Rahul Kumar,Nisha Prajapati,R. R. Rout,Kamalakanta Sethi,Padmalochan Bera

DOI: https://doi.org/10.1109/ICCCNT49239.2020.9225627

2020-07-01

Abstract:Enforcing security and resilience in a cloud platform is an essential but challenging problem due to the presence of a large number of heterogeneous applications running on shared resources. A security analysis system that can detect threats or malware must exist inside the cloud infrastructure. Much research has been done on machine learning-driven malware analysis, but it is limited in computational complexity and detection accuracy. To overcome these drawbacks, we proposed a new malware detection system based on the concept of clustering and trend micro locality sensitive hashing (TLSH). We used Cuckoo sandbox, which provides dynamic analysis reports of files by executing them in an isolated environment. We used a novel feature extraction algorithm to extract essential features from the malware reports obtained from the Cuckoo sandbox. Further, the most important features are selected using principal component analysis (PCA), random forest, and Chi-square feature selection methods. Subsequently, the experimental results are obtained for clustering and non-clustering approaches on three classifiers, including Decision Tree, Random Forest, and Logistic Regression. The model performance shows better classification accuracy and false positive rate (FPR) as compared to the state-of-the-art works and non-clustering approach at significantly lesser computation cost.

Computer Science

Aws Naser Jaber,Shafiq Ul Rehman

DOI: https://doi.org/10.1007/s10586-020-03082-6

2020-03-25

Cluster Computing

Abstract:Cloud computing offer various services over the Internet based on pay-per-use concept. Therefore, many organizations have already adopted this system to attract the users with its desirable features. However, due to its design, makes it vulnerable to malicious attacks. This demands an Intrusion Detection System that can detect such attacks with high detection accuracy in cloud environment. This paper proposes a novel intrusion detection system that combines a fuzzy c means clustering (FCM) algorithm with support vector machine (SVM) to improve the accuracy of the detection system in cloud computing environment. The proposed system is implemented and compared with existing mechanisms. The NSL-KDD dataset is used for experiments. Based on performance evaluation and comparative analysis, the results obtained using this new hybrid mechanism (FCM–SVM) show that the proposed system can detect the anomalies with high detection accuracy and low false alarm rates over the existing techniques.

Mansaf Alam,Shuchi Sethi

DOI: https://doi.org/10.48550/arXiv.1504.03539

2015-04-14

Distributed, Parallel, and Cluster Computing

Abstract:Recent research shows that colluded malware in different VMs sharing a single physical host may use a resource as a channel to leak critical information. Covert channels employ time or storage characteristics to transmit confidential information to attackers leaving no trail.These channels were not meant for communication and hence control mechanisms do not exist. This means these remain undetected by traditional security measures employed in firewalls etc in a network. The comprehensive survey to address the issue highlights that accurate methods for fast detection in cloud are very expensive in terms of storage and processing. The proposed framework builds signature by extracting features which accurately classify the regular from covert traffic in cloud and estimates difference in distribution of data under analysis by means of scores. It then adds context to the signature and finally using machine learning (Support Vector Machines),a model is built and trained for deploying in cloud. The results show that the framework proposed is high in accuracy while being low cost and robust as it is tested after adding noise which is likely to exist in public cloud environments.

Ferdaous Kamoun-Abid,Hounaida Frikha,Amel Meddeb-Makhoulf,Faouzi Zarai

DOI: https://doi.org/10.11591/ijeecs.v35.i1.pp191-202

2024-07-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:In the realm of healthcare applications leveraging cloud technology, ongoing progress is evident, yet current approaches are rigid and fail to adapt to the dynamic environment, particularly when network and virtual machine (VM) resources undergo modifications mid-execution. Health data is stored and processed in the cloud as virtual resources supported by numerous VMs, necessitating critical optimization of virtual node and data placement to enhance data application processing time. Network security poses a significant challenge in the cloud due to the dynamic nature of the topology, hindering traditional firewalls’ ability to inspect packet contents and leaving the network vulnerable to potential threats. To address this, we propose dividing the cloud topology into zones, each monitored by a controller to oversee individual VMs under firewall protection, a framework termed divided-cloud, aiming to minimize network congestion while strategically placing new VMs. Employing machine learning (ML) techniques, such as decision tree (DT) and linear discriminant analysis (LDA), we achieved improved accuracy rates for adding new controllers, reaching a maximum of 89%, and used the K-neighbours classifier method to determine optimal locations for new VMs, achieving an accuracy of 83%.

