Rahul Kumar,Nisha Prajapati,R. R. Rout,Kamalakanta Sethi,Padmalochan Bera

DOI: https://doi.org/10.1109/ICCCNT49239.2020.9225627

2020-07-01

Abstract:Enforcing security and resilience in a cloud platform is an essential but challenging problem due to the presence of a large number of heterogeneous applications running on shared resources. A security analysis system that can detect threats or malware must exist inside the cloud infrastructure. Much research has been done on machine learning-driven malware analysis, but it is limited in computational complexity and detection accuracy. To overcome these drawbacks, we proposed a new malware detection system based on the concept of clustering and trend micro locality sensitive hashing (TLSH). We used Cuckoo sandbox, which provides dynamic analysis reports of files by executing them in an isolated environment. We used a novel feature extraction algorithm to extract essential features from the malware reports obtained from the Cuckoo sandbox. Further, the most important features are selected using principal component analysis (PCA), random forest, and Chi-square feature selection methods. Subsequently, the experimental results are obtained for clustering and non-clustering approaches on three classifiers, including Decision Tree, Random Forest, and Logistic Regression. The model performance shows better classification accuracy and false positive rate (FPR) as compared to the state-of-the-art works and non-clustering approach at significantly lesser computation cost.

Computer Science

Lina Wang,Weijie Liu,Neeraj Kumar,Debiao He,Cheng Tan,Debin Gao

DOI: https://doi.org/10.1002/sec.1560

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Covert channel is a major threat to the information system security and commonly found in operating systems, especially in cloud computing environment. Owing to the characteristics in cloud computing environment such as resources sharing and logic boundaries, covert channels become more varied and difficult to find. Focusing on those problems, this paper presents a universal method for detecting covert channel automatically. To achieve a global detection, we leveraged a virtual machine event record mechanism in hypervisor to gather necessary metadata. Combining the shared resources matrix methodology with events association mechanism, we proposed a distinctive algorithm that can accurately locate and analyze malicious covert channels from the respect of behaviors. Compared with the popular statistical test methods focusing on the single covert channel, our method is capable of recognizing and detecting more covert channels in real time. Experimental results show that this method is not only able to detect multilevel and multiform covert channels in cloud environment effectively but also facilitates the implementation and deployment in practical scenarios without modifying the existing system. Copyright © 2016 John Wiley & Sons, Ltd.

Lingamallu Raghu Kumar,C. Ashokkumar,Purnendu Shekhar Pandey,Sathish Kumar Kannaiah,Balajee J,M. I. Thariq Hussan

DOI: https://doi.org/10.17762/ijritcc.v11i3s.6154

2023-03-11

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:Most industries are now switching from traditional modes to cloud environments and cloud-based services. It is essential to create a secure environment for the cloud space in order to provide consumers with a safe and protected environment for cloud-based transactions. Here, we discuss the suggested approaches for creating a reliable and safe environment for a surveillance cloud. When assessing the security of vital locations, surveillance data is crucial. We are implementing machine learning methods to improve cloud security to more precisely classify image pixels, we make use of Support Vector Machines (SVM) and Fuzzy C-means Clustering (FCM). We also extend the conventional two-tiered design by adding a third level, the CloudSec module, to lower the risk of potential disclosure of surveillance data.In our work we evaluates how well our proposed model (FCM-SVM) performed against contemporary models like ANN, KNN, SVD, and Naive Bayes. Comparing our model to other cutting-edge models, we found that it performed better, with an average accuracy of 94.4%.

Xiaoguang Han,Jigang Sun,Wu Qu,Xuanxia Yao

DOI: https://doi.org/10.1109/ccdc.2014.6852896

2014-01-01

Abstract:A number of techniques have been devised by researchers to counter malware attacks, and machine learning techniques play an important role in automated malware detection. Several machine learning approaches have been applied to malware detection, based on different features derived from dynamic analysis of the malware. While these methods demonstrate promise, they pose at least two major challenges. First, these approaches are subjected to a growing array of countermeasures that increase the cost of capturing these malware binary executable file features. Further, feature extraction requires a time investment per binary file that does not scale well to the daily volume of malware instances being reported by those who diligently collect malware. In order to address the first challenge, this article proposed a binary-to-image projection algorithm based on a new type of feature extraction for the malware, was introduced in [2]. To address the second challenge, the technique's scalability is demonstrated through an implementation for the distributed (Key, Value) abstraction in cloud computing environment. Both theoretical and empirical evidence demonstrate its effectiveness over other state-of-the-art malware detection techniques on malware corpus, and the proposed method could be a useful and efficient complement to dynamic analysis.

