Title :
Detecting Compromised VM via Application-Aware Anomaly Detection
Author :
Kai Luo ; Shouzhong Tu ; Chunhe Xia ; Dan Zhou
Author_Institution :
Beijing Key Lab. ofNetwork Technol., Beihang Univ., Beijing, China
Abstract :
Nowadays, the Infrastructure as a Service (IaaS) cloud has become the new target of attackers and the security of virtual machine (VM) in cloud is attracting more and more attention. In this paper, we propose to use virtualization to combine information of system level with that of network level and monitor the behavior of VM at the granularity of process. Based on Xen hypervisor, we implement this approach and develop APPLICATION-AWARE ANOMALY DETECTION SYSTEM (AADS) to detect anomalous behavior in VM. Experimental results show that our correlated approach performs better than that use features from only system level or network level.
Keywords :
cloud computing; computer network security; telecommunication traffic; virtual machines; virtualisation; AADS; IaaS cloud; VM behavior monitoring; VM security; Xen hypervisor; anomalous VM behavior detection; application-aware anomaly detection; application-aware anomaly detection system; attacker target; compromised VM detection; correlated approach; infrastructure as a service; network level; process granularity; system level; virtual machine security; virtualization; Feature extraction; Malware; Monitoring; Ports (Computers); Training; Virtual machining; anomaly detection; security monitor; virtual machine; virtual machine introspection;
Conference_Titel :
Computational Intelligence and Security (CIS), 2014 Tenth International Conference on
Conference_Location :
Kunming
Print_ISBN :
978-1-4799-7433-7
DOI :
10.1109/CIS.2014.109
