Denial of service (DOS) attacks are a serious threat to network security. These attacks are often sourced from virtual machines in the cloud, rather than from the attacker's own machine, to achieve anonymity and higher network bandwidth. Past research focused on analyzing traffic on the destination (victim's) side with predefined thresholds. These approaches have significant disadvantages. They are only passive defenses after the attack, they cannot use the outbound statistical features of attacks, and it is hard to trace back to the attacker with these approaches. In this paper, we propose a DOS attack detection system on the source side in the cloud, based on machine learning techniques. This system leverages statistical information from both the cloud server's hypervisor and the virtual machines, to prevent network packages from being sent out to the outside network. We evaluate nine machine learning algorithms and carefully compare their performance. Our experimental results show that more than 99.7% of four kinds of DOS attacks are successfully detected. Our approach does not degrade performance and can be easily extended to broader DOS attacks.
{"title":"Machine Learning Based DDoS Attack Detection from Source Side in Cloud","authors":"Zecheng He, Tianwei Zhang, R. Lee","doi":"10.1109/CSCloud.2017.58","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.58","url":null,"abstract":"Denial of service (DOS) attacks are a serious threat to network security. These attacks are often sourced from virtual machines in the cloud, rather than from the attacker's own machine, to achieve anonymity and higher network bandwidth. Past research focused on analyzing traffic on the destination (victim's) side with predefined thresholds. These approaches have significant disadvantages. They are only passive defenses after the attack, they cannot use the outbound statistical features of attacks, and it is hard to trace back to the attacker with these approaches. In this paper, we propose a DOS attack detection system on the source side in the cloud, based on machine learning techniques. This system leverages statistical information from both the cloud server's hypervisor and the virtual machines, to prevent network packages from being sent out to the outside network. We evaluate nine machine learning algorithms and carefully compare their performance. Our experimental results show that more than 99.7% of four kinds of DOS attacks are successfully detected. Our approach does not degrade performance and can be easily extended to broader DOS attacks.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121504145","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.
{"title":"A Novel Method Makes Concolic System More Effective","authors":"Hongliang Liang, Zhengyu Li, Minhuan Huang, Xiaoxiao Pei","doi":"10.1109/CSCloud.2017.43","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.43","url":null,"abstract":"Fuzzing is attractive for finding vulnerabilities in binary programs. However, when the application's input space is huge, fuzzing cannot deal with it well. For discovering vulnerabilities more effective, researchers came up concolic testing, and there are much researches on it recently. A common limitation of concolic systems designed to create inputs is that they often concentrate on path-coverage and struggle to exercise deeper paths in the executable under test, but ignore to find those test cases which can trigger the vulnerabilities. In this paper, we present TSM, a novel method for finding potential vulnerabilities in concolic systems, which can help concolic systems more effective for hunting vulnerabilities. We implemented TSM method on a wide-used concolic testing tool-Fuzzgrind, and the evaluation experiments show that TSM can make Fuzzgrind hunt bugs quickly in real-world software, which are hardly found ever before.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116938561","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Deep learning is a sub-set of machine learning practice employing models based on various learning network architectures and algorithms in the field of artificial intelligence. Businesses planning to adopt a deep learning solution should comprehend a set of complex choices in hardware, software, configuration and optimizations to setup a functional deep learning solution. This paper will describe the reference architecture built on Intel Knights Landing processor and omni-path interconnection. We provide a simplified guide to deploy, configure and optimize deep learning solutions based on an array of compute, storage, networking and software components offered by Quanta Cloud Technology. The performance data is presented and it shows good scaling and accuracy on processing the data from IMAGENET.
