عنوان مقاله
سیستم انگشت نگاری روشی برای تشخیص نفوذ در یک محیط ابری
فهرست مطالب
مقدمه
بررسی منابع
کارهای پیشنهادی
جزئیات اجرایی
نتیجه گیری
بخشی از مقاله
جزئیات اجرایی
برای نشان دادن جزییات اجرایی ما یک سیستم ثبت تماس را برای ویندوز های Ntrace استفاده کردیم. هم چنین یک سیستم ثبت تماس را برای محیط لینوکس موسوم به Strace استفاده کردیم که در بسیاری از آنالیز ها و اجراهای نمونه دیده می شود. این برنامه تماس های ورودی سیستم را طی یک اجرای برنامه وارد میکند. ماشین های مجازی برای کاربرانی تعیین می شوند که دستورات اجرایی توسط هایپرووایزر بررسی کرده و سیستم ثبت تماس آن ها در Dom-0 مجاز در xen ذخیره می شود. ما تماس های ورودی چنین تماس هایی را برای هر برنامه با اجرای بآن ها جمع آوری کرده و به جست و جوی تماس های ورودی اجرا شده می پردازد.
کلمات کلیدی:
A Fingerprinting System Calls Approach for Intrusion Detection in a Cloud Environment Sanchika Gupta Department of E&CE Indian Institute of Technology, Roorkee Uttarakhand, India dr.sanchikagupta@gmail.com Padam Kumar Department of E&CE Indian Institute of Technology, Roorkee Uttarakhand, India padamfec@iitr.ernet.in Anjali Sardana Department of E&CE Indian Institute of Technology, Roorkee Uttarakhand, India Ajith Abraham IT For Innovations - Center of Excellence VSB-Technical University of Ostrava, Czech Republic *Machine Intelligence Reserch Labs (MIR Labs), WA, USA ajith.abraham@ieee.org Abstract— Cloud Computing envisioned as the next generation architecture for IT enterprises, has proliferated itself due to the advantages it provides. Cloud Computing provides solutions for carrying out efficient, scalable and low cost computing. Due to the distributed nature of cloud based system, it is vulnerable to a large category of attacks out of which VM based attacks are most common. To counter these attacks we need Intrusion Detection System (IDS), which is used to monitor network traffic and policy violations from unauthorized users. Anomaly Detection is a technique of Intrusion Detection, which is used to detect intrusions by monitoring system activity and finding out patterns that do not comply with the normal behavior. In this paper an approach for anomaly detection in cloud environment is presented, which is based upon analysis of system call sequences generated by the virtual machines to the hypervisor. Our proposed implementation prevents malicious VM users to modify well known frequently executed programs. Keywords: cloud, IDS, anomaly detection, system call, xen, finger print. I. INTRODUCTION Cloud Computing has evolved as a major platform that provides a variety of services on a pay per usage model. It provides services at software, platform and application layer. The US National Institute of Standards and Technology (NIST) have captured five essential cloud characteristics: on-demand self-service, ubiquitous network access, resource pooling, rapid elasticity and measured service [1]. Because of the various services it provides and the ease of access to services in a cloud, it is vulnerable to a large number of network and host based attacks [2]. However the concept of Cloud Computing is not new but due to its globalization and enormous usage there is an immediate requirement to look at its security aspects.