Sun Haoliang,Wang Dawei,Zhang Ying

DOI: https://doi.org/10.1109/iccsn.2019.8905286

2019-01-01

Abstract:Nowadays, a major challenge to network security is malicious codes. However, manual extraction of features is one of the characteristics of traditional detection techniques, which is inefficient. On the other hand, the features of the content and behavior of the malicious codes are easy to change, resulting in more inefficiency of the traditional techniques. In this paper, a K-Means Clustering Analysis is proposed based on Adaptive Weights (AW-MMKM). Identifying malicious codes in the proposed method is based on four types of network behavior that can be extracted from network traffic, including active, fault, network scanning, and page behaviors. The experimental results indicate that the AW-MMKM can detect malicious codes efficiently with higher accuracy.

Donghai Tian,Runze Zhao,Rui Ma,Xiaoqi Jia,Qi Shen,Changzhen Hu,Wenmao Liu

DOI: https://doi.org/10.1002/ett.4584

IF: 3.6

2022-07-01

Transactions on Emerging Telecommunications Technologies

Abstract:We present MDCD, a malware detection system for virtualization environments. By utilizing the run‐time utilization and memory object information of the target VM, we can effectively detect the malicious programs in the target VM. With the increasing popularity of cloud computing applications, the threat of malware attack against cloud environments is getting worse. To defend against malware attacks in the cloud, some virtualization‐based approaches are proposed. However, the existing methods suffer from limitations in terms of detection accuracy, deployment effort, and performance cost. To address these issues, we propose MDCD, a novel dynamic malware detection solution for cloud environments. This method first utilizes a lightweight agent to collect the run‐time utilization information from the target virtual machine (VM). Then, it leverages the memory forensics analysis technique to extract the memory object information from the target VM's memory. To fully make use of the run‐time utilization and memory object information for malware detection, we propose a multi‐CNN model, which combines multiple convolutional neural networks (CNNs) efficiently. The evaluation shows that our approach can achieve an average detection accuracy, precision, recall, and F1 Score of 98.89%, 97.01%, 98.17%, and 97.89% respectively. Compared with the existing solutions, our method can detect multiple malicious processes effectively with little deployment effort.

telecommunications

Jian Zhang,Cheng Gao,Liangyi Gong,Zhaojun Gu,Dapeng Man,Wu Yang,Wenzhen Li

DOI: https://doi.org/10.1007/s11036-019-01503-4

2020-01-08

Mobile Networks and Applications

Abstract:As more and more applications migrate to clouds, the type and amount of malware attack against virtualized environments are increasing, which is a key factor that restricts the widespread deployment and application of cloud platforms. Traditional in-VM-based security software is not effective against malware attacks, as the security software itself becomes the target of malware attacks and can easily be tampered with or even subverted. In this paper, we propose a new malware detection method to improve virtual machine security performance and ensure the security of the entire cloud platform. This paper uses the virtual machine introspection(VMI) combined with the memory forensics analysis(MFA) technology to extract multiple types of dynamic features from the virtual machine memory, the hypervisor layer and the hardware layer. Furthermore, this paper proposes an adaptive feature selection method. By combining three different search strategies, three types of features are compared and analyzed from three aspects: effectiveness, system load and security. By adjusting the weight of each feature, it meets the detection requirements of different malware in the cloud environment as expected. Finally, the detection method improves the detection accuracy and generalization ability of the overall classifier using the AdaBoost ensemble learning method with Voting's combination strategy. The experiment used a large number of real malicious samples, and achieved an accuracy of 0.999 (AUC), with a maximum performance overhead of 5.6%.

computer science, information systems,telecommunications, hardware & architecture