{"title":"Performance of Caffe on QCT Deep Learning Reference Architecture — A Preliminary Case Study","authors":"V. Shankar, Stephen Chang","doi":"10.1109/CSCloud.2017.49","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.49","url":null,"abstract":"Deep learning is a sub-set of machine learning practice employing models based on various learning network architectures and algorithms in the field of artificial intelligence. Businesses planning to adopt a deep learning solution should comprehend a set of complex choices in hardware, software, configuration and optimizations to setup a functional deep learning solution. This paper will describe the reference architecture built on Intel Knights Landing processor and omni-path interconnection. We provide a simplified guide to deploy, configure and optimize deep learning solutions based on an array of compute, storage, networking and software components offered by Quanta Cloud Technology. The performance data is presented and it shows good scaling and accuracy on processing the data from IMAGENET.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120968481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the recent advancements in the information and communication technologies, large number of devices are connecting to the Internet, hence large volumes of data in different formats and from different sources are generating. Consequently, on one hand dynamic and heterogeneous data sharing and management, in the ecosystem of Internet of Things (IoT), where every smart object is connected to Internet, presents new research challenges. On the other hand, citizen privacy preserving is another challenge, because he/she has to send his/her information to a service provider, to obtain the required information. This information is sensitive since it can reveal information about an individual. An attacker or a malicious service provider can utilize this sensitive information for their own business or something else. This paper presents a Secure Framework for Future Smart City (SEFSCITY), for better city living and governance, based on Cloud Computing IoT and Distributed Computing. We first present the architecture of SEFSCITY, which is based on Multi-Cloud and Cloud Federation approach; then we propose a security protocol for our framework. In our security model, we use Zero-Knowledge Protocol based on Elliptic Curve Discrete Logarithm Problem. Finally, we validate our architecture by conducting several scenarios that we have implemented using Cloud Analyst tool. The results show that in all scenarios, the cost infrastructure remains the same for the cloud customer, and our approach is benefic for the cloud provider in term of revenues and data processing time
{"title":"Secure Framework for Future Smart City","authors":"Hamza Djigal, Jun Feng, Jiamin Lu","doi":"10.1109/CSCloud.2017.21","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.21","url":null,"abstract":"With the recent advancements in the information and communication technologies, large number of devices are connecting to the Internet, hence large volumes of data in different formats and from different sources are generating. Consequently, on one hand dynamic and heterogeneous data sharing and management, in the ecosystem of Internet of Things (IoT), where every smart object is connected to Internet, presents new research challenges. On the other hand, citizen privacy preserving is another challenge, because he/she has to send his/her information to a service provider, to obtain the required information. This information is sensitive since it can reveal information about an individual. An attacker or a malicious service provider can utilize this sensitive information for their own business or something else. This paper presents a Secure Framework for Future Smart City (SEFSCITY), for better city living and governance, based on Cloud Computing IoT and Distributed Computing. We first present the architecture of SEFSCITY, which is based on Multi-Cloud and Cloud Federation approach; then we propose a security protocol for our framework. In our security model, we use Zero-Knowledge Protocol based on Elliptic Curve Discrete Logarithm Problem. Finally, we validate our architecture by conducting several scenarios that we have implemented using Cloud Analyst tool. The results show that in all scenarios, the cost infrastructure remains the same for the cloud customer, and our approach is benefic for the cloud provider in term of revenues and data processing time","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133962400","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In order to explain the geological structure accurately and quickly, we analyze the gas mixture gathered from the well by Infrared Spectroscopy Fourier Transform Spectrometer instead of gas chromatograph. In the process of the spectrum analysis, the reduction of the spectrum data dimention is very neccessary to perform. In this paper, we propose a feature extraction method is based on waveband selections using genetic algorithm, which is named FEWSGA. This approach can directly selecte eigenvalues from the limited waveband spectrum data instead of using mathematical transformation, such as the PCA (principal component analysis) and PLS (partial least squares) algorithm. Experiments results show that our method can reduce the spectrum data dimention from 1866 to 317, and the mean relative error (MRE) of the analysis model decrease from 34.68% to 26.59%. Moreover, the feature extraction from the whole waveband spectrum data using GA only reduce the data dimention from 1866 to 937. The MRE of the analysis model only reduces from 34.68% to 32.97%. Our approach has a better performance.
{"title":"Waveband Selection Based Feature Extraction Using Genetic Algorithm","authors":"Yujun Li, Kun Liang, Xiaojun Tang, Keke Gai","doi":"10.1109/CSCloud.2017.31","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.31","url":null,"abstract":"In order to explain the geological structure accurately and quickly, we analyze the gas mixture gathered from the well by Infrared Spectroscopy Fourier Transform Spectrometer instead of gas chromatograph. In the process of the spectrum analysis, the reduction of the spectrum data dimention is very neccessary to perform. In this paper, we propose a feature extraction method is based on waveband selections using genetic algorithm, which is named FEWSGA. This approach can directly selecte eigenvalues from the limited waveband spectrum data instead of using mathematical transformation, such as the PCA (principal component analysis) and PLS (partial least squares) algorithm. Experiments results show that our method can reduce the spectrum data dimention from 1866 to 317, and the mean relative error (MRE) of the analysis model decrease from 34.68% to 26.59%. Moreover, the feature extraction from the whole waveband spectrum data using GA only reduce the data dimention from 1866 to 937. The MRE of the analysis model only reduces from 34.68% to 32.97%. Our approach has a better performance.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122962571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, there are many scheduling algorithms for execution of workflow applications using Quality of Service (QoS) parameters. In this paper, we improve a scheduling workflow algorithm considering the time and cost constraints on heterogeneous resources, which is called Budget-Deadline constrained using Sub-Deadline scheduling (BDSD). With the deadline and budget constraints required by the user, we use the BDSD algorithm to find a scheduling which satisfy with the both constraints. We use the planning successful rate (PSR) to show the effectiveness of our algorithm. In the simulation experiment, we use the random workflow applications and real workflow applications to experiment. The simulation results show that compared with other algorithms, our BDSD algorithm has a high PSR and low-time complexity of O(n2m) for n tasks and m processors.
