Leveraging Static Probe Instrumentation for VM-based Anomaly Detection System

  • Ady Wahyudi Paundu
  • Takeshi Okuda
  • Youki Kadobayashi
  • Suguru Yamaguchi
Conference paper

DOI: 10.1007/978-3-319-29814-6_27

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9543)
Cite this paper as:
Paundu A.W., Okuda T., Kadobayashi Y., Yamaguchi S. (2016) Leveraging Static Probe Instrumentation for VM-based Anomaly Detection System. In: Qing S., Okamoto E., Kim K., Liu D. (eds) Information and Communications Security. ICICS 2015. Lecture Notes in Computer Science, vol 9543. Springer, Cham

Abstract

In this preliminary study, we introduce a framework to predict anomaly behavior from Virtual Machines (VMs) deployed in public IaaS cloud model. Within this framework we propose to use a static probe instrumentation technique inside hypervisor in order to collect monitoring data and a black-box signature based feature selection method using Linear Discriminant Analysis. As a proof of concept, we run several evaluation tests to measure the output quality and computation overhead of our Anomaly Detection System (ADS) using feature selection. The results show that our feature selection technique does not significantly reduce the anomaly prediction quality when compared with full featured ADS and gives a better accuracy when compared to ADS with system-call data. Furthermore, ADS with feature selection method creates lower computing overhead compared to the other two ADS.

Keywords

Anomaly detection system Virtual Machine Static probe instrumentation Cloud security 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Ady Wahyudi Paundu
    • 1
  • Takeshi Okuda
    • 1
  • Youki Kadobayashi
    • 1
  • Suguru Yamaguchi
    • 1
  1. 1.Nara Institute of Science and TechnologyIkomaJapan

Personalised recommendations