Securing virtual machines from anomalies using program-behavior analysis in cloud environment

Preeti Mishra; Emmanuel S. Pilli; Vijay Varadharajan; Udaya Tupakula

doi:10.1109/HPCC-SmartCity-DSS.2016.0141

Securing virtual machines from anomalies using program-behavior analysis in cloud environment

Preeti Mishra, Emmanuel S. Pilli, Vijay Varadharajan, Udaya Tupakula

Department of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

12 Citations (Scopus)

Abstract

Cloud Computing is the key technology of today's cyber world which provides online provisioning of resources on demand and pay per use basis. Malware attacks such as virus, worm and rootkits etc. are some threats to virtual machines (VMs) in cloud environment. In this paper, we present a system call analysis approach to detect malware attacks which maliciously affect the legitimate programs running in Virtual Machines (VMs) and modify their behavior. Our approach is named as 'Malicious System Call Sequence Detection (MSCSD)' which is based on analysis of short sequence of system calls (n-grams). MSCSD employs an efficient feature representation method for system call patterns to improve the accuracy of attack detection and reduce the cost of storage with reduced false positives. MSCSD applies Machine Learning (Decision Tree C 4.5) over the collected n-gram patterns for learning the behavior of monitored programs and detecting malicious system call patterns in future. We have analyzed the performance of some other classifiers and compared our work with the existing work for securing virtual machine in cloud. A prototype implementation of the approach is carried out over UNM dataset and results seem to be promising.

Original language	English
Title of host publication	HPCC/SmartCity/DSS 2016
Subtitle of host publication	Proceedings of the Eighteenth IEEE International Conference on High Performance Computing and Communications, the Fourteenth IEEE International Conference on Smart City, the Second IEEE International Conference on Data Science and Systems
Editors	Jinjun Chen, Laurence T. Yang
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	991-998
Number of pages	8
ISBN (Electronic)	9781509042975
ISBN (Print)	9781509042982
DOIs	https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0141
Publication status	Published - 2016
Event	18th IEEE International Conference on High Performance Computing and Communications, 14th IEEE International Conference on Smart City and 2nd IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016 - Sydney, Australia Duration: 12 Dec 2016 → 14 Dec 2016

Other

Other	18th IEEE International Conference on High Performance Computing and Communications, 14th IEEE International Conference on Smart City and 2nd IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016
Country	Australia
City	Sydney
Period	12/12/16 → 14/12/16

Keywords

Anomaly detection
Cloud security
Intrusion detection
Machine learning
System call analysis

Access to Document

10.1109/HPCC-SmartCity-DSS.2016.0141

Link to publication in Scopus

Cite this

Mishra, P., Pilli, E. S., Varadharajan, V., & Tupakula, U. (2016). Securing virtual machines from anomalies using program-behavior analysis in cloud environment. In J. Chen, & L. T. Yang (Eds.), HPCC/SmartCity/DSS 2016: Proceedings of the Eighteenth IEEE International Conference on High Performance Computing and Communications, the Fourteenth IEEE International Conference on Smart City, the Second IEEE International Conference on Data Science and Systems (pp. 991-998). Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0141

Mishra, Preeti ; Pilli, Emmanuel S. ; Varadharajan, Vijay ; Tupakula, Udaya. / Securing virtual machines from anomalies using program-behavior analysis in cloud environment. HPCC/SmartCity/DSS 2016: Proceedings of the Eighteenth IEEE International Conference on High Performance Computing and Communications, the Fourteenth IEEE International Conference on Smart City, the Second IEEE International Conference on Data Science and Systems. editor / Jinjun Chen ; Laurence T. Yang. Piscataway, NJ : Institute of Electrical and Electronics Engineers (IEEE), 2016. pp. 991-998

@inproceedings{8cbaa56e90c54379b10045e40a8484dc,

title = "Securing virtual machines from anomalies using program-behavior analysis in cloud environment",

abstract = "Cloud Computing is the key technology of today's cyber world which provides online provisioning of resources on demand and pay per use basis. Malware attacks such as virus, worm and rootkits etc. are some threats to virtual machines (VMs) in cloud environment. In this paper, we present a system call analysis approach to detect malware attacks which maliciously affect the legitimate programs running in Virtual Machines (VMs) and modify their behavior. Our approach is named as 'Malicious System Call Sequence Detection (MSCSD)' which is based on analysis of short sequence of system calls (n-grams). MSCSD employs an efficient feature representation method for system call patterns to improve the accuracy of attack detection and reduce the cost of storage with reduced false positives. MSCSD applies Machine Learning (Decision Tree C 4.5) over the collected n-gram patterns for learning the behavior of monitored programs and detecting malicious system call patterns in future. We have analyzed the performance of some other classifiers and compared our work with the existing work for securing virtual machine in cloud. A prototype implementation of the approach is carried out over UNM dataset and results seem to be promising.",

keywords = "Anomaly detection, Cloud security, Intrusion detection, Machine learning, System call analysis",

author = "Preeti Mishra and Pilli, {Emmanuel S.} and Vijay Varadharajan and Udaya Tupakula",

year = "2016",

doi = "10.1109/HPCC-SmartCity-DSS.2016.0141",

language = "English",

isbn = "9781509042982",

pages = "991--998",

editor = "Jinjun Chen and Yang, {Laurence T.}",

booktitle = "HPCC/SmartCity/DSS 2016",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "18th IEEE International Conference on High Performance Computing and Communications, 14th IEEE International Conference on Smart City and 2nd IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016 ; Conference date: 12-12-2016 Through 14-12-2016",

