Leveraging Static Probe Instrumentation for VM-based Anomaly Detection System

Autor: Takeshi Okuda, Ady Wahyudi Paundu, Youki Kadobayashi, Suguru Yamaguchi
Rok vydání: 2016
Předmět:
Zdroj: Information and Communications Security ISBN: 9783319298139
ICICS
DOI: 10.1007/978-3-319-29814-6_27
Popis: In this preliminary study, we introduce a framework to predict anomaly behavior from Virtual Machines (VMs) deployed in public IaaS cloud model. Within this framework we propose to use a static probe instrumentation technique inside hypervisor in order to collect monitoring data and a black-box signature based feature selection method using Linear Discriminant Analysis. As a proof of concept, we run several evaluation tests to measure the output quality and computation overhead of our Anomaly Detection System (ADS) using feature selection. The results show that our feature selection technique does not significantly reduce the anomaly prediction quality when compared with full featured ADS and gives a better accuracy when compared to ADS with system-call data. Furthermore, ADS with feature selection method creates lower computing overhead compared to the other two ADS.
Databáze: OpenAIRE