Hypervisor-based cloud intrusion detection through online multivariate statistical change tracking

被引：52

作者：

Aldribi, Abdulaziz ^{[1
]}

Traore, Issa ^{[2
]}

Moa, Belaid ^{[2
]}

Nwamuo, Onyekachi ^{[2
]}

机构：

[1] Qassim Univ, Dept Comp Engn, Buraydah, Saudi Arabia

[2] Univ Victoria, Dept Elect & Comp Engn, Victoria, BC, Canada

来源：

COMPUTERS & SECURITY | 2020年 / 88卷

关键词：

Cloud computing; Cloud security monitoring; Hypervisor-based intrusion detection; Anomaly detection; Change detection; Multistage attacks; R-PACKAGE; ATTACKS; SYSTEM;

D O I：

10.1016/j.cose.2019.101646

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Cloud computing is facing a multidimensional and rapidly evolving threat landscape, making intrusion detection more challenging. This paper introduces a new hypervisor-based cloud intrusion detection system (IDS) that uses online multivariate statistical change analysis to detect anomalous network behaviors. As a departure from the conventional monolithic network IDS feature model, we leverage the fact that a hypervisor consists of a collection of instances, to introduce an instance-oriented feature model that exploits the individual and correlated behaviors of instances to improve the detection capability. The proposed approach is evaluated by collecting and using a new cloud intrusion dataset that includes a wide variety of attack vectors. (C) 2019 Elsevier Ltd. All rights reserved.

引用

页数：21

共 50 条

[1]

Abdlhamed M., 2016, proceedings of The International Conference on Internet of things and Cloud Computing (ICC 2016), University of Cambridge, Uk, P1

[2]

Aldribi A, 2018, STUD BIG DATA, V39, P333, DOI 10.1007/978-3-319-73676-1_13

[3] An Intelligent Intrusion Detection System for Cloud Computing (SIDSCC) [J].

Alqahtani, Saeed M. ;

Al Balushi, Maqbool ;

John, Robert .

2014 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND COMPUTATIONAL INTELLIGENCE (CSCI), VOL 2, 2014, :135-141

[4]