233 research outputs found
On the feasibility of collaborative green data center ecosystems
The increasing awareness of the impact of the IT sector on the environment, together with economic factors, have fueled many research efforts to reduce the energy expenditure of data centers. Recent work proposes to achieve additional energy savings by exploiting, in concert with customers, service workloads and to reduce data centersâ carbon footprints by adopting demand-response mechanisms between data centers and their energy providers. In this paper, we debate about the incentives that customers and data centers can have to adopt such measures and propose a new service type and pricing scheme that is economically attractive and technically realizable. Simulation results based on real measurements confirm that our scheme can achieve additional energy savings while preserving service performance and the interests of data centers and customers.Peer ReviewedPostprint (author's final draft
Evaluation of Malware Target Recognition Deployed in a Cloud-Based Fileserver Environment
Cloud computing, or the migration of computing resources from the end user to remotely managed locations where they can be purchased on-demand, presents several new and unique security challenges. One of these challenges is how to efficiently detect malware amongst files that are possibly spread across multiple locations in the Internet over congested network connections. This research studies how such an environment will impact the performance of malware detection. A simplified cloud environment is created in which network conditions are fully controlled. This environment includes a fileserver, a detection server, the detection mechanism, and clean and malicious file sample sets. The performance of a novel malware detection algorithm called Malware Target Recognition (MaTR) is evaluated and compared with several commercial detection mechanisms at various levels of congestion. The research evaluates performance in terms of file response time and detection accuracy rates. Results show that there is no statistically significant difference in MaTR\u27s true mean response time when scanning clean files with low to moderate levels of congestion compared to the leading commercial response times with a 95% confidence level. MaTR demonstrates a slightly faster response time, by roughly 0.1s to 0.2s, at detecting malware than the leading commercial mechanisms\u27 response time at these congestion levels, but MaTR is also the only device that exhibits false positives with a 0.3% false positive rate. When exposed to high levels of congestion, MaTR\u27s response time is impacted by a factor of 88 to 817 for clean files and 227 to 334 for malicious files, losing its performance competitiveness with other leading detection mechanisms. MaTR\u27s true positive detection rates are extremely competitive at 99.1%
Recommended from our members
Designing Host and Network Sensors to Mitigate the Insider Threat
We propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. We are motivated by real world incidents and our experience with building isolated detectors: such standalone mechanisms are often easily identified and avoided by malefactors. Our work-in-progress combines host-based user-event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. We identify several challenges in scaling up, deploying, and validating our architecture in real environments
Doctor of Philosophy
dissertationAs the base of the software stack, system-level software is expected to provide ecient and scalable storage, communication, security and resource management functionalities. However, there are many computationally expensive functionalities at the system level, such as encryption, packet inspection, and error correction. All of these require substantial computing power. What's more, today's application workloads have entered gigabyte and terabyte scales, which demand even more computing power. To solve the rapidly increased computing power demand at the system level, this dissertation proposes using parallel graphics pro- cessing units (GPUs) in system software. GPUs excel at parallel computing, and also have a much faster development trend in parallel performance than central processing units (CPUs). However, system-level software has been originally designed to be latency-oriented. GPUs are designed for long-running computation and large-scale data processing, which are throughput-oriented. Such mismatch makes it dicult to t the system-level software with the GPUs. This dissertation presents generic principles of system-level GPU computing developed during the process of creating our two general frameworks for integrating GPU computing in storage and network packet processing. The principles are generic design techniques and abstractions to deal with common system-level GPU computing challenges. Those principles have been evaluated in concrete cases including storage and network packet processing applications that have been augmented with GPU computing. The signicant performance improvement found in the evaluation shows the eectiveness and eciency of the proposed techniques and abstractions. This dissertation also presents a literature survey of the relatively young system-level GPU computing area, to introduce the state of the art in both applications and techniques, and also their future potentials
XMD: An Expansive Hardware-telemetry based Mobile Malware Detector to enhance Endpoint Detection
Hardware-based Malware Detectors (HMDs) have shown promise in detecting
malicious workloads. However, the current HMDs focus solely on the CPU core of
a System-on-Chip (SoC) and, therefore, do not exploit the full potential of the
hardware telemetry. In this paper, we propose XMD, an HMD that uses an
expansive set of telemetry channels extracted from the different subsystems of
