Security event correlation approach for cloud computing

被引:0
作者
机构
[1] Dipartimento di Ingegneria Industriale e dell'Informazione, Second University of Naples (SUN), 81031 Aversa
来源
Ficco, M. (massimo.ficco@unina2.it) | 1600年 / Inderscience Enterprises Ltd., 29, route de Pre-Bois, Case Postale 856, CH-1215 Geneva 15, CH-1215, Switzerland卷 / 07期
关键词
CEP; Cloud computing; Complex event processing; Correlation; Intrusion detection; Security;
D O I
10.1504/IJHPCN.2013.056525
中图分类号
学科分类号
摘要
Cloud computing is a new business model, which represents an opportunity for users, companies, and public organisations to reduce costs and increase efficiency, as well as an alternative way for providing services and resources. In this pay-by-use model, security plays a key role. Cyber attacks are a serious danger, which can compromise the quality of the service delivered to the customers, as well as the costs of the provided cloud resources and services. In this paper, a hybrid and hierarchical event correlation approach for intrusion detection in cloud computing is presented. It consists of detecting intrusion symptoms by collecting diverse information at several cloud architectural levels, using distributed security probes, as well as performing complex event analysis based on a complex event processing engine. The escalation process from intrusion symptoms to the identified cause and target of the intrusion is driven by a knowledge-base represented by an ontology. A prototype implementation of the proposed intrusion detection solution is also presented. Copyright © 2013 Inderscience Enterprises Ltd.
引用
收藏
页码:173 / 185
页数:12
相关论文
共 31 条
[1]  
Artem V., Jun H., Security attack ontology for web services, Proc. of the 2nd Int. Conf. on Semantics, Knowledge, and Grid, pp. 42-49, (2006)
[2]  
Borealis: Distributed Stream Processing Engine
[3]  
Cheng F., Meinel C., Intrusion detection in the cloud, Proc. of the IEEE Int. Conf. on Dependable, Autonomic and Secure Computing, pp. 729-734, (2009)
[4]  
Cheung S., Lindqvist U., Fong M.W., Modelling multistep cyber attacks for scenario recognition, Proc. of DARPA Information Survivability Conference and Exposition, pp. 284-292, (2003)
[5]  
Cuppens F., Ortalo R., Lambda: A language to model a database for detection of attacks, Proc. of the 3rd International Symposium Recent Advances in Intrusion Detection (RAID 2000), LNCS, pp. 197-216, (2000)
[6]  
Curry D., Debar H., Intrusion Detection Message Exchange Format: Extensible Markup Language (XML) Document Type Definition, (2003)
[7]  
Ficco M., Rak M., Intrusion tolerant approach for denial of service attacks to web services, Proc. of the 1st Int. Conf. on Data Compression, Communication, and Processing, pp. 285-292, (2011)
[8]  
Ficco M., Rak M., Intrusion tolerance as a service: A SLA-based solution, Proc. of the 2nd Int. Conf. on Cloud Computing and Services Science, pp. 375-384, (2012)
[9]  
Ficco M., Rak M., Intrusion tolerance in cloud applications: The mosaic approach, Proc. of the 6th Int. Conf. on Complex, Intelligent, and Software Intensive Systems, (2012)
[10]  
Ficco M., Rak M., Intrusion tolerance of stealth dos attacks to web services, Proc. of the Int. Conf. on Information Security and Privacy, LNCS, 376, pp. 579-584, (2012)
1234