Title :
Behavioral Modeling for Suspicious Process Detection in Cloud Computing Environments
Author :
Dolgikh, Andrey ; Birnbaum, Zachary ; Yu Chen ; Skormin, Victor
Author_Institution :
Dept. of Electr. & Comput. Eng., Binghamton Univ., Binghamton, NY, USA
Abstract :
One of the defining features of cloud computing, multi-tenancy provides significant benefits to both clients and service providers by supporting elastic on-demand resource provisioning and efficient resource allocation. However, this architecture also introduces additional security implications. Client virtual machine (VM) instances running on the same physical machine are susceptible to side-channel and escape-to-hypervisor attacks. Timely detection/mitigation of intrusive behaviors of malicious processes using signature based intrusion detection technologies or system call level anomaly analysis due to high false alarm rate presents a challenging task. In this work, a behavioral modeling scheme is proposed to detect suspicious processes on the highest semantic level. Our preliminary results have validated the effectiveness and efficiency of this novel approach.
Keywords :
cloud computing; digital signatures; security of data; behavioral modeling scheme; client virtual machine; cloud computing environment; elastic on-demand resource provisioning; escape-to-hypervisor attack; intrusive behavior detection; intrusive behavior mitigation; multitenancy; resource allocation; security implication; side-channel attack; signature based intrusion detection technology; suspicious process detection; system call level anomaly analysis; Cloud computing; Hardware; Monitoring; Security; Servers; Virtual machine monitors; Behavioral Modeling; Cloud Computing Security; Multi-Tenancy; Suspicious Process Detection;
Conference_Titel :
Mobile Data Management (MDM), 2013 IEEE 14th International Conference on
Conference_Location :
Milan
Print_ISBN :
978-1-4673-6068-5
DOI :
10.1109/MDM.2013.90
