Abstract
Cloud computing is a well-known architecture that provides Computing and data Storage services remotely over Internet on a pay per usage model which results in better utilization of resources with reduced cost for individuals to access it. As Cloud Computing is a shared facility and is accessed remotely, it is vulnerable to various attacks including hosts and network based attacks that require immediate attention. This paper focuses on attacks that are due to malicious Syscall executions from subverted programs, Rootkits, Worms and Trojans on Hosts in a Cloud Computing environment. The paper critically describes and discusses the present techniques for malicious System Call detection and proposes a new Immediate Syscall signature structure based technique to determine malicious program executions in Cloud. The proposed technique is efficient in terms of complexity involved and resources utilized by it, so as to justify its feasible deployment is low cost and platform independent in Cloud environment. The proposed technique has also been validated on all available UNM (University of New Mexico) datasets and with a 98% accuracy in program wide detection for detecting intrusive processes. The functional prototype is deployed on a private Cloud environment using open nebula and virtual box for analysis and results.
Similar content being viewed by others
References
Brown, E. (2012). NIST issues cloud computing guidelines for managing security and privacy (pp. 800–144). National Institute of Standards and Technology Special Publication.
Fernandes, D. B., et al. (2013). Security issues in cloud environments: A survey. International Journal of Information Security, 12(303), 1–58.
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. London: Wiley.
Wang, X., Huang, T.-L., & Liu, X.-Y. (2010). Research on the intrusion detection mechanism based on cloud computing. In Intelligent computing and integrated systems (ICISS), 2010 international conference on.
Chi-Chun, L., Chun-Chieh, H., & Ku, J. (2010). A cooperative intrusion detection system framework for cloud computing networks. In Parallel processing workshops (ICPPW), 2010 39th international conference on.
Pal, S., Khatua, S., Chaki, N., & Sanyal, S. (2011). A new trusted and collaborative agent based approach for ensuring cloud security. arXiv preprint arXiv:1108.4100.
Cong, W., et al. (2009). Ensuring data storage security in cloud computing. In Quality of service, 2009. IWQoS. 17th international workshop on.
Quynh, N.A., & Takefuji, Y. (2007). A novel approach for a file-system integrity monitor tool of Xen virtual machine. In Proceedings of the 2nd ACM symposium on information, computer and communications security. Singapore: ACM.
Steven, A. H., Stephanie, F., & Anil, S. (1998). Intrusion detection using sequences of system calls. Journal of Computer Security, 6(3/1998), 151–180.
Lee, W., Stolfo, J. S., & Chan P. K. (1997). Learning patterns from unix process execution traces for intrusion detection. In Proceedings of AAAI97 workshop on AI methods in fraud and risk management.
Warrender, C., & Forrest, S., Pearlmutter, B. (1999). Detecting intrusions using system calls: Alternative data models. In IEEE symposium on security and privacy. IEEE.
Ghosh, A. K., Schwartzbard, A. & Schatz, M. (1999). Learning program behavior profiles for intrusion detection. In Proceedings of 1st USENIX workshop on intrusion detection and network monitoring. Santa Clara, CA, USA.
Liao, Y., & Rao Vemuri, V. (2002). Using text categorization techniques for intrusion detection. In Proceedings of the 11th USENIX security symposium. San Francisco, California, USA.
Ye, Q., Wu, X., & Yan, B. (2010). An intrusion detection approach based on system call sequences and rules extraction. In e-business and information system security (EBISS), 2010 2nd international conference on. Wuhan, China: IEEE.
Bharadwaja, S., et al. (2011) Collabra: A xen hypervisor based collaborative intrusion detection system. In Information technology: New generations (ITNG), 2011 eighth international conference on. Las Vegas, NV: IEEE.
Arshad, J., Townend, P., & Xu, J. (2011). A novel intrusion severity analysis approach for clouds. Future Generation Computer Systems. The International Journal of Grid Computing and eScience, 28(7), 965–1154.
Jin, H., et al. (2013). A VMM-based intrusion prevention system in cloud computing environment. The Journal of Supercomputing, 66(3), 1133–1151.
Vogl, S. (2010). A bottom-up approach to VMI-based Kernel-level Rootkit detection. Ph.D. thesis in Computer Science, Technische Unversität München.
Kwon, H., et al. (2011). Self-similarity based lightweight intrusion detection method for cloud computing intelligent information and database systems. In N. Ngoc Thanh, K. Chong-Gun, and J. Adam, (Eds). Third international conference, ACIIDS 2011, Daegu, Korea, April 20–22, 2011, proceedings, Part II. Berlin, Heidelberg: Springer, pp. 353–362.
Jinzhu, K. (2011). AdjointVM: A new intrusion detection model for cloud computing. Energy Procedia, 13(1), 7902–7911.
Patel, A., et al. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications, 36(1), 25–41.
Modi, C., et al. (2013). A survey of intrusion detection techniques in cloud. Journal of Network and Computer Applications, 36(1), 42–57.
Gupta, S., et al. (2012). A fingerprinting system calls approach for intrusion detection in a cloud environment. In Computational aspects of social networks (CASoN), 2012 fourth international conference on, Sao Carlos, Brazil: IEEE.
Center, C. S. D. F. E. Computer Immune Systems Data Sets. 1998 [cited 2013 21 April]; Available from: http://www.cs.unm.edu/~immsec/data/synth-sm.html.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Gupta, S., Kumar, P. An Immediate System Call Sequence Based Approach for Detecting Malicious Program Executions in Cloud Environment. Wireless Pers Commun 81, 405–425 (2015). https://doi.org/10.1007/s11277-014-2136-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-014-2136-x