Skip to main content
SpringerLink
Log in
Book cover

Asian Conference on Intelligent Information and Database Systems

ACIIDS 2011: Intelligent Information and Database Systems pp 353–362Cite as

Self-similarity Based Lightweight Intrusion Detection Method for Cloud Computing

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 6592))

Abstract

Information security is the key success factor to provide safe cloud computing services. Despite its usefulness and cost-effectiveness, public cloud computing service is hard to accept because there are many security concerns such as data leakage, unauthorized access from outside the system and abnormal activities from inside the system.

To detect these abnormal activities, intrusion detection system (IDS) require a learning process that can cause system performance degradation. However, providing high performance computing environment to the subscribers is very important, so a lightweight anomaly detection method is highly desired.

In this paper, we propose a lightweight IDS with self-similarity measures to resolve these problems. Normally, a regular and periodic self-similarity can be observed in a cloud system’s internal activities such as system calls and process status. On the other hand, outliers occur when an anomalous attack happens, and then the system’s self-similarity cannot be maintained. So monitoring a system’s self-similarity can be used to detect the system’s anomalies. We developed a new measure based on cosine similarity and found the optimal time interval for estimating the self-similarity of a given system. As a result, we can detect abnormal activities using only a few resources.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing v2.1 (2009)

    Google Scholar 

  2. McHugh, J.: Intrusion and intrusion detection. International Journal of Information Security 1, 14–35 (2001)

    Article  MATH  Google Scholar 

  3. Rawat, S., Sastry, C.S.: Network Intrusion Detection Using Wavelet Analysis. In: Das, G., Gulati, V.P. (eds.) CIT 2004. LNCS, vol. 3356, pp. 224–232. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Crovella, M.E., Bestavros, A.: Self-similarity in World Wide Web traffic: Evidence and possible causes. IEEE/ACM Transactions on networking 5(6), 835–845 (1997)

    Article  Google Scholar 

  5. Willinger, W., Taqqu, M.S., Sherman, R., Wilson, D.V.: Self-similarity through high-variability; statistical analysis of Ethernet LAN traffic at the source level. IEEE/ACM Transactions on Networking 5(1), 71–86 (1997)

    Article  Google Scholar 

  6. Schleifer, W., Mannle, M.: Online error detection through observation of traffic self-similarity. Proceedings of IEEE Communications 148(1), 38–42 (2001)

    Article  Google Scholar 

  7. Allen, W.H., Marin, G.A.: On the self-similarity of synthetic traffic for the evaluation of intrusion detection systems. In: Proceedings Symposium on Applications and the Internet, pp. 242–248 (2003)

    Google Scholar 

  8. Li, M., Jia, W., Zhao, W.: Decision analysis of network based intrusion detection systems for denial-of-service attacks. In: Proceedings Conferences on ICII, vol. 5, pp. 1–6 (2001)

    Google Scholar 

  9. Nash, D.A., Ragsdale, D.: Simulation of self-similarity in network utilization patterns as a precursor to automated testing of intrusion detection systems. IEEE Transactions on Systems, Man and Cybernetics 31(4), 327–331 (2001)

    Article  Google Scholar 

  10. Idris, M.Y., Abdullah, A.H., Maarof, M.A.: Iterative Windows Size Estimation on Self-Similarity Measurement for Network Traffic Anomaly Detection. International Journal of Computing & Information Sciences 2(2) (2004)

    Google Scholar 

  11. Microsoft Technet, Security Monitoring and Attack Detection (August 29, 2006), http://technet.microsoft.com/en-us/library/cc875806.aspx

  12. Tenable Network Security, Nessus, http://www.nessus.org/nessus/

  13. Wong, S.K.M., Yao, Y.Y.: A statistical similarity measure. In: Proceedings of the 10th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 3–12 (1987)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Graduate School of Information Security, Korea University, Anam-dong, Seongbuk-gu, Seoul, 136-713, Republic of Korea

    Hyukmin Kwon, Taesu Kim & Huy Kang Kim

  2. Maritime Univ. Division of Shipping Management, Korea Maritime University, 1 Dongsam-Dong, Yeongdo-gu, Busan, 606-791, Republic of Korea

    Song Jin Yu

Authors
  1. Hyukmin Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Taesu Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Song Jin Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Huy Kang Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Wroclaw University of Technology, 50-370, Wroclaw, Poland

    Ngoc Thanh Nguyen

  2. Department of Computer Engineering, Yeungnam University, Dae-Dong, 712-749, Gyeungsan, Korea

    Chong-Gun Kim

  3. Institute of Informatics, Automation and Robotics, Wroclaw University of Technology, 50-370, Wrocław, Poland

    Adam Janiak

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kwon, H., Kim, T., Yu, S.J., Kim, H.K. (2011). Self-similarity Based Lightweight Intrusion Detection Method for Cloud Computing. In: Nguyen, N.T., Kim, CG., Janiak, A. (eds) Intelligent Information and Database Systems. ACIIDS 2011. Lecture Notes in Computer Science(), vol 6592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20042-7_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-20042-7_36

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-20041-0

  • Online ISBN: 978-3-642-20042-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation