A Prediction-based Approach for Anomaly Detection in the Cloud

Bruno L. Dalmazo; João P. Vilela; Marilia P. Curado

doi:10.5753/sbrc_estendido.2019.7786

Bruno L. Dalmazo UFRGS / University of Coimbra
João P. Vilela University of Coimbra
Marilia P. Curado University of Coimbra

DOI: https://doi.org/10.5753/sbrc_estendido.2019.7786

Abstract

This document provides an at-a-glance view of the main contributions of my Ph.D. work. This work aims at improving security and trustworthiness of cloud computing environments by developing a model for predicting cloud network traffic, an approach for detecting anomalies in cloud network traffic that relies on traffic prediction, as well as a mechanism for aggregating similar alarms from an IDS in the context of the cloud network traffic. All the benefits and drawbacks of the contributions were demonstrated in realistic simulations using data from real network traces. Furthermore, the evaluations were conducted with well-known metrics and the results show that all the proposed mechanisms were able to outperform similar proposals in literature.

References

Ballani, H., Costa, P., Karagiannis, T., and Rowstron, A. (2011). Towards predictable datacenter networks. In Proceedings of the ACM SIGCOMM 2011 Conference (SIGCOMM’ 11), volume 41, pages 242–253.

Baumast, A. (2013). Carbon Disclosure Project. Encyclopedia of corporate social responsibility, volume 21. Springer Berlin Heidelberg.

Dainotti, A., Pescape, A., and Claffy, K. (2012). Issues and future directions in traffic classification. Network, IEEE, 26(1):35–40.

Dalmazo, B. L., Vilela, J. P., and Curado, M. (2013). Predicting Traffic in the Cloud: A Statistical Approach. In Third International Conference on Cloud and Green Computing (CGC’13), 2013, pages 121–126.

Dalmazo, B. L., Vilela, J. P., and Curado, M. (2014). Online Traffic Prediction in the Cloud: A DynamicWindow Approach. In The 2nd International Conference on Future Internet of Things and Cloud (FiCloud’2014), pages 9–14.

Dalmazo, B. L., Vilela, J. P., and Curado, M. (2015). A SVM Model based on Network Traffic Prediction for Detecting Anomalies. In 21th edition of the Portuguese Conference on Pattern Recognition.

Dalmazo, B. L., Vilela, J. P., and Curado, M. (2016a). Online Traffic Prediction in the Cloud. International Journal of Network Management, 26(4):269–285.

Dalmazo, B. L., Vilela, J. P., and Curado, M. (2017a). Performance Analysis of Network Traffic Predictors in the Cloud. Journal of Network and Systems Management, 25(2):290–320.

Dalmazo, B. L., Vilela, J. P., and Curado, M. (2017b). Security and trustworthiness in cloud computing. In Meeting with Science and Technology in Portugal.

Dalmazo, B. L., Vilela, J. P., and Curado, M. (2018). Triple-Similarity Mechanism for Alarm Management in the Cloud. Computers & Security - Elsevier, 78:33–42.

Dalmazo, B. L., Vilela, J. P., Simoes, P., and Curado, M. (2016b). Expedite Feature Extraction for Enhanced Cloud Anomaly Detection. In IEEE/IFIP Network Operations and Management Symposium (NOMS’16), pages 1215–1220.

Gilmer, E. M. (2011). Is There a Silver Lining for the Environment in Cloud Computing? The New York Times, 10 August.

Hubballi, N. and Suryanarayanan, V. (2014). False alarm minimization techniques in signature-based intrusion detection systems: A survey. Computer Communications, 49:1–17.

Khalimonenko, A., Kupreev, O., and Ilganaev, K. (2017). DDoS attacks in Q3 2017. Securelist.com. fOnline resourceg Available at: https://securelist.com/ddos-attacksin- q3-2017/83041/. [Accessed 20/03/18].

Networking, CISCO Global Cloud Index (2018). Cisco Global Cloud Index: Forecast and Methodology, 2016-2021 White Paper.

Patel, A., Taghavi, M., Bakhtiyari, K., and Junior, J. C. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications, 36(1):25–41.