Hypervisor-based cloud intrusion detection through online multivariate statistical change tracking

Cloud computing is facing a multidimensional and rapidly evolving threat landscape, making intrusion detection more challenging. This paper introduces a new hypervisor-based cloud intrusion detection system (IDS) that uses online multivariate statistical change analysis to detect anomalous network behaviors. As a departure from the conventional monolithic network IDS feature model, we leverage the fact that a hypervisor consists of a collection of instances, to introduce an instance-oriented feature model that exploits the individual and correlated behaviors of instances to improve the detection capability. The proposed approach is evaluated by collecting and using a new cloud intrusion dataset that includes a wide variety of attack vectors. (C) 2019 Elsevier Ltd. All rights reserved.