{"title":"An Improved Budget-Deadline Constrained Workflow Scheduling Algorithm on Heterogeneous Resources","authors":"Ting Sun, Chuangbai Xiao, Xiujie Xu, Guozhong Tian","doi":"10.1109/CSCloud.2017.8","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.8","url":null,"abstract":"In recent years, there are many scheduling algorithms for execution of workflow applications using Quality of Service (QoS) parameters. In this paper, we improve a scheduling workflow algorithm considering the time and cost constraints on heterogeneous resources, which is called Budget-Deadline constrained using Sub-Deadline scheduling (BDSD). With the deadline and budget constraints required by the user, we use the BDSD algorithm to find a scheduling which satisfy with the both constraints. We use the planning successful rate (PSR) to show the effectiveness of our algorithm. In the simulation experiment, we use the random workflow applications and real workflow applications to experiment. The simulation results show that compared with other algorithms, our BDSD algorithm has a high PSR and low-time complexity of O(n2m) for n tasks and m processors.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"149 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127267351","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sunhee Baek, Donghwoon Kwon, Jinoh Kim, S. Suh, Hyunjoo Kim, Ikkyun Kim
Identifying anomalous events in the network is one of the vital functions in enterprises, ISPs, and datacenters to protect the internal resources. With its importance, there has been a substantial body of work for network anomaly detection using supervised and unsupervised machine learning techniques with their own strengths and weaknesses. In this work, we take advantage of the both worlds of unsupervised and supervised learning methods. The basic process model we present in this paper includes (i) clustering the training data set to create referential labels, (ii) building a supervised learning model with the automatically produced labels, and (iii) testing individual data points in question using the established learning model. By doing so, it is possible to construct a supervised learning model without the provision of the associated labels, which are often not available in practice. To attain this process, we set up a new property defining anomalies in the context of clustering, based on our observations from anomalous events in network, by which the referential labels can be obtained. Through our extensive experiments with a public data set (NSL-KDD), we will show that the presented method perform very well, yielding fairly comparable performance to the traditional method running with the original labels provided in the data set, with respect to the accuracy for anomaly detection.
{"title":"Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks","authors":"Sunhee Baek, Donghwoon Kwon, Jinoh Kim, S. Suh, Hyunjoo Kim, Ikkyun Kim","doi":"10.1109/CSCloud.2017.26","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.26","url":null,"abstract":"Identifying anomalous events in the network is one of the vital functions in enterprises, ISPs, and datacenters to protect the internal resources. With its importance, there has been a substantial body of work for network anomaly detection using supervised and unsupervised machine learning techniques with their own strengths and weaknesses. In this work, we take advantage of the both worlds of unsupervised and supervised learning methods. The basic process model we present in this paper includes (i) clustering the training data set to create referential labels, (ii) building a supervised learning model with the automatically produced labels, and (iii) testing individual data points in question using the established learning model. By doing so, it is possible to construct a supervised learning model without the provision of the associated labels, which are often not available in practice. To attain this process, we set up a new property defining anomalies in the context of clustering, based on our observations from anomalous events in network, by which the referential labels can be obtained. Through our extensive experiments with a public data set (NSL-KDD), we will show that the presented method perform very well, yielding fairly comparable performance to the traditional method running with the original labels provided in the data set, with respect to the accuracy for anomaly detection.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127989354","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ming-Quan Hong, Wen Zhao, Guang Chen, Chaoxian Chen, Ziliang Wang
The next few years promises drastic improvements to global navigation satellite systems. USA is modernizing GPS, Russia is GLONASS, Europe is moving ahead with its own Galileo System, and China is expanding its BeiDou system from a regional navigation system to a full constellation global navigation satellite system known as BeiDou-2/Compass. Chinese BeiDou satellite navigation system constellation currently consists of twenty-six BeiDou satellites and can provide services of navigation and positioning in the Asia-Pacific Region. In this paper, we calculate the high frequency data of GPS and BeiDou by using the broadcast ephemeris, and the results are applied to the real-time positioning of the float platform in the experiment of Air-Gun in reservoir. We use the data to analyze the quality by multipath effect, signal noise ratio, positioning accuracy and so on. The results show that the accuracy of the BeiDou is slightly lower than that of GPS. The accuracy of GPS in horizontal direction is about 5 mm and that of vertical direction is about 12 mm, and the accuracy of BeiDou in horizontal direction is about 5.5 mm and that of vertical direction is about 16 mm.
