Big Data Based Security Analytics for Protecting Virtualized Infrastructures in Cloud Computing

Win, Thu Yein and Tianfield, Huaglory and Mair, Quentin (2017) Big Data Based Security Analytics for Protecting Virtualized Infrastructures in Cloud Computing. IEEE Transactions on Big Data, 3. pp. 1-15. ISSN 2332-7790 (In Press)

[img] Text (Peer reviewed version)
Big data security.pdf - Accepted Version
Restricted to Repository staff only until 15 December 2017. (Publisher Embargo).
Available under License All Rights Reserved.

Download (805kB)

Abstract

Virtualized infrastructure in cloud computing has become an attractive target for cyberattackers to launch advanced attacks. This paper proposes a novel big data based security analytics approach to detecting advanced attacks in virtualized infrastructures. Network logs as well as user application logs collected periodically from the guest virtual machines (VMs) are stored in the Hadoop Distributed File System (HDFS). Then, extraction of attack features is performed through graph-based event correlation and MapReduce parser based identification of potential attack paths. Next, determination of attack presence is performed through two-step machine learning, namley logistic regression is applied to calculate attack's conditional probabilities with respect to the attributes, and belief propagation is applied to calculate the belief in existence of an attack based on them. Experiments are conducted to evaluate the proposed approach using well-known malware as well as in comparison with existing security techniques for virtualized infrastructure. The results show that our proposed approach is effective in detecting attacks with minimal performance overhead.

Item Type: Article
Article Type: Article
Additional Information: © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Uncontrolled Keywords: Virtualized infrastructure; Virtualization security; Cloud security; Malware detection; Rootkit detection; Security analytics; Event 14 correlation; Logistic regression; Belief propagation
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Schools and Research Institutes > School of Computing and Technology > Technical Computing
Research Priority Areas: Innovation, Design and Technology
Depositing User: Susan Turner
Date Deposited: 27 Jul 2017 10:14
Last Modified: 25 Sep 2017 17:52
URI: http://eprints.glos.ac.uk/id/eprint/4823

University Staff: Request a correction | Repository Editors: Update this record

University Of Gloucestershire

Bookmark and Share

Find Us On Social Media:

Social Media Icons Facebook Twitter Google+ YouTube Pinterest Linkedin

Other University Web Sites

University of Gloucestershire, The Park, Cheltenham, Gloucestershire, GL50 2RH. Telephone +44 (0)844 8010001.