摘要
Cloud Computing is a hot topic in the global IT industry, which is considered as the main part of the network and computing service provider in recent years. Some security issues will be more threatening in cloud computing, such as account theft and insider threat. We propose a framework to utilize anomaly detection and random re-sampling techniques for profiling user's behaviors via the frequent patterns of activated system processes. By utilizing the user profiles learned from normal data, our method can detect malicious activities and discriminate suspicious activities from different users. We use virtual machine (VM) to collect process log of normal users and malicious tools. The collected data is used on verifying if our method can detect the malicious activities on the system. The results show that all the malicious activities are detected with less than 4.6% false-positive rate. We also collect real-world data for testing the ability of discriminating activities collected from different users. The results showed that the user profiles can averagely detect 86% suspicious behaviors from different users with less than 1% false positive rate.
| 原文 | English |
|---|---|
| 頁面 | 61-66 |
| 頁數 | 6 |
| DOIs | |
| 出版狀態 | Published - 1 1月 2013 |
| 事件 | 2013 Conference on Technologies and Applications of Artificial Intelligence, TAAI 2013 - Taipei, 台灣 持續時間: 6 12月 2013 → 8 12月 2013 |
Conference
| Conference | 2013 Conference on Technologies and Applications of Artificial Intelligence, TAAI 2013 |
|---|---|
| 國家/地區 | 台灣 |
| 城市 | Taipei |
| 期間 | 6/12/13 → 8/12/13 |