• DocumentCode
    1727820
  • Title

    Frequent Pattern Based User Behavior Anomaly Detection for Cloud System

  • Author

    Chien-Yi Chiu ; Chi-Tien Yeh ; Yuh-Jye Lee

  • Author_Institution
    Dept. of Comput. Sci. & Inf. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan
  • fYear
    2013
  • Firstpage
    61
  • Lastpage
    66
  • Abstract
    Cloud Computing is a hot topic in the global IT industry, which is considered as the main part of the network and computing service provider in recent years. Some security issues will be more threatening in cloud computing, such as account theft and insider threat. We propose a framework to utilize anomaly detection and random re-sampling techniques for profiling user´s behaviors via the frequent patterns of activated system processes. By utilizing the user profiles learned from normal data, our method can detect malicious activities and discriminate suspicious activities from different users. We use virtual machine (VM) to collect process log of normal users and malicious tools. The collected data is used on verifying if our method can detect the malicious activities on the system. The results show that all the malicious activities are detected with less than 4.6% false-positive rate. We also collect real-world data for testing the ability of discriminating activities collected from different users. The results showed that the user profiles can averagely detect 86% suspicious behaviors from different users with less than 1% false positive rate.
  • Keywords
    cloud computing; data mining; sampling methods; security of data; virtual machines; activated system processes frequent patterns; cloud computing; cloud system; false-positive rate; frequent pattern mining techniques; malicious activities detection; malicious tools process log collection; normal users process log collection; random re-sampling techniques; user behavior anomaly detection; user behavior profiling; virtual machine; Cloud computing; Databases; Security; Testing; Training; Training data; Virtual machining; Data Mining; Information Security; Machine learning;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Technologies and Applications of Artificial Intelligence (TAAI), 2013 Conference on
  • Conference_Location
    Taipei
  • Print_ISBN
    978-1-4799-2528-5
  • Type

    conf

  • DOI
    10.1109/TAAI.2013.25
  • Filename
    6783844