1,117 research outputs found
State of the Art Intrusion Detection System for Cloud Computing
The term Cloud computing is not new anymore in computing technology. This form of computing technology previously considered only as marketing term, but today Cloud computing not only provides innovative improvements in resource utilisation but it also creates a new opportunities in data protection mechanisms where the advancement of intrusion detection technologies are blooming rapidly. From the perspective of security, Cloud computing also introduces concerns about data protection and intrusion detection mechanism. This paper surveys, explores and informs researchers about the latest developed Cloud Intrusion Detection Systems by providing a comprehensive taxonomy and investigating possible solutions to detect intrusions in cloud computing systems. As a result, we provide a comprehensive review of Cloud Intrusion Detection System research, while highlighting the specific properties of Cloud Intrusion Detection System. We also present taxonomy on the key issues in Cloud Intrusion Detection System area and discuss the different approaches taken to solve the issues. We conclude the paper with a critical analysis of challenges that have not fully solved
Data Leak Detection As a Service: Challenges and Solutions
We describe a network-based data-leak detection (DLD)
technique, the main feature of which is that the detection
does not require the data owner to reveal the content of the
sensitive data. Instead, only a small amount of specialized
digests are needed. Our technique – referred to as the fuzzy
fingerprint – can be used to detect accidental data leaks due
to human errors or application flaws. The privacy-preserving
feature of our algorithms minimizes the exposure of sensitive
data and enables the data owner to safely delegate the
detection to others.We describe how cloud providers can offer
their customers data-leak detection as an add-on service
with strong privacy guarantees.
We perform extensive experimental evaluation on the privacy,
efficiency, accuracy and noise tolerance of our techniques.
Our evaluation results under various data-leak scenarios
and setups show that our method can support accurate
detection with very small number of false alarms, even
when the presentation of the data has been transformed. It
also indicates that the detection accuracy does not degrade
when partial digests are used. We further provide a quantifiable
method to measure the privacy guarantee offered by our
fuzzy fingerprint framework
Recommended from our members
Multi-aspect, robust, and memory exclusive guest os fingerprinting
Precise fingerprinting of an operating system (OS) is critical to many security and forensics applications in the cloud, such as virtual machine (VM) introspection, penetration testing, guest OS administration, kernel dump analysis, and memory forensics. The existing OS fingerprinting techniques primarily inspect network packets or CPU states, and they all fall short in precision and usability. As the physical memory of a VM always exists in all these applications, in this article, we present OS-Sommelier+, a multi-aspect, memory exclusive approach for precise and robust guest OS fingerprinting in the cloud. It works as follows: given a physical memory dump of a guest OS, OS-Sommelier+ first uses a code hash based approach from kernel code aspect to determine the guest OS version. If code hash approach fails, OS-Sommelier+ then uses a kernel data signature based approach from kernel data aspect to determine the version. We have implemented a prototype system, and tested it with a number of Linux kernels. Our evaluation results show that the code hash approach is faster but can only fingerprint the known kernels, and data signature approach complements the code signature approach and can fingerprint even unknown kernels
In Search of netUnicorn: A Data-Collection Platform to Develop Generalizable ML Models for Network Security Problems
The remarkable success of the use of machine learning-based solutions for
network security problems has been impeded by the developed ML models'
inability to maintain efficacy when used in different network environments
exhibiting different network behaviors. This issue is commonly referred to as
the generalizability problem of ML models. The community has recognized the
critical role that training datasets play in this context and has developed
various techniques to improve dataset curation to overcome this problem.
Unfortunately, these methods are generally ill-suited or even counterproductive
in the network security domain, where they often result in unrealistic or
poor-quality datasets.
To address this issue, we propose an augmented ML pipeline that leverages
explainable ML tools to guide the network data collection in an iterative
fashion. To ensure the data's realism and quality, we require that the new
datasets should be endogenously collected in this iterative process, thus
advocating for a gradual removal of data-related problems to improve model
generalizability. To realize this capability, we develop a data-collection
platform, netUnicorn, that takes inspiration from the classic "hourglass" model
and is implemented as its "thin waist" to simplify data collection for
different learning problems from diverse network environments. The proposed
system decouples data-collection intents from the deployment mechanisms and
disaggregates these high-level intents into smaller reusable, self-contained
tasks.
We demonstrate how netUnicorn simplifies collecting data for different
learning problems from multiple network environments and how the proposed
iterative data collection improves a model's generalizability
Systemization of Pluggable Transports for Censorship Resistance
An increasing number of countries implement Internet censorship at different
scales and for a variety of reasons. In particular, the link between the
censored client and entry point to the uncensored network is a frequent target
of censorship due to the ease with which a nation-state censor can control it.
A number of censorship resistance systems have been developed thus far to help
circumvent blocking on this link, which we refer to as link circumvention
systems (LCs). The variety and profusion of attack vectors available to a
censor has led to an arms race, leading to a dramatic speed of evolution of
LCs. Despite their inherent complexity and the breadth of work in this area,
there is no systematic way to evaluate link circumvention systems and compare
them against each other. In this paper, we (i) sketch an attack model to
comprehensively explore a censor's capabilities, (ii) present an abstract model
of a LC, a system that helps a censored client communicate with a server over
the Internet while resisting censorship, (iii) describe an evaluation stack
that underscores a layered approach to evaluate LCs, and (iv) systemize and
evaluate existing censorship resistance systems that provide link
circumvention. We highlight open challenges in the evaluation and development
of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy
Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK:
Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq
Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg
(DOI 10.1515/popets-2016-0028
- …