SoC. XMD exploits the thread-level profiling power of the CPU-core telemetry,
and the global profiling power of non-core telemetry channels, to achieve
significantly better detection performance than currently used Hardware
Performance Counter (HPC) based detectors. We leverage the concept of manifold
hypothesis to analytically prove that adding non-core telemetry channels
improves the separability of the benign and malware classes, resulting in
performance gains. We train and evaluate XMD using hardware telemetries
collected from 723 benign applications and 1033 malware samples on a commodity
Android Operating System (OS)-based mobile device. XMD improves over currently
used HPC-based detectors by 32.91% for the in-distribution test data. XMD
achieves the best detection performance of 86.54% with a false positive rate of
2.9%, compared to the detection rate of 80%, offered by the best performing
signature-based Anti-Virus(AV) on VirusTotal, on the same set of malware
samples.Comment: Revised version based on peer review feedback. Manuscript to appear
in IEEE Transactions on Information Forensics and Securit
Unsupervised Anomaly-based Malware Detection using Hardware Features
Recent works have shown promise in using microarchitectural execution
patterns to detect malware programs. These detectors belong to a class of
detectors known as signature-based detectors as they catch malware by comparing
a program's execution pattern (signature) to execution patterns of known
malware programs. In this work, we propose a new class of detectors -
anomaly-based hardware malware detectors - that do not require signatures for
malware detection, and thus can catch a wider range of malware including
potentially novel ones. We use unsupervised machine learning to build profiles
of normal program execution based on data from performance counters, and use
these profiles to detect significant deviations in program behavior that occur
as a result of malware exploitation. We show that real-world exploitation of
popular programs such as IE and Adobe PDF Reader on a Windows/x86 platform can
be detected with nearly perfect certainty. We also examine the limits and
challenges in implementing this approach in face of a sophisticated adversary
attempting to evade anomaly-based detection. The proposed detector is
complementary to previously proposed signature-based detectors and can be used
together to improve security.Comment: 1 page, Latex; added description for feature selection in Section 4,
results unchange
User-centric Adaptation Analysis of Multi-tenant Services
Multi-tenancy is a key pillar of cloud services. It allows different users to share computing and virtual
resources transparently, meanwhile guaranteeing substantial cost savings. Due to the tradeoff between
scalability and customization, one of the major drawbacks of multi-tenancy is limited configurability. Since
users may often have conflicting configuration preferences, offering the best user experience is an open
challenge for service providers. In addition, the users, their preferences, and the operational environment
may change during the service operation, thus jeopardizing the satisfaction of user preferences. In this
article, we present an approach to support user-centric adaptation of multi-tenant services. We describe
how to engineer the activities of the Monitoring, Analysis, Planning, Execution (MAPE) loop to support
user-centric adaptation, and we focus on adaptation analysis. Our analysis computes a service configuration
that optimizes user satisfaction, complies with infrastructural constraints, and minimizes reconfiguration
obtrusiveness when user- or service-related changes take place. To support our analysis, we model multitenant
services and user preferences by using feature and preference models, respectively. We illustrate our
approach by utilizing different cases of virtual desktops. Our results demonstrate the effectiveness of the
analysis in improving user preferences satisfaction in negligible time.Ministerio de EconomĂa y Competitividad TIN2012-32273Junta de AndalucĂa P12--TIC--1867Junta de AndalucĂa TIC-590
Machine-Learning based analysis and classification of Android malware signatures
Multi-scanner Antivirus (AV) systems are often used for detecting Android malware since the same piece of software can be checked against multiple different AV engines. However, in many cases the same software application is flagged as malware by few AV engines, and often the signatures provided contradict each other, showing a clear lack of consensus between different AV engines. This work analyzes more than 80 thousand Android applications flagged as malware by at least one AV engine, with a total of almost 260 thousand malware signatures. In the analysis, we identify 41 different malware families, we study their relationships and the relationships between the AV engines involved in such detections, showing that most malware cases belong to either Adware abuse or really dangerous Harmful applications, but some others are unspecified (or Unknown). With the help of Machine Learning and Graph Community Algorithms, we can further combine the different AV detections to classify such Unknown apps into either Adware or Harmful risks, reaching F1-score above 0.84.The authors would like to acknowledge the support of the national project TEXEO (TEC2016-80339-R), funded by the Ministerio de Economia y Competitividad of SPAIN through, and the EU-funded H2020 SMOOTH project, Spain (grant no. H2020-786741). Similarly, the authors would like to remark the support provided by the Tacyt system (https://www.elevenpaths.com/es/te cnologia/tacyt/index.html) for the collection and labeling of AV information. Finally, Ignacio Martin would like to acknowledge the support granted by the Spanish Ministry of education through the FPU scholarship he holds (FPU15/03518)
- âŠ