Vol: 61(75) No: 1 / March 2016 Optimized Automated Anomalies Detection in Cloud Computing Infrastructures Alecsandru Patrascu Department of Computer Science, Military Technical Academy, Bucharest, Romania, e-mail: alecsandru.patrascu@gmail.com Marius-Alexandru Velciu Department of Computer Science, Military Technical Academy, Bucharest, Romania, e-mail: alexandruvelciu@gmail.com Victor Valeriu Patriciu Department of Computer Science, Military Technical Academy, Bucharest, Romania, e-mail: victorpatriciu@yahoo.com Stefan Popa Intel Corporation, Bucharest, Romania, e-mail: stefan.popa@acm.org Keywords: cloud computing; data forensic; anomaly detection framework; distributed computing Abstract The need of knowing exactly where and how a piece of data is stored and processed in a datacenter infrastructure is important in our days due to the increased number of cyber attacks that are constantly triggered. For this, we need a full picture of what is doing on, and a centralized system that constantly collects, analyzes and corellates information from the physical and virtual instances in order to detect known anomalies and any other usage pattern that can lead to a security breach. In this paper we present an optimized way to monitor virtual instances that are running in a particular datacenter. We will talk about the architecture and the way in which we used all the collected information to train our automated anomalies learning modules. We also present some implementation details and results taken from our experimental setup. References [1] NIST SP800-86 Notes, “Guide to Integrating Forensic Techniques into Incident Response”, http://cybersd.com/sec2/800-86Summary.pdf [2] B. Grobauer and T. Schreck, “Towards incident handling in the cloud: challenges and approaches”, in Proceedings of the 2010 ACM workshop on Cloud computing security workshop, New York, 2010 [3] G. Chen, “Suggestions to digital forensics in Cloud computing ERA”, in Third IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC), 2012 [4] T. Takahashi, Y. Kadobayashi and H. Fujiwara, “Ontological Approach toward Cybersecurity in Cloud Computing”, 2010 [5] M. Simmons and H. Chi, “Designing and implementing cloud-based digital forensics”, in Proceedings of the 2012 Information Security Curriculum Development Conference, pages 69-74, 2012 [6] Linux Unified Key Setup, https://code.google.com/p/cryptsetup/ [7] M. Togan, C. Plesca, “Comparison-Based Computations Over Fully Homomorphic Encrypted Data”, Proceedings of the 10th International Conference on Communications (COMM), pp. 463-468, Bucharest, 2014 [8] S. Zawoad, A.K. Dutta and R. Hasan, “SecLaaS: Secure Logging-as-a-Service for Cloud Forensics”, in 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2013 [9] A. Pauna and I. Bica, “RASSH-Reinforced adaptive SSH honeypot”, Proceedings of the 10th International Conference on Communications (COMM), pp. 1-6, Bucharest. 2014. [10] A. Patrascu, C. Leordeanu, C. Dobre and V. Cristea, “ReC2S: Reliable Cloud Computing System”, European Concurrent Engineering Conference, Bucharest, 2012. [11] A. Patrascu, I. Bica and V. Patriciu, “Enhanced diff for high performance forensic enabled cloud infrastructures”, 13th International Conference on Informatics in Economy, Bucharest, 2014 [12] JPPF Grid framework, http://www.jppf.org/ [13] Linux Containers, https://linuxcontainers.org/ [14] Distributed LIBLINEAR library, http://www.csie.ntu.edu.tw/~cjlin/ libsvmtools/distributed-liblinear/ [15] Incremental and Decremental Learning Extension of LIBLINEAR, ihttp://www.csie.ntu.edu.tw/~cjlin/papers/ws/index.html [16] A Library for Support Vector Machines, http://www.csie.ntu.edu.tw/~cjlin/libsvm/ [17] Open Source High Performance Computing, http://www.open-mpi.org/ [18] McKelvey, Richard D., McLennan, Andrew M., and Turocy, Theodore L. (2014). Gambit: Software Tools for Game Theory, Version 14.1.0. http://www.gambit-project.org. [19] ReC2S repository, https://github.com/apatrascu/rec2s; http://sourceforge.net/projects/rec2s/ [20] Brown G, Carlyle M, Salmeron J and Wood K, “Defending critical infrastructure\'”, Informs journal, 2006 [21] Jonas J and Hassel H, “Impact of functional models in a decision context of critical infrastructure vulnerability”, in Second International Conference on Vulnerability and Risk Analysis and Management, 2014 [22] Ouyang M, “Review on modeling and simulation of independent critical infrastructure systems”, in “Reliability engineering and system safety”, pp 43-60, 2014 [23] S. Preitl and R.-E. Precup, “On the algorithmic design of a class of control systems based on providing the symmetry of open-loop Bode plots”, Scientific Bulletin of UPT, Transactions on Automatic Control and Computer Science, vol. 41 (55), no. 2, pp. 47–55, Dec. 1996. |