Deepika Saxena,Ishu Gupta,Rishabh Gupta,Ashutosh Kumar Singh,Xiaoqing Wen

DOI: https://doi.org/10.1109/TSMC.2023.3288081

2023-08-18

Abstract:Cloud virtualization technology, ingrained with physical resource sharing, prompts cybersecurity threats on users' virtual machines (VM)s due to the presence of inevitable vulnerabilities on the offsite servers. Contrary to the existing works which concentrated on reducing resource sharing and encryption and decryption of data before transfer for improving cybersecurity which raises computational cost overhead, the proposed model operates diversely for efficiently serving the same purpose. This paper proposes a novel Multiple Risks Analysis based VM Threat Prediction Model (MR-TPM) to secure computational data and minimize adversary breaches by proactively estimating the VMs threats. It considers multiple cybersecurity risk factors associated with the configuration and management of VMs, along with analysis of users' behaviour. All these threat factors are quantified for the generation of respective risk score values and fed as input into a machine learning based classifier to estimate the probability of threat for each VM. The performance of MR-TPM is evaluated using benchmark Google Cluster and OpenNebula VM threat traces. The experimental results demonstrate that the proposed model efficiently computes the cybersecurity risks and learns the VM threat patterns from historical and live data samples. The deployment of MR-TPM with existing VM allocation policies reduces cybersecurity threats up to 88.9%.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Maheswari, K. G.

DOI: https://doi.org/10.1007/s11277-022-10030-7

IF: 2.017

2022-09-27

Wireless Personal Communications

Abstract:In recent years, the rapid growth of information technology organizations causes ability to meet their demands such as scalability, mobility and flexibility. The security and privacy is a major issue of those organizations that's why they move the data to the cloud. Meanwhile, the security in cloud has become an important issue in the growing demand of cloud computing, Due to the nature characteristics of cloud, those confidential data are vulnerable to attacks/malicious or intruders. Several Intrusion Detection System (IDS) have been proposed for cloud environment to enhance the security problem but they are not possible to solve those issues with better accuracy, due to the recent real-time intruders. However, those IDSs are possible to solve and resist limited and known attacks. In this paper, we propose Optimal Cluster based Intrusion Detection System for defence against attacks in web and cloud computing environments (OC-IDS). We use hybrid optimization algorithm i.e. Multi-verse is combined with Chaotic Atom search optimization (MCA) algorithm for pre-processing which removes the unwanted/repeated data in dataset. We introduce a Chaotic Manta-ray Foraging Optimization (CMFO) based clustering technique which segment the data in different groups. Then, we develop hybrid machine learning technique i.e. Modified Teacher Learning based Deep Neural Network (MTL-DNN) which categorize the attack in cloud environment as a novelty of this study. Finally, the proposed OC-IDS technique can evaluate through standard open source datasets are KDD cup'99 and MSL-KDD, the performance of proposed and existing techniques are compared with different metrics such as accuracy, precision, recall and F-measure. Our proposed OC IDS MTL-DNN attains 95.01% accuracy in KDD cup'99 dataset.

telecommunications

Amira Mahamat Abdallah,Aysha Alkaabi,Ghaya Alameri,Saida Hafsa Rafique,Nura Shifa Musa,Thangavel Murugan

DOI: https://doi.org/10.1109/access.2024.3390844

IF: 3.9

2024-04-27

IEEE Access

Abstract:In the rapidly evolving landscape of computing and networking, the concepts of cloud networks have gained significant prominence. Although the cloud network offers on-demand access to shared resources, anomalies pose potential risks to the integrity and security of cloud networks. However, protecting the cloud network against anomalies remains a challenge. Unlike traditional detection techniques, machine learning (ML) and deep learning (DL) offer new and adaptable methods for detecting anomalies in cloud networks. The objective of this study is to comprehensively explore existing ML /DL methods for detecting different anomalies based on distributed denial of service anomaly (DDoS) and intrusion detection systems (IDS) in cloud networks. The study seeks to address the gaps in anomaly detection for cloud networks, proposing potential solutions for anomaly detection in these cloud environments. The ultimate goal is to contribute valuable insights and practical solutions to enhance the security and reliability of cloud networks through effective anomaly detection by ML/ DL techniques. Methodologies for ML/DL are explained, along with their advantages, disadvantages, and respective approaches. In addition, a summary of the comparison between different ML/ DL models is also included.

