Detecting Compromised VM via Application-Aware Anomaly Detection

Author

Kai Luo ; Shouzhong Tu ; Chunhe Xia ; Dan Zhou

Author_Institution

Beijing Key Lab. ofNetwork Technol., Beihang Univ., Beijing, China

fYear

2014

fDate

15-16 Nov. 2014

Firstpage

392

Lastpage

396

Abstract

Nowadays, the Infrastructure as a Service (IaaS) cloud has become the new target of attackers and the security of virtual machine (VM) in cloud is attracting more and more attention. In this paper, we propose to use virtualization to combine information of system level with that of network level and monitor the behavior of VM at the granularity of process. Based on Xen hypervisor, we implement this approach and develop APPLICATION-AWARE ANOMALY DETECTION SYSTEM (AADS) to detect anomalous behavior in VM. Experimental results show that our correlated approach performs better than that use features from only system level or network level.

Keywords

cloud computing; computer network security; telecommunication traffic; virtual machines; virtualisation; AADS; IaaS cloud; VM behavior monitoring; VM security; Xen hypervisor; anomalous VM behavior detection; application-aware anomaly detection; application-aware anomaly detection system; attacker target; compromised VM detection; correlated approach; infrastructure as a service; network level; process granularity; system level; virtual machine security; virtualization; Feature extraction; Malware; Monitoring; Ports (Computers); Training; Virtual machining; anomaly detection; security monitor; virtual machine; virtual machine introspection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Security (CIS), 2014 Tenth International Conference on

Conference_Location

Kunming

Print_ISBN

978-1-4799-7433-7

Type

conf

DOI

10.1109/CIS.2014.109

Filename

7016924