{"title":"Quality Check and Analysis of BeiDou and GPS Observation Data in the Experiment of Air-Gun in Reservoir","authors":"Ming-Quan Hong, Wen Zhao, Guang Chen, Chaoxian Chen, Ziliang Wang","doi":"10.1109/CSCloud.2017.29","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.29","url":null,"abstract":"The next few years promises drastic improvements to global navigation satellite systems. USA is modernizing GPS, Russia is GLONASS, Europe is moving ahead with its own Galileo System, and China is expanding its BeiDou system from a regional navigation system to a full constellation global navigation satellite system known as BeiDou-2/Compass. Chinese BeiDou satellite navigation system constellation currently consists of twenty-six BeiDou satellites and can provide services of navigation and positioning in the Asia-Pacific Region. In this paper, we calculate the high frequency data of GPS and BeiDou by using the broadcast ephemeris, and the results are applied to the real-time positioning of the float platform in the experiment of Air-Gun in reservoir. We use the data to analyze the quality by multipath effect, signal noise ratio, positioning accuracy and so on. The results show that the accuracy of the BeiDou is slightly lower than that of GPS. The accuracy of GPS in horizontal direction is about 5 mm and that of vertical direction is about 12 mm, and the accuracy of BeiDou in horizontal direction is about 5.5 mm and that of vertical direction is about 16 mm.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"78 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131344778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The number of attacks that use sophisticated and complex methods increased lately. The main objective of these attacks is to largely infiltrate the target network and to stay undetected. Therefore, the attackers often use valid credentials and standard administrative tools to hide between legitimate user actions and to hinder detection. Most existing security systems, which use standard signature-based or anomaly-based approaches, are not able to identify this type of malicious activities. Furthermore, it is also most often not feasible to analyze user behavior manually, due to the complexity of this task and the high amount of different user actions. Thus, it is necessary to develop new automated approaches to identify suspicious user behavior. In this paper, we propose to use neural networks to analyze user behavior and to identify suspicious actions. Due to the fact that neural networks require suitable datasets to learn the difference between suspicious and benign actions, we describe a behavioral simulation system to generate reasonable datasets. These datasets use different behavioral features to describe log-on and log-off activities of users. To identify suitable neural network models for user behavior analysis, we evaluate and compare 16,275 different feed-forward neural networks with three different datasets and 75 recurrent neural networks with one dataset. The results show that the used dataset and the complexity of a model are crucial to achieve a high accuracy. Appropriate models, which also consider context behavior information, are able to automatically classify before unseen user actions with an accuracy of up to 98 %.
