nach oben

Cluster Computing

Erschienen in:

01.06.2015

A behavioral anomaly detection strategy based on time series process portraits for desktop virtualization systems

verfasst von: Yanbing Liu, Zhong Yuan, Congcong Xing, Bo Gong, Yunpeng Xiao, Hong Liu

Erschienen in: Cluster Computing | Ausgabe 2/2015

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

As the application of desktop virtualization systems (DVSs) continues to gain momentums, the security issue of DVSs becomes increasingly critical and is extensively studied. Unfortunately, the majority of current researches on DVSs only focuses on the virtual machines (VMs) on the servers, and overlooks to a large extent the security issue of the clients. In addition, traditional security techniques are not completely suitable for the DVSs’ particularly thin client environment. Towards finding a solution to these problems, we propose a novel behavioral anomaly detection method for DVS clients by creating and using process portraits. Based on the correlations between users, virtualized desktop processes (VDPs), and VMs in DVSs, this proposed method describes the process behaviors of clients by the CPU utilization rates of VMs located on the server, constructs process portraits for VDPs by hidden Markov models and by considering the user profiles, and detects anomalies of VDPs by contrasting VDPs’ behaviors against the constructed process portraits. Our experimental results show that the proposed method is effective and successful.

Vorheriger Artikel An empirical study of redundant array of independent solid-state drives (RAIS)

Nächster Artikel Securely and efficiently perform large matrix rank decomposition computation via cloud computing

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, 120–128 (1996)

Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, 193–206 (2003)

Hidalgo, R., César, A.: Conditions for the emergence of scaling in the inter-event time of uncorrelated and seasonal systems. Phys. A 369(2), 877–883 (2006)CrossRef

Jiang, X., Wang, X., and Xu, D.: Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, 128–138 (2007)

Jiang, X., and Xu, D.: Collapsar: a VM-based architecture for network attack detention center. In: Proceedings of the 2004 USENIX Security Symposium, 15–28 (2004)

King, S.T., Chen, P.M., Wang, Y.M., Verbowski, C., Wang, H.J., Lorch, J.R.: SubVirt: implementing malware with virtual machines. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, 314–327 (2006)

Liang, Z., Venkatakrishnan, V.N., and Sekar, R.: Isolated program execution: an application transparent approach for executing untrusted programs. In: Proceedings of the 19th Annual Computer Security Applications Conference, 182–191 (2003)

Liu, Y., Jia, S., Xing, C.: A novel behavior-based virus detection method for smart mobile terminals. Discrete Dyn. Nat. Soc. (2012). doi:10.1155/2012/262193

Lonea, A.M., Popescu, D.E., Tianfield, H.: Detecting DDoS attacks in cloud computing environment. Int. J. Comput. Commun. Control 8(1), 70–78 (2012)CrossRef

10.

Melbourne Clouds Lab.: CloudSim: a framework for modeling and simulation of cloud computing infrastructures and services (2014). http://www.cloudbus.org/cloudsim/

11.

Nikolai, J., Wang, Y.: Hypervisor-based cloud intrusion detection system. In: Proceedings of the 2014 International Conference on Computing, Networking and Communications, 989–993 (2014). Accessed 12 April 2007

12.

Rabiner, L., Juang, B.H.: An introduction to hidden Markov models. IEEE Acoustics Speech Signal Process. Mag. 3(1), 4–16 (1986)

13.

Rhee, J., Riley, R., Xu, D., Jiang, X.: Defeating dynamic data kernel rootkit attacks via vmm-based guest-transparent monitoring. In: Proceedings of the 2009 International Conference on Availability, Reliability and Security, 74–81 (2009)

14.

Riley, R., Jiang, X., Xu, D.: Guest-transparent prevention of kernel rootkits with vmm-based memory shadowing. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, 1–20 (2008)

15.

Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Linwood Griffin, J., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Proceedings of the 21st Annual Computer Security Applications Conference. 276–285 (2005)

16.

Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, 3–3 (2009)

17.

Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Kourai, K., Oyama, Y., Kawai, E., Kono K., Chiba, S., Shinjo, Y., Kato, K.: Bitvisor: a thin hypervisor for enforcing i/o device security. In: Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 121–130 (2009)

18.

Wang, Z., Jiang, X.: Hypersafe: a lightweight approach to provide lifetime hypervisor control-flow integrity. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, 380–395 (2010)

19.

Wang, Z., Jiang, X., Cui, W., Ning, P.: Countering kernel rootkits with lightweight hook protection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, 545–554 (2009)

20.

Yu, Y., Guo, F., Nanda, S., Lam, L.C., Chiueh, T.C.: A feather-weight virtual machine for windows applications. In: Proceedings of the 2nd International Conference on Virtual Execution Environments, 24–34 (2006)

Titel: A behavioral anomaly detection strategy based on time series process portraits for desktop virtualization systems
verfasst von: Yanbing Liu
Zhong Yuan
Congcong Xing
Bo Gong
Yunpeng Xiao
Hong Liu
Publikationsdatum: 01.06.2015
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 2/2015
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-015-0431-2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2015

Power-aware resource allocation in computer clusters using dynamic threshold voltage scaling and dynamic voltage scaling: comparison and analysis

Visual attention model based mining area recognition on massive high-resolution remote sensing images

An effective implementation scheme of a layer overlay representation of a hologram video technology in an M2M application environment

The analysis of doses and image at chest radiography using an Active Breathing Coordinator (ABC) system

Exploiting global redundancy in big surveillance video data for efficient coding

A study of row-direction reconstruction algorithm in depth map

Premium Partner