Hao Sun,Xiaofeng Wang,Rajkumar Buyya,Jinshu Su

DOI: https://doi.org/10.1002/spe.2420

2017-01-01

Abstract:Summary Because of the rapid increasing of malware attacks on the Internet of Things in recent years, it is critical for resource‐constrained devices to guard against potential risks. The traditional host‐based security solution becomes puffy and inapplicable with the development of malware attacks. Moreover, it is hard for the cloud‐based security solution to achieve both the high performance detection and the data privacy protection simultaneously. This paper proposes a cloud‐based anti‐malware system, called CloudEyes, which provides efficient and trusted security services for resource‐constrained devices. For the cloud server, CloudEyes presents suspicious bucket cross‐filtering, a novel signature detection mechanism based on the reversible sketch structure, which provides retrospective and accurate orientations of malicious signature fragments. For the client, CloudEyes implements a lightweight scanning agent which utilizes the digest of signature fragments to dramatically reduce the range of accurate matching. Furthermore, by transmitting sketch coordinates and the modular hashing, CloudEyes guarantees both the data privacy and low‐cost communications. Finally, we evaluate the performance of CloudEyes by utilizing both the campus suspicious traffic and normal files. The results demonstrate that the mechanisms in CloudEyes are effective and practical, and our system can outperform other existing systems with less time and communication consumption. Copyright © 2016 John Wiley & Sons, Ltd.

P. Rajesh Kanna,P. Santhi

DOI: https://doi.org/10.1007/s12652-024-04794-y

IF: 3.662

2024-05-09

Journal of Ambient Intelligence and Humanized Computing

Abstract:The field of computer networking is experiencing rapid growth, accompanied by the swift advancement of internet tools. As a result, people are becoming more aware of the importance of network security. One of the primary concerns in ensuring security is the authority over domains, and network owners are striving to establish a common language to exchange security information and respond quickly to emerging threats. Given the increasing prevalence of various types of attacks, network security has become a significant challenge in the realm of computing. To address this, a multi-level distributed approach incorporating vulnerability identification, dimensioning, and countermeasures based on attack graphs has been developed. Implementing reconfigurable virtual systems as countermeasures significantly improves attack detection and mitigates the impact of attacks. Password-based authentication, for instance, can be susceptible to password cracking techniques, social engineering attacks, or data breaches that expose user credentials. Similarly, ensuring privacy during data transmission through encryption helps protect data from unauthorized access, but it does not guarantee the prevention of other types of attacks such as malware infiltration or insider threats. This research explores various techniques to achieve effective attack detection. Multiple research methods have been utilized and evaluated to identify the most suitable approach for network security and attack detection in the context of cloud computing. The analysis and implementation of diverse research studies demonstrate that the based signature intrusion detection method outperforms others in terms of precision, recall, F-measure, accuracy, reliability, and time complexity.

computer science, information systems,telecommunications, artificial intelligence

Deqing Zou,Jian Zhao,Weiming Li,Yueming Wu,Weizhong Qiang,Hai Jin,Ye Wu,Yifei Yang

DOI: https://doi.org/10.1109/jiot.2018.2838569

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:The problem of cloud forensics aims at processing multidimensional, massive, and heterogeneous data to collect and recover evidence in cloud environment. Existing approaches focus on excavating all suspicious behaviors from data and ignore privacy leakage details and behavioral characteristics. In order to conduct privacy leakage analysis in cloud specifically, we propose a multigranularity privacy leakage forensics method to analyze privacy violations caused by malware in cloud environment. By simulating the target virtual machine environment, our method can detect privacy leakage behaviors of malware without touching user's privacy data. We combine continuous RAM mirroring technology and dynamic taint analysis to assist the forensics investigation. To demonstrate the efficacy and utility of our method, we evaluate its performance with some real-world malware samples by comparing with some state-of-the-art malware analysis systems. Experimental results indicate that our method can identify more privacy leakage paths and behaviors.

Mohammad Bazm,Rida Khatoun,Youcef Begriche,Lyes Khoukhi,Xiuzhen Chen,Ahmed Serhrouchni

DOI: https://doi.org/10.1109/cloudtech.2015.7336986

2015-01-01

Abstract:Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.

D. Praveena,P. Rangarajan

DOI: https://doi.org/10.1007/s11042-018-6339-0

IF: 2.577

2018-07-04

Multimedia Tools and Applications

Abstract:Cloud computing facilitates the enormous support of the public, business and emerging applications such as healthcare and nature disasters. Based on their services and characteristics, it can be classified as private cloud and public cloud. In this scenario, we need these two kinds of cloud services for an organization to provide the better service to the society. For that purpose, introduced a new cloud service called hybrid cloud service which is the combination of both private and public cloud. Security to the cloud environment is a challenging issue today especially for the hybrid cloud due to the combination of both. Many security mechanisms available in the literature but these are not achieved the sufficient level of security. For this purpose, we propose a new machine learning application for providing security to the hybrid cloud networks while storing the data and retrieving or accessing the data from the cloud. This proposed algorithm combines an existing Enhanced C4.5, newly proposed deduplication processing algorithm and the newly proposed dynamic access control mechanism. Moreover, we introduce a new deduplication processing algorithm for secure storage and retrieval without duplication or redundancy. In addition, a newly proposed dynamic access control mechanism called Dynamic Spatial Role Based Access Control Algorithm is also used in the proposed security framework. The proposed security framework has been implemented and also evaluated that the security level of the hybrid cloud while storing, retrieving and accessing the data from the cloud database.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Chong Wang,Nasro Min-Allah,Bei Guan,Yu-Qi Lin,Jing-Zheng Wu,Yong-Ji Wang

DOI: https://doi.org/10.1007/s11390-019-1979-8

IF: 1.871

2019-01-01

Journal of Computer Science and Technology

Abstract:Covert channels have been an effective means for leaking confidential information across security domains and numerous studies are available on typical covert channels attacks and defenses. Existing covert channel threat restriction solutions are based on the threat estimation criteria of covert channels such as capacity, accuracy, and short messages which are effective in evaluating the information transmission ability of a covert (storage) channel. However, these criteria cannot comprehensively reflect the key factors in the communication process such as shared resources and synchronization and therefore are unable to evaluate covertness and complexity of increasingly upgraded covert storage channels. As a solution, the anti-detection criterion was introduced to eliminate these limitations of cover channels. Though effective, most threat restriction techniques inevitably incur high performance overhead and hence become impractical. In this work, we avoid such overheads and present a restriction algorithm based on the anti-detection criterion to restrict threats that are associated with covert storage channels in virtual machines while maintaining the resource efficiency of the systems. Experimental evaluation shows that our proposed solution is able to counter covert storage channel attacks in an effective manner. Compared with Pump, a well-known traditional restriction algorithm used in practical systems, our solution significantly reduces the system overhead.

Varun Prabhakaran,Ashokkumar Kulandasamy

DOI: https://doi.org/10.1007/s00521-021-06085-5

2021-05-27

Neural Computing and Applications

Abstract:Cloud computing helps users to store and retrieve their data in the cloud online on an as-per-pay basis anytime, anywhere in the world. As a consequence, the security of data stored in the cloud serves as a key concern for cloud consumers due to ongoing hacking incidents in the cloud. Both cloud service providers (CSPs) and consumers face various attacks that pose a serious threat to both the organization and the user. Therefore, a robust intrusion detection system (IDS) needs to be configured to identify and avoid potential attacks in the cloud at an earlier stage. The state-of-the-art IDS system which used shallow machine learning techniques suffered from poor accuracy with a higher false alarm rate and higher response time. To overcome this problem, a hybrid semantic deep learning (HSDL) architecture is developed in this paper by integrating the long short-term memory (LSTM), convolutional neural network (CNN), and support vector machine (SVM) architectures. The semantic information present in the network traffic is identified using a semantic layer known as the Word2Vec embedding layer. The HSDL model classifies the intrusion present in the text along with its corresponding attack class. The normal text without any trace of intrusion is encrypted using an advanced encryption standard (AES) algorithm to enhance cloud storage security, and the optimal key with the largest key breaking time for the AES algorithm is selected using the crossover-based mine blast optimization algorithm (CMBA). The proposed HSDL scheme is evaluated and tested using two real-time intrusion detection benchmark datasets, namely NSL-KDD and UNSW-NB15. The proposed model achieves an accuracy of 99.98% for the NSL-KDD and 98.47% for the UNSW-NB15 dataset, respectively. The experimental and security analysis conducted proves the efficiency and robustness of the proposed scheme.

