Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning

Gander, Matthias; Felderer, Michael; Katt, Basel; Tolbaru, Adrian; Breu, Ruth; Moschitti, Alessandro

doi:10.1007/978-3-642-45260-4_8

Cited by 23 publications

(12 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a nutshell, DICE Monitoring (DMon) platform 19 is designed as a Web service, enabling the deployment and management of several sub-components. Each of the sub-components is responsible for enabling monitoring of Data Intensive (Big Data) applications and frameworks.…”

Section: Platform Architecturementioning

confidence: 99%

A Scalable Platform for Monitoring Data Intensive Applications

2019

View full text Add to dashboard Cite

Latest advances in information technology and the widespread growth in different areas are producing large amounts of data. Consequently, in the past decade a large number of distributed platforms for storing and processing large datasets have been proposed. Whether in development or in production, monitoring the applications running on these platforms is not an easy task, dedicated tools and platforms were proposed for this task yet none are specially designed for Big Data frameworks. In this paper we present a distributed, scalable, highly available platform able to collect, store, query and process monitoring data obtained from multiple Big Data frameworks. Alongside the architecture we experimentally show that the solution proposed is scalable and can handle a substantial quantity of monitoring data.

show abstract

Section: Platform Architecturementioning

confidence: 99%

A Scalable Platform for Monitoring Data Intensive Applications

2019

View full text Add to dashboard Cite

show abstract

“…The wide adoption of virtualization in several application domains gave rise to a large body of research work covering a variety of topics, dealing for instance with elastic resource contention issues of VMs or services Kundu et al (2012); Matsunaga and Fortes (2010); Bodík et al (2009); Silvestre et al (2015a), server reconfiguration Cerf et al (2016), resources and energy management Chase et al (2001); Berral et al (2010), and security Bhat et al (2013); Gander et al (2013). Other works also propose frameworks dedicated to the processing of large datasets (or big data) sourced from cloud infrastructures such as Pop (2016).…”

Section: Related Workmentioning

confidence: 99%

Anomaly detection and diagnosis for cloud services: Practical experiments and lessons learned

Sauvanaud

Kaniche

Kanoun

et al. 2018

Journal of Systems and Software

View full text Add to dashboard Cite

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

“…() Relational where an anomaly is described by an irregular relationship among data elements (objects). There has been a wealth of research in developing and exploiting new techniques for detecting security configuration anomalies, which adopt an object‐centric modelling technique()…”

Section: Related Workmentioning

confidence: 99%

GraphBAD: A general technique for anomaly detection in security information and event management

Parkinson

Vallati

Crampton

et al. 2018

Concurrency and Computation

View full text Add to dashboard Cite

The reliance on expert knowledge-required for analysing security logs and performing security audits-has created an unhealthy balance, where many computer users are not able to correctly audit their security configurations and react to potential security threats. The decreasing cost of IT and the increasing use of technology in domestic life are exacerbating this problem, where small companies and home IT users are not able to afford the price of experts for auditing their system configuration. In this paper, we present GraphBAD, a graph-based analysis tool that is able to analyse security configurations in order to identify anomalies that could lead to potential security risks. GraphBAD, which does not require any prior domain knowledge, generates graph-based models from security configuration data and, by analysing such models, is able to propose mitigation plans that can help computer users in increasing the security of their systems. A large experimental analysis, conducted on both publicly available (the well-known KDD dataset) and synthetically generated testing sets (file system permissions), demonstrates the ability of GraphBAD in correctly identifying security configuration anomalies and suggesting appropriate mitigation plans. KEYWORDSanomaly detection, graph structure, log files, security auditing, SIEM INTRODUCTIONAuditing security configurations is the process of searching for anomalies that potentially expose a vulnerability of a considered system. The term Security Information and Event Management (SIEM) is often used to describe the process of monitoring audit logs and security configurations to identify vulnerabilities. Given the complexity of the task, there is a heavy reliance on expert knowledge, which is required for understanding the different security configurations. This reliance has two main drawbacks: first, expert knowledge can be incomplete or erroneous; second, the high cost of security experts makes it infeasible for many users to correctly configure the security of their Information Technology (IT) systems. Therefore, in many cases, unseen weaknesses, which can be exploited, will remain in the configuration. Clearly, auditing security configurations is a critical problem for organisations that significantly rely on their IT infrastructure for undertaking business. For this reason, many companies frequently employ a third party security auditing company to examine their IT infrastructure to identify weaknesses and suggest suitable mitigation plans (named as penetration testing 1,2 ). Although businesses are prepared to pay a premium for maintaining their security, the average home IT user or small companies are left to maintain their own IT security. Furthermore, the decreasing cost of IT and the increasing use of technology in domestic life are exacerbating this problem.These limitations are heightened by the following factors. (i) The complexity of computational infrastructure-the cyber-physical platform on which security is attained-is increasing, and the technological landscape i...

show abstract

Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning

Cited by 23 publications

References 13 publications

A Scalable Platform for Monitoring Data Intensive Applications

A Scalable Platform for Monitoring Data Intensive Applications

Anomaly detection and diagnosis for cloud services: Practical experiments and lessons learned

GraphBAD: A general technique for anomaly detection in security information and event management

Contact Info

Product

Resources

About