computer science, information systems,telecommunications,engineering, electrical & electronic

Taimur Al Said,Omer F. Rana

DOI: https://doi.org/10.1007/978-3-319-19848-4_9

2015-01-01

Abstract:The cloud computing concept has significantly influenced how information is delivered and managed in large scale distributed systems today. Cloud computing is currently expected to reduce the economic cost of using computational and data resources, and is therefore particularly appealing to small and medium scale companies (who may not wish to maintain in-house IT departments). To provide economies of scale, providers of Cloud computing infrastructure make significant use of virtualisation techniques – in which processes of various tenants sharing the same physical resources are separated logically using a hypervisor. In spite of its wide adoption in Cloud computing systems, virtualisation technology suffers from many security and privacy issues. We outline security challenges that remain in the use of virtualisation techniques to support multiple customers on the same shared infrastructure. We also illustrate, using an experiment, how data leakage occurs when multiple VMs are executed on the same physical infrastructure, leading to unauthorised access to (previously) deleted data.

Amir Javadpour,Sanaz Kazemi Abharian,Guojun Wang

DOI: https://doi.org/10.48550/arXiv.2004.07943

2020-04-15

Cryptography and Security

Abstract:Characteristics and way of behavior of attacks and infiltrators on computer networks are usually very difficult and need an expert In addition; the advancement of computer networks, the number of attacks and infiltrations are also increasing. In fact, the knowledge coming from an expert will lose its value over time and must be updated and made available to the system and this makes the need for the expert person always felt. In machine learning techniques, knowledge is extracted from the data itself which has diminished the role of the expert. Various methods used to detect intrusions, such as statistical models, safe system approach, neural networks, etc., all weaken the fact that it uses all the features of an information packet rotating in the network for intrusion detection. Also, the huge volume of information and the unthinkable state space is also an important issue in the detection of intrusion. Therefore, the need for automatic identification of new and suspicious patterns in an attempt for intrusion with the use of more efficient methods Lower cost and higher performance is needed more than before. The purpose of this study is to provide a new method based on intrusion detection systems and its various architectures aimed at increasing the accuracy of intrusion detection in cloud computing. Keywords : intrusion detection, feature Selection, classification Algorithm, machine learning, neural network.

Xiaodong Wu,Zhigang Jin,Junyi Zhou,Chenxu Duan

DOI: https://doi.org/10.1016/j.eswa.2023.120894

IF: 8.5

2023-07-02

Expert Systems with Applications

Abstract:Cloud computing is considerably investigable and adoptable in both industry and academia, and Software Defined Networking (SDN) has been applied in cloud computing. Although SDN mitigates some security issues in cloud computing, new security issues related to its own architecture are also introduced. In this paper, we propose a quantum walks-based classification model which is available for intrusion detection in cloud computing. The proposed model concentrates feature information of data via Principal Component Analysis, and then aggregates the concentrated data in the way of quantum walks by a training-free clustering algorithm. The clustering algorithm constructs coin transformation and conditional shift transformation based on transition probabilities to move similar data toward each other. To enhance the usability of the proposed model in cloud computing security, we propose a new cloud architecture which adds security layer in SDN to ponder the protection of cloud computing fundamentally, and simplify transition probabilities equations of clustering algorithm without affecting clustering accuracy, decreasing the time complexity from O(nk2) to O(nk) . The experimental results on popular datasets (Accuracy: 99.4% on InSDN, 95.8% on NSL-KDD, 98% on UNSW-NB15 and 96.4% on CSE-CIC-IDS2018) revealed that the proposed model is effective dealing with attacks on SDN-based cloud computing, and is able to maintain stable and excellent attack identification ability under different traffic intensities.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Mehdi Rajabzadeh,Abolfazl Toroghi Haghighat,Amir Masoud Rahmani

