Assessing the impact of intra-cloud live migration on anomaly detection

Author

Shirazi, Noor-ul-Hassan ; Simpson, Steven ; Marnerides, Angelos K. ; Watson, Michael ; Mauthe, Andreas ; Hutchison, David

Author_Institution

InfoLab21, Lancaster Univ., Lancaster, UK

fYear

2014

fDate

8-10 Oct. 2014

Firstpage

52

Lastpage

57

Abstract

Virtualized cloud environments have emerged as a necessity within modern unified ICT infrastructures and have established themselves as a reliable backbone for numerous always-on services. `Live´ intra-cloud virtual-machine (VM) migration is a widely used technique for efficient resource management employed within modern cloud infrastructures. Despite the benefits of such functionality, there are still several security issues which have not yet been thoroughly assessed and quantified. We investigate the impact of live virtual-machine migration on state-of-the-art anomaly detection (AD) techniques (namely PCA and K-means), by evaluating live migration under various attack types and intensities. We find that the performance for both detectors degrades as shown by their Receiver Operating Characteristics (ROC) curves when intra-cloud live migration is initiated while VMs are under a netscan (NS) or a denial-of-service (DoS) attack.

Keywords

cloud computing; computer network security; virtual machines; K-means; PCA; ROC curves; anomaly detection; denial-of-service attack; intracloud live migration; live intracloud virtual-machine migration; netscan; receiver operating characteristic curves; resource management; security issues; virtualized cloud environments; Computer crime; Conferences; Detectors; Entropy; Feature extraction; Principal component analysis; Vectors; Cloud computing; anomaly detection; live VM migration;

fLanguage

English

Publisher

ieee

Conference_Titel

Cloud Networking (CloudNet), 2014 IEEE 3rd International Conference on

Conference_Location

Luxembourg

Type

conf

DOI

10.1109/CloudNet.2014.6968968

Filename

6968968