBD '14: Proceedings of the 2014 Second International Conference on Advanced Cloud and Big Data

Cloud data centers today usually lack network resource isolation. Meanwhile, it is easy to deploy and terminate large number of malicious virtual machines (VMs) in a few seconds while the administrator is probably difficult to identify these malicious ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

AISS '19: Proceedings of the 1st International Conference on Advanced Information Science and System

November 2019

253 pages

ISBN:9781450372916

DOI:10.1145/3373477

Conference Chairs:
Alexander Balinsky
Cardiff University, UK
,
Ah-Hwee Tan
Nanyang Technological University, Singapore
,
Wernhuar Tarng
National Tsing Hua University, Taiwan

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

AISS 2019

AISS 2019: 2019 International Conference on Advanced Information Science and System

November 15 - 17, 2019

Singapore, Singapore

Acceptance Rates

AISS '19 Paper Acceptance Rate 41 of 95 submissions, 43%;

Overall Acceptance Rate 41 of 95 submissions, 43%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
172
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tang LZhao YXue CJiang ZZou WLiang YChen Q(2024)Swarm learning anomaly detection framework for cloud data center using multi-channel BiWGAN-GTN and CEEMDANDigital Communications and Networks10.1016/j.dcan.2024.08.009Online publication date: Aug-2024
https://doi.org/10.1016/j.dcan.2024.08.009
Chow KDeshpande USeshadri SLiu LBromberg YKermarrec AKozyrakis C(2022)DeepRestProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519564(181-198)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519564
Köksal SDalveren YMaiga BKara A(2021)Distributed denial‐of‐service attack mitigation in network functions virtualization‐based 5G networks using management and orchestrationInternational Journal of Communication Systems10.1002/dac.482534:9Online publication date: 14-Apr-2021
https://doi.org/10.1002/dac.4825

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten