User-profile-based analytics for detecting cloud security breaches
Coskun, Ayse K.
MetadataShow full item record
Citation (published version)Trishita Tiwari, Ata Turk, Alina Oprea, Katzalin Olcoz, Ayse K Coskun. 2017. "User-Profile-Based Analytics for Detecting Cloud Security Breaches." 2017 IEEE International Conference on Big Data (IEEE Big Data). Boston, MA, 2017-12-11 - 2017-12-14. doi: 10.1109/BigData.2017.8258494
While the growth of cloud-based technologies has benefited the society tremendously, it has also increased the surface area for cyber attacks. Given that cloud services are prevalent today, it is critical to devise systems that detect intrusions. One form of security breach in the cloud is when cyber-criminals compromise Virtual Machines (VMs) of unwitting users and, then, utilize user resources to run time-consuming, malicious, or illegal applications for their own benefit. This work proposes a method to detect unusual resource usage trends and alert the user and the administrator in real time. We experiment with three categories of methods: simple statistical techniques, unsupervised classification, and regression. So far, our approach successfully detects anomalous resource usage when experimenting with typical trends synthesized from published real-world web server logs and cluster traces. We observe the best results with unsupervised classification, which gives an average F1-score of 0.83 for web server logs and 0.95 for the cluster traces.