Beruflich Dokumente
Kultur Dokumente
in Cloud -A Review
Pratibha S Dr.vinay S
Assistant Professor, Department of CSE, Professor, Department of CSE,
PES Institute of Technology and Management, PES Institute of Technology and Management ,
Shivamogga, India Shivamogga, India
pratibha @pestrust.edu.in vinay@pestrust.edu.in
Abstract—Cloud Computing is a new evolution in distributed attacks based on previous rules and patterns stored in
architecture providing services and resources on demand. Since database. The downside of misuse detection is that it does not
cloud is an Internet based technology it is posed with new detect new attacks which are notin the database. Anomaly
security attacks and challenges with respect to reliability and detection system Anomaly detection is the process of finding
safety. Anomaly detection is one of the Intrusion detection in the patterns in a dataset whose behavior is not normal on
cloud to detecting unknown attack patterns. Considering expected. These unexpected behaviors are also termed as
increase in network traffic and exponential growth of data anomalies or outliers. The anomalies cannot always be
involvement of human in detection system is really difficult and categorized as an attack but it can be a surprising behavior
has to faces limitations. A machine learning technique aims to
which is previously not known. It may or may not be harmful.
implement a detection system that can learn from
data(experience)and make decisions without human intervention.
The main advantage of machine learning is to analyze huge 1.1 Anomaly detection technique
volume of audit data , discover new attacks, construct detection The basic methodology of anomaly detection follows
rules improving bringing high speed and accuracy in the
parameter wise training a model before detection[2].
network. There are various machine learning techniques to
improve detection system. Each of the machine learning
technique has its own advantages and limitations. This paper
presents an overview of different machine learning techniques
for anomaly detection which can guide researchers in an
interesting area of machine learning.
1. INTRODUCTION
Cloud computing is Internet based which has become an
essential part of our life. On demand services offered by Cloud
computing suffers from traditional attacks of Internet for Figure 1: Methodology of Anomaly Detection
which firewall is not sufficient. Security issue in cloud Parameterization: Pre processing data into a pre-established
computing is becoming an important aspect because of threats formats such that it is acceptable or in accordance with the
related to data and service availability. Intrusion detection targeted systems behavior.
system is security mechanism to monitor network activities Training stage: A model is built on the basis of normal (or
and identify the various attacks affecting the network services. abnormal) behavior of the system. There are different ways
Intrusion detection systems are always designed with that can be opted depending on the type of anomaly detection
preventative mechanism against intrusions. Since cloud considered. It can be both manual and automatic.
environment offers services like Software as a Service, Detection stage: When the model for the system is available, it
Platform as a Service, and Infrastructure as a Service it is is compared with the (parameterized or the pre defined)
necessary to employ an effective Intrusion detection system to observed traffic. If the deviation found exceeds (or is less than
improve availability, security and performance of the cloud. when in the case of abnormality models) from a pre defined
Basically, there are two categories of types of Intrusion threshold then an alarm will be triggered.
detection , Signature based detection and Anomaly based The remaining paper is planned as follows,Section 2
detection[8]. Signature based detection system detects known gives the machine learning techniques for anomaly detection.
Section 3 brings out the summary of comparisons of various compared to unsupervised method because they have access o more
machine learning techniques, Section 4 give recommendations information. The technical issue with supervised method is to label
for using machine learning tools to detect anomalies..Section 5 the training set and shortage of data set covering all areas.
is a conclusion part. The most common supervised algorithms are, Supervised Neural
Networks, Support Vector Machines (SVM), k-Nearest Neighbors,
Bayesian Networks and Decision Tree.
2. MACHINE LEARNING BASED ANOMALY
DETETCTION SYSTEM
Cloud computing domain poses challenges such as high
cost of errors, lack of training data ,a semantic gap between 2.2 Unsupervised Machine learning method
results and their operational interpretation, enormous
Unsupervised method (also known as clustering
variability in input data[6].To overcome these challenges method)mainly used for behavior densely concentrated in
using signature based detection involves human activity to test particular areas or groups of areas. The most common
attacks and frame new defined rule which may take hours and unsupervised algorithms are, K-Means, Self-organizing maps (SOM),
days to generate signatures for rapid attacks. A motivation C-means, Expectation-Maximization Meta algorithm (EM), Adaptive
arises to construct and maintain detection system with less resonance theory (ART), Unsupervised Niche Clustering (UNC) and
human effort. Machine learning is an appropriate tool for a One-Class Support Vector Machine.
predictive model. 3.COMPRISON OF MACHINE LEARNING TECHNIQUES
Machine learning is behavior based. It is the ability of a
program to learn from previous experiences and improve the In literature survey, it was found that various machine
performance of a system. learning techniques aimed to achieve high achieve high
Compared to other detection systems, machine learning is detection rate with their own pros and consaccordig to [8][23].
significantly harder to employ machine learning effectively. Table 1 : Pros and cons of machine learning techniques
Machine-learning algorithms excel much better at Machine Pros Cons
finding similarities than at identifying activity that Sln Learning
does not belong there: the classic machine learning o Technique
application is a classification problem, rather than 1 Neural Ability to generalize from Slow training
discovering meaningful outliers as required by an Networks limited, noisy and pprocess not suitable
incomplete data. for real-time
anomaly detection system. detection.