{"title":"Identifying Suspicious User Behavior with Neural Networks","authors":"M. Ussath, David Jaeger, Feng Cheng, C. Meinel","doi":"10.1109/CSCloud.2017.10","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.10","url":null,"abstract":"The number of attacks that use sophisticated and complex methods increased lately. The main objective of these attacks is to largely infiltrate the target network and to stay undetected. Therefore, the attackers often use valid credentials and standard administrative tools to hide between legitimate user actions and to hinder detection. Most existing security systems, which use standard signature-based or anomaly-based approaches, are not able to identify this type of malicious activities. Furthermore, it is also most often not feasible to analyze user behavior manually, due to the complexity of this task and the high amount of different user actions. Thus, it is necessary to develop new automated approaches to identify suspicious user behavior. In this paper, we propose to use neural networks to analyze user behavior and to identify suspicious actions. Due to the fact that neural networks require suitable datasets to learn the difference between suspicious and benign actions, we describe a behavioral simulation system to generate reasonable datasets. These datasets use different behavioral features to describe log-on and log-off activities of users. To identify suitable neural network models for user behavior analysis, we evaluate and compare 16,275 different feed-forward neural networks with three different datasets and 75 recurrent neural networks with one dataset. The results show that the used dataset and the complexity of a model are crucial to achieve a high accuracy. Appropriate models, which also consider context behavior information, are able to automatically classify before unseen user actions with an accuracy of up to 98 %.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133307042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mohamed Yassin, Hakima Ould-Slimane, C. Talhi, H. Boucheneb
Recently, we are attending to the proliferation of Cloud Computing (CC) as the new trending internet-based-Platform. Thanks to the outsourcing paradigm, CC is enabling many services. Software as a Service (SaaS) is one of those cloud-based-services. Indeed, SaaS model allows providers to reduce the cost of maintenance and management by transferring traditional on premise deployment to public Cloud. Clients can subscribe, in self-service, to SaaS services based on a pay-per-use model. However, since user data are outsourced to the Cloud, serious security breaches are rising and could harm the reputation of providers and slow down the subscription of clients. SQL injection attack (SQLIA) is one of the most critical SaaS vulnerabilities that allows attackers to violate the availability, confidentiality and integrity of user data. In this paper, we propose SQL injection intrusion detection framework as a service for SaaS providers, SQLIIDaaS, which allows a SaaS provider to detect SQLIAs targeting several SaaS applications without reading, analyzing or modifying the source code. To achieve SQL query/HTTP request mapping, we propose an event correlation based on the similarity between literals in SQL queries and parameters in HTTP requests. SQLIIDaaS is integrated and validated in Amazon Web Services (AWS). A SaaS provider can subscribe to this framework and launch its own set of virtual machines, which holds on-demand self-service, resource pooling, rapid elasticity, and measured service properties.
最近,我们正在关注云计算(CC)作为基于互联网的新趋势平台的扩散。由于外包范例,CC正在启用许多服务。软件即服务(SaaS)是其中一种基于云的服务。事实上,SaaS模式允许提供商通过将传统的内部部署转移到公共云来降低维护和管理成本。客户可以在自助服务中订阅基于按使用付费模型的SaaS服务。然而,由于用户数据被外包到云端,严重的安全漏洞正在上升,可能会损害提供商的声誉,并减缓客户的订阅速度。SQL注入攻击(SQLIA)是最关键的SaaS漏洞之一,它允许攻击者破坏用户数据的可用性、机密性和完整性。在本文中,我们提出了SQL注入入侵检测框架SQLIIDaaS作为SaaS提供商的服务,它允许SaaS提供商在不阅读、分析或修改源代码的情况下检测针对多个SaaS应用程序的SQLIAs。为了实现SQL查询/HTTP请求映射,我们提出了一种基于SQL查询文字和HTTP请求参数相似性的事件关联。SQLIIDaaS在Amazon Web Services (AWS)中进行了集成和验证。SaaS提供商可以订阅这个框架并启动自己的一组虚拟机,这些虚拟机拥有按需自助服务、资源池、快速弹性和可测量的服务属性。
{"title":"SQLIIDaaS: A SQL Injection Intrusion Detection Framework as a Service for SaaS Providers","authors":"Mohamed Yassin, Hakima Ould-Slimane, C. Talhi, H. Boucheneb","doi":"10.1109/CSCloud.2017.27","DOIUrl":"https://doi.org/10.1109/CSCloud.2017.27","url":null,"abstract":"Recently, we are attending to the proliferation of Cloud Computing (CC) as the new trending internet-based-Platform. Thanks to the outsourcing paradigm, CC is enabling many services. Software as a Service (SaaS) is one of those cloud-based-services. Indeed, SaaS model allows providers to reduce the cost of maintenance and management by transferring traditional on premise deployment to public Cloud. Clients can subscribe, in self-service, to SaaS services based on a pay-per-use model. However, since user data are outsourced to the Cloud, serious security breaches are rising and could harm the reputation of providers and slow down the subscription of clients. SQL injection attack (SQLIA) is one of the most critical SaaS vulnerabilities that allows attackers to violate the availability, confidentiality and integrity of user data. In this paper, we propose SQL injection intrusion detection framework as a service for SaaS providers, SQLIIDaaS, which allows a SaaS provider to detect SQLIAs targeting several SaaS applications without reading, analyzing or modifying the source code. To achieve SQL query/HTTP request mapping, we propose an event correlation based on the similarity between literals in SQL queries and parameters in HTTP requests. SQLIIDaaS is integrated and validated in Amazon Web Services (AWS). A SaaS provider can subscribe to this framework and launch its own set of virtual machines, which holds on-demand self-service, resource pooling, rapid elasticity, and measured service properties.","PeriodicalId":436299,"journal":{"name":"2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)","volume":"272 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116327130","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: