Self-similarity Based Lightweight Intrusion Detection Method for Cloud Computing

Kwon, Hyukmin; Kim, Taesu; Shen, Yu; Kim, Huy Kang

doi:10.1007/978-3-642-20042-7_36

Cited by 36 publications

(16 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Seeking a methodology that determines a value of α that provides good accuracy results without compromising the need for online traffic prediction (i.e., little dependence on historical data), we consider only an initial set of windows to determine an optimal α value. As observed in other works , the resemblance between the first two sliding windows and the entire dataset suggests that the network traffic data exhibits the property of self‐similarity. Taking advantage of this concept, the algorithm will set the best α found in the first two sliding windows to predict the entire dataset.…”

Section: Dynamic Window Size Mechanismsupporting

confidence: 77%

Online traffic prediction in the cloud

2016

View full text Add to dashboard Cite

SUMMARYNetwork traffic prediction is a fundamental tool to harness several management tasks, such as monitoring and managing network traffic. Online traffic prediction is usually performed based on large sets of historical data used in training algorithms, for example, to determine the size of static windows to bound the amount of traffic under consideration. However, using large sets of historical data may not be suitable in highly volatile environments, such as cloud computing, where the coupling between time series observations decreases rapidly with time. To fill this gap, this work presents a dynamic window size algorithm for traffic prediction that contains a methodology to optimize a threshold parameter alpha that affects both the prediction and computational cost of our scheme. The alpha parameter defines the minimum data traffic variability needed to justify dynamic window size changes. Thus, with the optimization of this parameter, the number of operations of the dynamic window size algorithm decreases significantly. We evaluate the alpha estimation methodology against several prediction models by assessing the normalized mean square error and mean absolute percent error of predicted values over observed values from two real cloud computing datasets, collected by monitoring the utilization of Dropbox, and a data center dataset including traffic from several common cloud computing services.

show abstract

Section: Dynamic Window Size Mechanismsupporting

confidence: 77%

Online traffic prediction in the cloud

2016

View full text Add to dashboard Cite

show abstract

“…In contrast, the TSP of a normal client should be high enough to interact with the Web page. The work of Kwon et al [9] also uses a behavioral approach for detection. They start from a tested assumption saying that the behavioral patterns of normal traffic are similar, while the behavior patterns of malicious traffic are not.…”

Section: Related Workmentioning

confidence: 99%

“…In this paper, we shed light on the problem of detecting cloud-based DoS attacks under a changing environment. Although several advanced approaches have been proposed to detect DoS attacks in virtualized cloud (e.g., [6][7][8][9]), these approaches still causes a significant decrease in the detection accuracy when used in a cloud environment. The reason is that the current approaches do not consider the changing environment, that characterises the cloud as a result of its inherent characteristics (resources restriction and scaling).…”

Section: Introductionmentioning

confidence: 99%

An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment

2018

View full text Add to dashboard Cite

Cloud Computing enables providers to rent out space on their virtual and physical infrastructures. Denial of Service (DoS) attacks threaten the ability of the cloud to respond to clients requests, which results in considerable economic losses. The existing detection approaches are still not mature enough to satisfy a cloud-based detection systems requirements since they overlook the changing/dynamic environment, that characterises the cloud as a result of its inherent characteristics. Indeed, the patterns extracted and used by the existing detection models to identify attacks, are limited to the current VMs infrastructure but do not necessarily hold after performing new adjustments according to the pay-as-you-go business model. Therefore, the accuracy of detection will be negatively affected. Motivated by this fact, we present a new approach for detecting DoS attacks in a virtualized cloud under changing environment. The proposed model enables monitoring and quantifying the effect of resources adjustments on the collected data. This helps filter out the effect of adjustments from the collected data and thus enhance the detection accuracy in dynamic environments. Our solution correlates as well VMs application metrics with the actual resources load, which enables the hypervisor to distinguish between benignant high load and DoS attacks. It helps also the hypervisor identify the compromised VMs that try to needlessly consume more resources. Experimental results show that our model is able to enhance the detection accuracy under changing environments.

show abstract

“…In this paper, we extend their works into a more generalized model; while their approaches [7], [25], [21] simply used the single feature of moving path, we build a generalized framework with various features by designing a self-similarity algorithm to effectively measure bots' repeated activity patterns, which was previously used as a means of analyzing network traffic [10] or developing intrusion detection systems [18]. We note that the proposed method is significantly robust to changes in the configuration settings of bot programs compared with existing approaches (e.g.…”

Section: Related Workmentioning

confidence: 99%

You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild

Lee¹,

Woo²,

Kim³

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Game bots are a critical threat to Massively Multiplayer Online Role-Playing Games (MMORPGs) because they can seriously damage the reputation and in-game economy equilibrium of MMORPGs. Existing game bot detection techniques are not only generally sensitive to changes in game contents but also limited in detecting emerging bot patterns that were hitherto unknown. To overcome the limitation of learning bot patterns over time, we propose a framework that detects game bots through machine learning technique. The proposed framework utilizes self-similarity to effectively measure the frequency of repeated activities per player over time, which is an important clue to identifying bots. Consequently, we use realworld MMORPG ("Lineage", "Aion" and "Blade & Soul") datasets to evaluate the feasibility of the proposed framework. Our experimental results demonstrate that 1) self-similarity can be used as a general feature in various MMORPGs, 2) a detection model maintenance process with newly updated bot behaviors can be implemented, and 3) our bot detection framework is practicable. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.

show abstract

Self-similarity Based Lightweight Intrusion Detection Method for Cloud Computing

Cited by 36 publications

References 7 publications

Online traffic prediction in the cloud

Online traffic prediction in the cloud

An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment

You are a Game Bot!: Uncovering Game Bots in MMORPGs via Self-similarity in the Wild

Contact Info

Product

Resources

About