دانلود مقاله ترجمه شده تشخیص نفوذ در یک محیط ابری با سیستم انگشت نگاری – مجله IEEE

فهرست مطالب:

چکیده
۱ مقدمه
۲بررسی منابع
۳جزییات اجرایی
۴نتیجه گیری

بخشی از ترجمه:

رایانش یا محاسبات ابری به عنوان یک معماری و ساختار دهی نسل آینده برای شرکت های فناوری اطلاعات می باشد که به دلیل مزیت های قابل توجهی که دارد توسعه زیادی را داشته است. رایانش ابری راه حل های زیادی را برای انجام محاسبات کم هزینه، قابل اندازه گیری و کارامد در اختیار می گذارد. به دلیل ماهیت توزیعی سیستم های مبتنی بر ابر، این سیستم ها در برابر دسته زیادی از تهاجمات آسیب پذیر می باشند که در خارج از آن تهاجمات vm محور رایج و متداول ترین می باشند. به منظور مقابله با این خطرات و تهاجمات، ما نیازمند سیستم های تشخیص نفوذ می باشیم که برای پایش ترافیک شبکه و تجاوزات سیاستی از کاربران غیر مجاز به کار می رود. تشخیص ناهنجاری روشی برای تشخیص نفوذ است که برای شناسایی نفوذ ها و تهاجمات با پایش فعالیت سیستم و پیدا کردن الگوهایی که مطابق با رفتار طبیعی نمی باشند مورد استفاده قرار می گیرد. در این مقاله روشی برای تشخیص ناهنجاری در محیط ابری ارایه می شود که بر اساس تجزیه توالی های درخواست سیستم که توسط ماشین های مجازی تولید می شود ارایه می شود. به کار گیری هدفمند این روش ها مانع از تغییر برنامه های اجرایی شناخته شده توسط کاربران VM خواهد شد.

۱ مقدمه

رایانش ابری به عنوان پلاتفرم مهمی مطرح است که طیف وسیعی از خدمات را در صورت استفاده از مدل ها در اختیار می گذارد. این شیوه سرویس ها و خدمات گسترده ای در لایه های نرم افزاری، پلاتفرم و کاربری در اختیار می گذارد. موسسه ملی فناوری و استاندارد های ایالات متحده ۵ خصوصیات و ویژگی های ابری را ارایه کرده است. سلف سرویس، دسترسی فراگیر به شبکه، مدیریت منابع، الاستیسیته(ارتجاع) سریع و خدمات اندازه گیری شده.(۱). به دلیل خدمات متعددی که فراهم می کند و سهولت استفاده از سرویس ها در یک ابر، به طیف وسیعی از تهاجمات شبکه ای و مبتنی بر محور آسیب پذیر است(۲). با این حال مفهوم رایانش ابری جدید نیست بلکه به دلیل جهانی شدن آن و کاربرد های گسترده ای که دارد، نیاز فوری و مبرم به بررسی ابعاد امنیتی آن وجود دارد.
اساسا ابر بر دو نوع است: ابر رایانش و ابر داده. ابری که قدرت محاسباتی را به عنوان خدمت یا سرویس در اختیار می گذارد تحت مقوله ابر رایانش قرار می گیرد در حالی که سایرین که خدمات ذخیره ای فراهم می کنند موسوم به ابر داده می باشد. هر دوی این مدل سرویس های ابری دارای ملزومات متعددی با توجه به امنیت خود می باشند. برای مثال، امنیت یک ابر رایانشی عمدتا شامل شناسایی توالی هایی از سیگنال های نفوذ و تهاجم، ویروس ها و تروژان هایی می باشد که هدف آن ها اختلال در کارایی محاسباتی فراهم شده توسط فروشنده ابر است در حالی که امنیت ابر داده ها عمدتا تاکید بر تهاجمات شبکه محوری دارد که هدف آن دسترسی به اطلاعات غیر مجاز ذخیره شده در آن است.