DOI: https://doi.org/10.1007/s11227-020-03169-2

IF: 3.3

2020-01-29

The Journal of Supercomputing

Abstract:Utilizing from energy-aware solutions along with maintaining service-level agreements is one of the most important research issues in cloud computing. In the proposed model, monitoring the status of resources and analysing the obtained data have led to proper placement and consolidation of virtual machines through targeted migrations at the right time. In the virtual machine placement policy, the definition of absorption mode has been used in simulated annealing algorithm in addition to the formation of virtual clusters to prevent from unlimited increase in the length of created Markov chain in any temperature while maintaining the convergence. The results of simulations obtained from various scenarios in CloudSim indicated the proposed model has led to energy savings up to 14.3%, 19% and 21% on low load, average load and high load, respectively, compared to the best understudy algorithm, while the SLA violation has also led to a decrease in all three modes.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Hossein Abbasi,Naser Ezzati-Jivan,Martine Bellaiche,Chamseddine Talhi,Michel R. Dagenais

DOI: https://doi.org/10.1007/s41635-018-0061-2

2019-01-26

Journal of Hardware and Systems Security

Abstract:One of the most important benefits of using cloud computing is the benefit of on-demand services. Accordingly, the method of payment in the cloud environment is pay per use. This feature results in a new kind of DDOS attack called Economic Denial of Sustainability (EDoS), in which the customer pays extra to the cloud provider as a result of the attack. Similar to other DDoS attacks, EDoS attacks are divided into different types, such as (1) bandwidth-consuming attacks, (2) attacks that target specific applications, and 3) connection-layer exhaustion attacks. In this work, we propose a novel framework to detect different types of EDoS attacks by designing a profile that learns from and classifies the normal and abnormal behaviors. In this framework, the extra demanding resources are only allocated to VMs that are detected to be in a normal situation and therefore prevent the cloud environment from attack and resource misuse propagation.

Mohammed Ashfaaq M. Farzaan,Mohamed Chahine Ghanem,Ayman El-Hajjar,Deepthi N. Ratnayake

2024-04-10

Abstract:The escalating sophistication and volume of cyber threats in cloud environments necessitate a paradigm shift in strategies. Recognising the need for an automated and precise response to cyber threats, this research explores the application of AI and ML and proposes an AI-powered cyber incident response system for cloud environments. This system, encompassing Network Traffic Classification, Web Intrusion Detection, and post-incident Malware Analysis (built as a Flask application), achieves seamless integration across platforms like Google Cloud and Microsoft Azure. The findings from this research highlight the effectiveness of the Random Forest model, achieving an accuracy of 90% for the Network Traffic Classifier and 96% for the Malware Analysis Dual Model application. Our research highlights the strengths of AI-powered cyber security. The Random Forest model excels at classifying cyber threats, offering an efficient and robust solution. Deep learning models significantly improve accuracy, and their resource demands can be managed using cloud-based TPUs and GPUs. Cloud environments themselves provide a perfect platform for hosting these AI/ML systems, while container technology ensures both efficiency and scalability. These findings demonstrate the contribution of the AI-led system in guaranteeing a robust and scalable cyber incident response solution in the cloud.

Cryptography and Security,Emerging Technologies,Networking and Internet Architecture

Tomer Panker,Aviad Cohen,Tom Landman,Chen Bery,Nir Nissim

DOI: https://doi.org/10.1016/j.jisa.2024.103907

IF: 4.96

2024-11-08

Journal of Information Security and Applications

Abstract:Linux clouds have become an attractive target for cyber-attacks. However, existing detection solutions for Linux clouds have variety of limitations. Some of the solutions are untrusted, incapable of detecting unknown malware, or rely on a human expert to define the features. Other solutions are trusted but require a large amount of computational resources or have a limited ability to detect rootkits, fileless malware, or malware on a different server. In this study, we propose MinCloud, a trusted and transferable MinHash-based framework for unknown malware detection in Linux virtual servers that overcomes the limitations of existing solutions. In the first stage, we acquired volatile memory dumps from virtual servers by querying the hypervisor in a trusted manner and then analyzed them using the MinHash method. Finally, the MinHash characteristics are harnessed by applying machine learning classifiers to achieve precise malware detection. MinCloud was evaluated on widely used Linux virtual servers, various benign and malicious applications, and 23,000 volatile memory dumps, each representing different behaviors of the examined servers and the executed applications over time. MinCloud's evaluation shows it can (1) detect unknown malware, (2) classify unknown malware according to its malware category, (3) detect fileless attacks and rootkit malware, and (4) provide accurately transfer detection between different Linux servers. MinCloud outperformed state-of-the-art trusted detection methods and commonly used antiviruses.

