Return to search

Detecting Attack Sequence in Cloud Based on Hidden Markov Model

Cloud computing provides business new working paradigm with the benefit of cost reduce and resource sharing. Tasks from different users may be performed on the same machine. Therefore, one primary security concern is whether user data is secure in cloud. On the other hand, hacker may facilitate cloud computing to launch larger range of attack, such as a request of port scan in cloud with virtual machines executing such malicious action. In addition, hacker may perform a sequence of attacks in order to compromise his target system in cloud, for example, evading an easy-to-exploit machine in a cloud and then using the previous compromised to attack the target. Such attack plan may be stealthy or inside the computing environment, so intrusion detection system or firewall has difficulty to identify it.
The proposed detection system analyzes logs from cloud to extract the intensions of the actions recorded in logs. Stealthy reconnaissance actions are often neglected by administrator for the insignificant number of violations. Hidden Markov model is adopted to model the sequence of attack performed by hacker and such stealthy events in a long time frame will become significant in the state-aware model. The preliminary results show that the proposed system can identify such attack plans in the real network.

Identiferoai:union.ndltd.org:NSYSU/oai:NSYSU:etd-0726112-150041
Date26 July 2012
CreatorsHuang, Yu-Zhi
ContributorsChia-Mei Chen, D. J. Guan, Chun-I Fan
PublisherNSYSU
Source SetsNSYSU Electronic Thesis and Dissertation Archive
LanguageCholon
Detected LanguageEnglish
Typetext
Formatapplication/pdf
Sourcehttp://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0726112-150041
Rightsuser_define, Copyright information available at source archive

Page generated in 0.0046 seconds