computer science, artificial intelligence

Donghai Tian,Qianjin Ying,Xiaoqi Jia,Rui Ma,Changzhen Hu,Wenmao Liu

DOI: https://doi.org/10.1016/j.comnet.2021.108394

IF: 5.493

2021-01-01

Computer Networks

Abstract:With the development of cloud computing, more and more enterprises and institutes have deployed important computing tasks and data into virtualization environments. Virtualization security has become very important for cloud computing. When an attacker controls a victim’s virtual machine, he (or she) may launch malware for malicious purpose in that virtual machine. To defend against malware attacks in the cloud, many virtualization-based approaches are proposed. However, the existing methods suffer from limitations in terms of transparency and performance cost. To address these issues, we propose MDCHD, a novel malware detection solution for virtualization environments. This method first utilizes the Intel Processor Trace (IPT) mechanism to collect the run-time control flow information of the target program. Then, it converts the control flow information into color images. By doing so, we can utilize a CNN-based deep learning method to identify malware from the images. To improve the performance of our detection mechanism, we leverage Lamport’s ring buffer algorithm. In this way, the control flow information collector and security checker can work concurrently. The evaluation shows that our approach can achieve acceptable detection accuracy with a minimal performance cost.

Donghai Tian,Runze Zhao,Rui Ma,Xiaoqi Jia,Qi Shen,Changzhen Hu,Wenmao Liu

DOI: https://doi.org/10.1002/ett.4584

IF: 3.6

2022-07-01

Transactions on Emerging Telecommunications Technologies

Abstract:We present MDCD, a malware detection system for virtualization environments. By utilizing the run‐time utilization and memory object information of the target VM, we can effectively detect the malicious programs in the target VM. With the increasing popularity of cloud computing applications, the threat of malware attack against cloud environments is getting worse. To defend against malware attacks in the cloud, some virtualization‐based approaches are proposed. However, the existing methods suffer from limitations in terms of detection accuracy, deployment effort, and performance cost. To address these issues, we propose MDCD, a novel dynamic malware detection solution for cloud environments. This method first utilizes a lightweight agent to collect the run‐time utilization information from the target virtual machine (VM). Then, it leverages the memory forensics analysis technique to extract the memory object information from the target VM's memory. To fully make use of the run‐time utilization and memory object information for malware detection, we propose a multi‐CNN model, which combines multiple convolutional neural networks (CNNs) efficiently. The evaluation shows that our approach can achieve an average detection accuracy, precision, recall, and F1 Score of 98.89%, 97.01%, 98.17%, and 97.89% respectively. Compared with the existing solutions, our method can detect multiple malicious processes effectively with little deployment effort.

telecommunications

Rong Wang,Cong Tian,Lin Yan

DOI: https://doi.org/10.1155/2021/8381550

2021-01-01

Scientific Programming

Abstract:The Internet of Things (IoT), cloud, and fog computing paradigms provide a powerful large-scale computing infrastructure for a variety of data and computation-intensive applications. These cutting-edge computing infrastructures, however, are nevertheless vulnerable to serious security and privacy risks. One of the most important countermeasures against cybersecurity threats is intrusion detection and prevention systems, which monitor devices, networks, and systems for malicious activity and policy violations. The detection and prevention systems range from antivirus software to hierarchical systems that monitor the traffic of whole backbone networks. At the moment, the primary defensive solutions are based on malware feature extraction. Most known feature extraction algorithms use byte N-gram patterns or binary strings to represent log files or other static information. The information taken from program files is expressed using word embedding (GloVe) and a new feature extraction method proposed in this article. As a result, the relevant vector space model (VSM) will incorporate more information about unknown programs. We utilize convolutional neural network (CNN) to analyze the feature maps represented by word embedding and apply Softmax to fit the probability of a malicious program. Eventually, we consider a program to be malicious if the probability is greater than 0.5; otherwise, it is a benign program. Experimental result shows that our approach achieves a level of accuracy higher than 98%.