computer science, information systems

R Swathi

DOI: https://doi.org/10.52783/cana.v31.994

2024-07-17

Abstract:User credentials are vulnerable to exposure in demilitarized zones due to software vulnerabilities and hardware threats. This research aims to mitigate these risks by proposing a sophisticated trust-based malware detection (T-MALWARE DETECTION) method that can accurately classify data. The proposed system utilizes an enhanced Glow-Worm Swarm Optimization (IGWSO) technique to efficiently cluster datasets. To classify potential intrusions and assign trust levels to cloud data after clustering, a Recurrent Neural Network (RNN) approach is employed. The effectiveness of the Trust-oriented Malware Detection System (T-MALWARE DETECTIONS) is evaluated using metrics such as detection rate, precision, recall, and F-measure. This system is developed using Java and the CloudSimulator (CloudSim) tool, allowing for a thorough evaluation of its performance in comparison to contemporary state-of-the-art systems.

Khoi Khac Nguyen,Dinh Thai Hoang,Dusit Niyato,Ping Wang,Diep Nguyen,Eryk Dutkiewicz

DOI: https://doi.org/10.48550/arXiv.1712.05914

2017-12-16

Abstract:With the rapid growth of mobile applications and cloud computing, mobile cloud computing has attracted great interest from both academia and industry. However, mobile cloud applications are facing security issues such as data integrity, users' confidentiality, and service availability. A preventive approach to such problems is to detect and isolate cyber threats before they can cause serious impacts to the mobile cloud computing system. In this paper, we propose a novel framework that leverages a deep learning approach to detect cyberattacks in mobile cloud environment. Through experimental results, we show that our proposed framework not only recognizes diverse cyberattacks, but also achieves a high accuracy (up to 97.11%) in detecting the attacks. Furthermore, we present the comparisons with current machine learning-based approaches to demonstrate the effectiveness of our proposed solution.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Thanh-Lam Nguyen,Hao Kao,Thanh-Tuan Nguyen,Mong-Fong Horng,Chin-Shiuh Shieh

DOI: https://doi.org/10.32604/cmc.2024.047387

2024-01-01

Abstract:Since its inception, the Internet has been rapidly evolving. With the advancement of science and technology and the explosive growth of the population, the demand for the Internet has been on the rise. Many applications in education, healthcare, entertainment, science, and more are being increasingly deployed based on the internet. Concurrently, malicious threats on the internet are on the rise as well. Distributed Denial of Service (DDoS) attacks are among the most common and dangerous threats on the internet today. The scale and complexity of DDoS attacks are constantly growing. Intrusion Detection Systems (IDS) have been deployed and have demonstrated their effectiveness in defense against those threats. In addition, the research of Machine Learning (ML) and Deep Learning (DL) in IDS has gained effective results and significant attention. However, one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks. These attacks, which are not encountered during the system’s training, can lead to misclassification with significant errors. In this research, we focused on addressing the issue of Unknown Attack Detection, combining two methods: Spatial Location Constraint Prototype Loss (SLCPL) and Fuzzy C-Means (FCM). With the proposed method, we achieved promising results compared to traditional methods. The proposed method demonstrates a very high accuracy of up to 99.8% with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset (CICIDS2017) dataset. Particularly, the accuracy is also very high, reaching 99.7%, and the precision goes up to 99.9% for unknown DDoS attacks on the DDoS Evaluation Dataset (CICDDoS2019) dataset. The success of the proposed method is due to the combination of SLCPL, an advanced Open-Set Recognition (OSR) technique, and FCM, a traditional yet highly applicable clustering technique. This has yielded a novel method in the field of unknown attack detection. This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity. Finally, implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.

computer science, information systems,materials science, multidisciplinary