بخشی از مقاله انگلیسی:

Abstract— Cloud Computing envisioned as the next generation architecture for IT enterprises, has proliferated itself due to the advantages it provides. Cloud Computing provides solutions for carrying out efficient, scalable and low cost computing. Due to the distributed nature of cloud based system, it is vulnerable to a large category of attacks out of which VM based attacks are most common. To counter these attacks we need Intrusion Detection System (IDS), which is used to monitor network traffic and policy violations from unauthorized users. Anomaly Detection is a technique of Intrusion Detection, which is used to detect intrusions by monitoring system activity and finding out patterns that do not comply with the normal behavior. In this paper an approach for anomaly detection in cloud environment is presented, which is based upon analysis of system call sequences generated by the virtual machines to the hypervisor. Our proposed implementation prevents malicious VM users to modify well known frequently executed programs. Keywords: cloud, IDS, anomaly detection, system call, xen, finger print. I. INTRODUCTION Cloud Computing has evolved as a major platform that provides a variety of services on a pay per usage model. It provides services at software, platform and application layer. The US National Institute of Standards and Technology (NIST) have captured five essential cloud characteristics: on-demand self-service, ubiquitous network access, resource pooling, rapid elasticity and measured service [1]. Because of the various services it provides and the ease of access to services in a cloud, it is vulnerable to a large number of network and host based attacks [2]. However the concept of Cloud Computing is not new but due to its globalization and enormous usage there is an immediate requirement to look at its security aspects. Cloud is basically of two types: Compute Cloud and Data Cloud. The Cloud which provides computing power as a service comes under the category of compute cloud while others providing storage services are known as data cloud. Both of these cloud service model have different requirements with respect to their security. For example, securing a Compute Cloud majorly include detection of intrusive system call sequences, malwares, trojans that are targeting to disrupt the computational efficiency provided by the cloud vendor, while securing a data cloud will mainly focus on network based attacks that may try to get access to unauthorized information stored in it. It is found that a large category of attacks are launched through malicious VM’s allocated to the cloud users. Major attacks identified till date includes DDoS attacks from virtual machines (VM’s), VM Hoping, VM Rootkit, VM escape etc. Attackers target the Cloud infrastructure for consuming bandwidth, storage capacity and processing power. In case of network based attacks such as TCP SYN Flooding, malicious VM’s generate and send large number of TCP SYN packets to the privileged domain or other neighboring VM’s to consume bandwidth, storage and processing power of the end systems and hence will decrease the quality of cloud services. Many other attacks launched from malicious VM’s that utilizes network vulnerabilities include buffer overflow attacks, network sniffing etc. There are other attacks that utilize vulnerabilities in the virtualization environment used for allocation of cloud infrastructure. Such vulnerabilities present in virtualization environment are because of improper configuration of services provided to the cloud users. There has been a lot of research going on to provide security to the virtualization software such as hypervisors [3] so that commonly known VM based attacks that utilizes hypervisors miss-configuration and vulnerabilities can be minimized [4]. It has been noticed that cloud vendors are more interested in increasing the compute power of the clouds with minimization of resources so that the available services can be delivered at low cost and new services can be added to it. Hence any defensive mechanism to tackle well known attacks on cloud can only be taken into practice if it adds low cost to the cloud infrastructure for its deployment, maintenance and operation. Existing solutions such as IDS, IPS which are proposed for securing cloud infrastructure focus more on providing robust security to the cloud users and vendors but they lack in providing a solution that can be deployed efficiently to the cloud infrastructure [5]. In this paper an approach for anomaly detection in cloud environment is presented which is based upon statistical analysis of system call sequences generated by the virtual machines to the hypervisor. Existing schemes for detection of malicious system calls from virtual machines on cloud infrastructure does not focus on statistical analysis of system call sequences rather focus on integrity of individual system calls. It will help in detecting a malicious system call but not malicious