Huhua Li,Dongyang Zhan,Tianrui Liu,Lin Ye

DOI: https://doi.org/10.1109/massw.2019.00008

2019-01-01

Abstract:Malware is one of the biggest threats in cloud computing. Malware running inside virtual machines or containers could steal critical information or continue to attack other cloud nodes. To detect malware in cloud, especially zero-day malware, signature-and machine-learning-based approaches are proposed to analyze the execution binary. However, malicious binary files may not permanently be stored in the file system of virtual machine or container, periodically scanner may not find the target files. Dynamic analysis approach usually introduce run-time overhead to virtual machines, which is not widely used in cloud. To solve these problems, we propose a memory analysis approach to detect malware, employing the deep learning technology. The system analyzes the memory image periodically during malware execution, which will not introduce run-time overhead. We first extract the memory snapshot from running virtual machines or containers. Then, the snapshot is converted to a grayscale image. Finally, we employ CNN to detect malware. In the learning phase, malicious and benign software are trained. In the testing phase, we test our system with real-world malwares.

Tzung-Han Jeng,Wen-Yang Luo,Chuan-Chiang Huang,Chien-Chih Chen,Kuang-Hung Chang,Yi-Ming Chen,Chen,Yi-Ming

DOI: https://doi.org/10.4018/IJGHPC.2021070102

2021-05-11

International Journal of Grid and High Performance Computing

Abstract:As the application of network encryption technology expands, malicious attacks will also be protected by encryption mechanism, increasing the difficulty of detection. This paper focuses on the analysis of encrypted traffic in the network by hosting long-day encrypted traffic, coupled with a weighted algorithm commonly used in information retrieval and SSL/TLS fingerprint to detect malicious encrypted links. The experimental results show that the system proposed in this paper can identify potential malicious SSL/TLS fingerprints and malicious IP which cannot be recognized by other external threat information providers. The network packet decryption is not required to help clarify the full picture of the security incident and provide the basis of digital identification. Finally, the new threat intelligence obtained from the correlation analysis of this paper can be applied to regional joint defense or intelligence exchange between organizations. In addition, the framework adopts Google cloud platform and microservice technology to form an integrated serverless computing architecture.

Nour Moustafa,Gideon Creech,Elena Sitnikova,Marwa Keshk

DOI: https://doi.org/10.48550/arXiv.1711.02829

2017-11-08

Abstract:With the ubiquitous computing of providing services and applications at anywhere and anytime, cloud computing is the best option as it offers flexible and pay-per-use based services to its customers. Nevertheless, security and privacy are the main challenges to its success due to its dynamic and distributed architecture, resulting in generating big data that should be carefully analysed for detecting network vulnerabilities. In this paper, we propose a Collaborative Anomaly Detection Framework CADF for detecting cyber attacks from cloud computing environments. We provide the technical functions and deployment of the framework to illustrate its methodology of implementation and installation. The framework is evaluated on the UNSW-NB15 dataset to check its credibility while deploying it in cloud computing environments. The experimental results showed that this framework can easily handle large-scale systems as its implementation requires only estimating statistical measures from network observations. Moreover, the evaluation performance of the framework outperforms three state-of-the-art techniques in terms of false positive rate and detection rate.

