Home // eKNOW 2012, The Fourth International Conference on Information, Process, and Knowledge Management // View article

Mastering Security Anomalies in Virtualized Computing Environments via Complex Event Processing

Authors:
Lars Baumgärtner
Pablo Graubner
Matthias Leinweber
Roland Schwarzkopf
Matthias Schmidt
Bernhard Seeger
Bernd Freisleben

Keywords: security; malware; virtual machine monitoring; complex event processing; intrusion detection

Abstract:
To protect computer systems and their users against security attacks, all potential security related incidents should be detected by monitoring system behavior. In this paper, a novel approach to detect, analyze and handle security anomalies in virtualized computing systems is presented. Adequate sensors on different virtualization layers monitor relevant events, a Complex Event Processing engine is used to aggregate and correlate events on the same or different layers to find genuine attacks and eliminate false positives, and corresponding actions are performed if a security anomaly is detected. To enhance the quality of the results, machine learning techniques are used to analyze a historical database of recorded events offline to generate new or modify existing queries on the monitored event stream automatically. Furthermore, sensors can be activated and deactivated during runtime to gather interesting events, reduce the false alarm rate and ensure the system's responsiveness when a sudden increase of monitored event data occurs. In this way, a flexible, minimally-invasive approach for detecting, analyzing and reacting to a broad variety of security anomalies in a virtualized environment is provided.

Pages: 76 to 81

Copyright: Copyright (c) IARIA, 2012

Publication date: January 30, 2012

Published in: conference

ISSN: 2308-4375

ISBN: 978-1-61208-181-6

Location: Valencia, Spain

Dates: from January 30, 2012 to February 4, 2012