system call sequences which decrease the probability of detecting an intrusive call sequence if present in frequently used system call sequences. II. RELATED WORK The research presented in this paper is related to anomaly detection for severity analysis in virtual machines. It is based on the statistical analysis of malicious system call sequences which are generated by the virtual machines. So we have drawn the existing literature in this area so that a comparative analysis could be made with our scheme. Forest et al. [6] presented a method for anomaly intrusion detection at the process level. Discrimination is made between normal and abnormal characteristics. Normal is defined as short sequences of system calls that are generated by running privileged processes. Using this method they were able to detect various attacks like buffer overflow, symbolic link attack etc. Lee et al. [7] extended the work of Forest et al. and identified the normal and abnormal patterns in Unix processes. Machine Learning based approach was used to identify misuses and intrusions in UNIX system. They applied RIPPER, a rule learning program to the audit data of UNIX sendmail program. Warrender et al. [8] proposed a method for detecting intrusions using intrusive system calls. In this the sequence of system calls was identified in the kernel of an operating system. For experimentation they compared 4 methods for observing normal behaviors and detecting intrusions based on system calls in privileged processes. This scheme however is not specific to cloud computing platform. Ghosh et al. [9] used ANN (artificial neural network) techniques to learn normal sequences of system calls for specific UNIX system programs. More than 150 program profiles were established. For each program, a neural network was trained and used to identify anomalous behaviour. They used DARPA dataset for establishing profiles. Liao et al. [10] proposed text categorization techniques for intrusion detection. Here instead of the storing short sequences of system calls, frequencies of system calls are used to identify the program behavior using kNN classifier. The kNN classifier is used to classify program behavior as normal or intrusive. Ye et al. [11] proposed an intrusion detection approach for system call sequences and rule extraction. In this paper, an approach for anomaly intrusion detection is presented and applied to monitor the abnormal behavior of processes. The approach is based on rough set theory and capable of extracting a set of rules with the minimum size to form a normal behavior model from the record of system call sequences generated during the normal execution of a process. It may detect the abnormal operating status of a process. The normal behavior model in terms of the system call sequences is defined. And the detection algorithm is given for the application of rough set theory in intrusion detection. The illustrative example shows that it is feasible and effective. Bharadwaja et al. [12] proposed Collabra which is integrated with every virtual machine monitor and acts as a filtering layer to detect attacks and prevent illicit access to the VMM and the host. It also performs filtering of malicious hyper calls at the guest OS level before routing the call to the VMM. This scheme however does not looks for intrusive system call sequences which can help in preventing an attack before it is targeted if the system call sequence falls outside any valid system call sequences. Jin et al. proposed VMFence [13] which is used to monitor network flow and file integrity in real time. But this architecture is more computationally complex as it checks for attack patterns from data coming via all VM’s connected to the privileged domain. Also it does not take into account malicious system call sequences from VM’s targeted on the cloud infrastructure. Arshad et al [14] proposed an automatic intrusion diagnosis approach for clouds. In this paper they have analysed a set of three security attributes i.e. availability, confidentiality and integrity. They have categorized all the attacks on the basis of these three security attributes. Then they have identified what kind of attack is being generated by the system calls and mapped those system calls to any one of these attributes. Both supervised and unsupervised methods have been used for preparing the training datasets. However the implementation on virtual machines or real cloud environment is not demonstrated. Arshad et al. [15] proposed a novel intrusion severity approach for cloud. They are focused on presenting a machine learning based approach which make use of virtual machine specific parameters such as security requirement, SLA state and frequency of attack. They have demonstrated that the proposed approach is effective to address the severity analysis in Cloud. But it does not detect attacks from malicious system call sequences.

دانلود رایگان مقاله انگلیسی

خرید ترجمه فارسی مقاله با فرمت ورد

خرید نسخه پاورپوینت این مقاله جهت ارائه