Cryptography and Security

Sanaboyina Madhusudhana Rao,Arpit Jain,PVSS Gangadhar,Vinay Sowpati

DOI: https://doi.org/10.17762/ijritcc.v11i9.8334

2023-10-27

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:Malware detection for cloud systems has been studied extensively, and many different approaches have been developed and implemented in an effort to stay ahead of this ever-evolving threat. Malware refers to any programme or defect that is designed to duplicate itself or cause damage to the system's hardware or software. These attacks are designed specifically to cause harm to operational systems, but they are invisible to the human eye. One of the most exciting developments in data storage and service delivery today is cloud computing. There are significant benefits to be gained over more conventional protection methods by making use of this fast evolving technology to protect computer-based systems from cyber-related threats. Assets to be secured may reside in any networked computing environment, including but not limited to Cyber Physical Systems (CPS), critical systems, fixed and portable computers, mobile devices, and the Internet of Things (IoT). Malicious software or malware refers to any programme that intentionally compromises a computer system in order to compromise its security, privacy, or availability. A cloud-based intelligent behavior analysis model for malware detection system using feature set is proposed to identify the ever-increasing malware attacks. The suggested system begins by collecting malware samples from several virtual machines, from which unique characteristics can be extracted easily. Then, the malicious and safe samples are separated using the features provided to the learning-based and rule-based detection agents. To generate a relevant feature set for accurate malware detection, this research proposes an Intellectual Feature Ranking Model with Correlated Feature Set (IFR-CFS) model using enhanced logistic regression model for accurate detection of malware in the cloud environment. The proposed model when compared to the traditional feature selection model, performs better in generation of feature set for accurate detection of malware.

Preeti Mishra,Emmanuel S. Pilli,Vijay Varadharajan,Udaya Tupakula

DOI: https://doi.org/10.1016/j.jnca.2016.10.015

IF: 7.574

2017-01-01

Journal of Network and Computer Applications

Abstract:Security is of paramount importance in this new era of on-demand Cloud Computing. Researchers have provided a survey on several intrusion detection techniques for detecting intrusions in the cloud computing environment. Most of them provide a discussion over traditional misuse and anomaly detection techniques. Virtual Machine Introspection (VMI) techniques are very helpful in detecting various stealth attacks targeting user-level and kernel-level processes running in virtual machines (VMs) by placing the analyzing component outside the VM generally at hypervisor. Hypervisor Introspection (HVI) techniques ensure the hypervisor security and prevent a compromised hypervisor to launch further attacks on VMs running over it. Introspection techniques introspect the hypervisor by using hardware-assisted virtualization-enabled technologies. The main focus of our paper is to provide an exhaustive literature survey of various Intrusion Detection techniques proposed for cloud environment with an analysis of their attack detection capability. We propose a threat model and attack taxonomy in cloud environment to elucidate the vulnerabilities in cloud. Our taxonomy of IDS techniques represent the state of the art classification and provides a detailed study of techniques with their distinctive features. We have provided a deep insight into Virtual Machine Introspection (VMI) and Hypervisor Introspection (HVI) based techniques in the survey. Specific research challenges are identified to give future direction to researchers. We hope that our work will enable researchers to launch and dive deep into intrusion detection approaches in a cloud environment.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Wei Xiong,Hanping Hu,Naixue Xiong,Laurence T. Yang,Wen-Chih Peng,Xiaofei Wang,Yanzhen Qu

DOI: https://doi.org/10.1016/j.ins.2013.04.009

IF: 8.1

2013-01-01

Information Sciences

Abstract:Cloud computing represents a new paradigm where computing resources are offered as services in the world via communication Internet. As many new types of attacks are arising at a high frequency, the cloud computing services are exposed to an increasing amount of security threats. To reduce security risks, two approaches of the network traffic anomaly detection in cloud communications have been presented, which analyze dynamic characteristics of the network traffic based on the synergetic neural networks and the catastrophe theory. In the former approach, a synergetic dynamic equation with a group of the order parameters is used to describe the complex behaviors of the network traffic system in cloud communications. When this equation is evolved, only the order parameter determined by the primary factors can converge to 1. Then, the anomaly can be detected. In the latter approach, a catastrophe potential function is introduced to describe the catastrophe dynamic process of the network traffic in cloud communications. When anomalies occur, the state of the network traffic will deviate from the normal one. To assess the deviation, an index named as catastrophe distance is defined. The network traffic anomaly can be detected by the value of this index. We evaluate the performance of these two approaches using the standard Defense Advanced Research Projects Agency data sets. Experimental results show that our approaches can effectively detect the network traffic anomaly and achieve the high detection probability and the low false alarms rate.