A basic rule of machine-learning is that one needs to Does not need expert
knowledge and it can find Over-fitting may
train a system with specimens of all classes, and, unknown or novel happen during neural
crucially, the number of representatives found in the intrusions network training
training set for each class should be large. 2 Bayesian Encodes pprobabilistic Harder to handle
In intrusion detection, the relative cost of any Network relationships among the continuous features.
misclassification is extremely high compared to variables of interest.
May not contain any
many other machine learning applications. Ability to incorporate both good classifiers if
A false positive requires spending expensive analyst Prior knowledge and data. prior knowledge is
wrong
time examining the reported incident only to
eventually determine that it reflects benign 3 Support Better learning ability for Training akes a long
Vector small samples. time
underlying activity. False negatives, on the other Machine
hand, have the potential to cause serious damage to High training rate and Mostly used binary
an organization. decision rate, classifier which
insensitiveness to cannot give additional
When addressing the semantic gap, one dimension of input data. information about
consideration is the incorporation of local security detected type of
attack.
policies we note that traffic diversity is not restricted
to packet-level features, but extends to application- 4 Genetic Capable of deriving best Genetic aalgorithm
layer information as well, both in terms of syntactic algorithm classification rules and cannot assure
Selecting optimal constant optimization
and semantic variability. parameters. response times.
Biologically iinspired and Over-fitting.
Machine learning can be done with two methods, employs evolutionary
supervised and unsupervised. algorithm.
5. CONCLUSION [9] Chandola V., Banerjee A. , Kumar V., Anomaly detection: A survey,
ACM Computing Surveys (CSUR); 41(3); 2009;p. 15.
With a increase in the applicability of cloud in
[10] Shelke, P.K., Sontakke, S. and Gawande, A.D. (2012) Intrusion
industrial and academic and medical fields such as Google, Detection System for Cloud Computing. International Journal of Scientific &
Amazon and Microsoft study of cloud security is very Technology Research, 1, 67-71.
important. The complex properties of computing environment [11] Roschke, S., Cheng, F. and Meinel, C. (2009) Intrusion Detection in
of cloud always demands data availability, service availability Cloud. Eight IEEE International Conference on Dependable Automatic and
and reliability. Monitoring cloud activities continuously is a Secure Computing, Liverpool, 729-734.
major task of security. There is a need to analyze the large [12]Tang D. H., Cao Z.,Machine Learning-based Intrusion Detection
volume of network dataset and improve the performance of Algorithm; Journal of Computational Information Systems;5(6); 2009; p.
intrusion detection Detecting abnormal activities of cloud by 1825-1831.
anomaly based detection and to have human independent [13] T. Shon and J. Moon. A hybrid machine learning approach to
solution is possible by machine learning technique. Everyday network anomaly detection. Information Sciences,vol.177,pp.3799–
cloud computing is witnesses a new anomaly.. Using machine 3821,2007.
learning tools as classification or clustering method [14] A Abhinav S. Raut1, Kavita R. Singh2, Anomaly Based Intrusion
appropriately for finding anomalies. Detection-A Review, Int. J. on Network Security, Vol. 5,2014.
. There are various machine learning techniques each one [15] Anton Gulenko, Marcel Wallschl¨ager, Florian Schmidt, Odej Kao,
with advantages and drawbacks. An extensive research work Feng Liu, Evaluating Machine Learning Algorithms for Anomaly Detection in
Clouds, 2016 IEEE International Conference on Big Data..
is being carried out to make decision regarding the
applicability of a machine learning techniques in different [16] Amjad Hussain Bhat, Sabyasachi Patra, Dr. Debasish Jena, Machine
circumstances. The researchers try to find optimize various Learning Approach for Intrusion Detection on Cloud Virtual Machines,
(IJAIEM) Volume 2, Issue 6, June 2013.
machine learning techniques or hybrid techniques to bring
high detection rate and high accuracy and low false alarm [17] Hung-Jen Liao, Chun-HungRichardLin, Ying-ChihLin , Kuang-
YuanTung , Intrusion detection system: A comprehensive review, Journal of
rate. This paper is a an outcome of study of various machine Network and Computer Applications 36 (2013) 16–24.
learning techniques which can be a guidance for further
research in anomaly detection in cloud.
)