}

Mishra, P, Pilli, ES, Varadharajan, V & Tupakula, U 2016, Securing virtual machines from anomalies using program-behavior analysis in cloud environment. in J Chen & LT Yang (eds), HPCC/SmartCity/DSS 2016: Proceedings of the Eighteenth IEEE International Conference on High Performance Computing and Communications, the Fourteenth IEEE International Conference on Smart City, the Second IEEE International Conference on Data Science and Systems. Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, pp. 991-998, 18th IEEE International Conference on High Performance Computing and Communications, 14th IEEE International Conference on Smart City and 2nd IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016, Sydney, Australia, 12/12/16. https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0141

Securing virtual machines from anomalies using program-behavior analysis in cloud environment. / Mishra, Preeti; Pilli, Emmanuel S.; Varadharajan, Vijay ; Tupakula, Udaya.

HPCC/SmartCity/DSS 2016: Proceedings of the Eighteenth IEEE International Conference on High Performance Computing and Communications, the Fourteenth IEEE International Conference on Smart City, the Second IEEE International Conference on Data Science and Systems. ed. / Jinjun Chen; Laurence T. Yang. Piscataway, NJ : Institute of Electrical and Electronics Engineers (IEEE), 2016. p. 991-998.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Securing virtual machines from anomalies using program-behavior analysis in cloud environment

AU - Mishra, Preeti

AU - Pilli, Emmanuel S.

AU - Varadharajan, Vijay

AU - Tupakula, Udaya

PY - 2016

Y1 - 2016

N2 - Cloud Computing is the key technology of today's cyber world which provides online provisioning of resources on demand and pay per use basis. Malware attacks such as virus, worm and rootkits etc. are some threats to virtual machines (VMs) in cloud environment. In this paper, we present a system call analysis approach to detect malware attacks which maliciously affect the legitimate programs running in Virtual Machines (VMs) and modify their behavior. Our approach is named as 'Malicious System Call Sequence Detection (MSCSD)' which is based on analysis of short sequence of system calls (n-grams). MSCSD employs an efficient feature representation method for system call patterns to improve the accuracy of attack detection and reduce the cost of storage with reduced false positives. MSCSD applies Machine Learning (Decision Tree C 4.5) over the collected n-gram patterns for learning the behavior of monitored programs and detecting malicious system call patterns in future. We have analyzed the performance of some other classifiers and compared our work with the existing work for securing virtual machine in cloud. A prototype implementation of the approach is carried out over UNM dataset and results seem to be promising.

AB - Cloud Computing is the key technology of today's cyber world which provides online provisioning of resources on demand and pay per use basis. Malware attacks such as virus, worm and rootkits etc. are some threats to virtual machines (VMs) in cloud environment. In this paper, we present a system call analysis approach to detect malware attacks which maliciously affect the legitimate programs running in Virtual Machines (VMs) and modify their behavior. Our approach is named as 'Malicious System Call Sequence Detection (MSCSD)' which is based on analysis of short sequence of system calls (n-grams). MSCSD employs an efficient feature representation method for system call patterns to improve the accuracy of attack detection and reduce the cost of storage with reduced false positives. MSCSD applies Machine Learning (Decision Tree C 4.5) over the collected n-gram patterns for learning the behavior of monitored programs and detecting malicious system call patterns in future. We have analyzed the performance of some other classifiers and compared our work with the existing work for securing virtual machine in cloud. A prototype implementation of the approach is carried out over UNM dataset and results seem to be promising.

KW - Anomaly detection

KW - Cloud security

KW - Intrusion detection

KW - Machine learning

KW - System call analysis

UR - http://www.scopus.com/inward/record.url?scp=85013665712&partnerID=8YFLogxK

U2 - 10.1109/HPCC-SmartCity-DSS.2016.0141

DO - 10.1109/HPCC-SmartCity-DSS.2016.0141

M3 - Conference proceeding contribution

AN - SCOPUS:85013665712

SN - 9781509042982

SP - 991

EP - 998

BT - HPCC/SmartCity/DSS 2016

A2 - Chen, Jinjun

A2 - Yang, Laurence T.

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

T2 - 18th IEEE International Conference on High Performance Computing and Communications, 14th IEEE International Conference on Smart City and 2nd IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2016

Y2 - 12 December 2016 through 14 December 2016

ER -

Mishra P, Pilli ES, Varadharajan V , Tupakula U. Securing virtual machines from anomalies using program-behavior analysis in cloud environment. In Chen J, Yang LT, editors, HPCC/SmartCity/DSS 2016: Proceedings of the Eighteenth IEEE International Conference on High Performance Computing and Communications, the Fourteenth IEEE International Conference on Smart City, the Second IEEE International Conference on Data Science and Systems. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). 2016. p. 991-998 https://doi.org/10.1109/HPCC-SmartCity-DSS.2016.0141

Securing virtual machines from anomalies using program-behavior analysis in cloud environment

Abstract

Other

Keywords

Access to Document

Fingerprint

Cite this