Applying Bag of System Calls for Anomalous Behavior Detection of Applications in Linux Containers

In this paper, we present the results of using bags of system calls for learning the behavior of Linux containers for use in anomaly-detection based intrusion detection system. By using system calls of the containers monitored from the host kernel for anomaly detection, the system does not require any prior knowledge of the container nature, neither does it require altering the container or the host kernel.Comment: Published version available on IEEE Xplore (http://ieeexplore.ieee.org/document/7414047/) arXiv admin note: substantial text overlap with arXiv:1611.0305

Automated Modeling of Real-Time Anomaly Detection using Non-Parametric Statistical technique for Data Streams in Cloud Environments

The main objective of online anomaly detection is to identify abnormal/unusual behavior such as network intrusions, malware infections, over utilized system resources due to design defects etc from real time data stream. Terrabytes of performance data generated in cloud data centers is a well accepted example of such data stream in real time. In this paper, we propose an online anomaly detection framework using non-parametric statistical technique in cloud data center. In order to determine the accuracy of the proposed work, we experiments it to data collected from RUBis cloud testbed and Yahoo Cloud Serving Benchmark (YCSB). Our experimental results shows the greater accuracy in terms of True Positive Rate (TPR), False Positive Rate (FPR), True Negative Rate (TNR) and False Negative Rate (FNR)

Security Challenges from Abuse of Cloud Service Threat

Cloud computing is an ever-growing technology that leverages dynamic and versatile provision of computational resources and services. In spite of countless benefits that cloud service has to offer, there is always a security concern for new threats and risks. The paper provides a useful introduction to the rising security issues of Abuse of cloud service threat, which has no standard security measures to mitigate its risks and vulnerabilities. The threat can result an unbearable system gridlock and can make cloud services unavailable or even complete shutdown. The study has identified the potential challenges, as BotNet, BotCloud, Shared Technology Vulnerability and Malicious Insiders, from Abuse of cloud service threat. It has further described the attacking methods, impacts and the reasons due to the identified challenges. The study has evaluated the current available solutions and proposed mitigating security controls for the security risks and challenges from Abuse of cloud services threat

The Planet Nine Hypothesis

Over the course of the past two decades, observational surveys have unveiled the intricate orbital structure of the Kuiper Belt, a field of icy bodies orbiting the Sun beyond Neptune. In addition to a host of readily-predictable orbital behavior, the emerging census of trans-Neptunian objects displays dynamical phenomena that cannot be accounted for by interactions with the known eight-planet solar system alone. Specifically, explanations for the observed physical clustering of orbits with semi-major axes in excess of $\sim250\,$AU, the detachment of perihelia of select Kuiper belt objects from Neptune, as well as the dynamical origin of highly inclined/retrograde long-period orbits remain elusive within the context of the classical view of the solar system. This newly outlined dynamical architecture of the distant solar system points to the existence of a new planet with mass of $m_9\sim 5-10\,M_{\oplus}$, residing on a moderately inclined orbit ($i_9\sim15-25\deg$) with semi-major axis $a_9\sim 400 - 800\,$AU and eccentricity between $e_9 \sim 0.2 - 0.5$. This paper reviews the observational motivation, dynamical constraints, and prospects for detection of this proposed object known as Planet Nine.Comment: 92 pages, 28 figures, published in Physics Report

Machine Learning in Application Security

Security threat landscape has transformed drastically over a period of time. Right from viruses, trojans and Denial of Service (DoS) to the newborn malicious family of ransomware, phishing, distributed DoS, and so on, there is no stoppage. The phenomenal transformation has led the attackers to have a new strategy born in their attack vector methodology making it more targeted—a direct aim towards the weakest link in the security chain aka humans. When we talk about humans, the first thing that comes to an attacker\u27s mind is applications. Traditional signature‐based techniques are inadequate for rising attacks and threats that are evolving in the application layer. They serve as good defences for protecting the organisations from perimeter and endpoint‐driven attacks, but what needs to be focused and analysed is right at the application layer where such defences fail. Protecting web applications has its unique challenges in identifying malicious user behavioural patterns being converted into a compromise. Thus, there is a need to look at a dynamic and signature‐independent model of identifying such malicious usage patterns within applications. In this chapter, the authors have explained on the technical aspects of integrating machine learning within applications in detecting malicious user behavioural pattern

REAL-TIME MULTI-VARIATE MULTI-TIME-SCALE ANOMALY DETECTION SYSTEM FOR NEXT GENERATION NETWORKS

Techniques are described herein for a real-time multi-variate, multi-scale, context-aware anomaly detection system. This system is built using concepts of edge/cloud distributed processing and orchestration