Affiliation:
1. School of Computer Science and Engineering, Tianjin University of Technology, Tianjin 300387, China
2. College of Cyber Science, Nankai University, Tianjin 300350, China
Abstract
From general systems to mission-critical systems at financial and government institutions, the application scope of cloud computing services is continuously expanding. Therefore, there is a need for better methods to ensure the stability and security of the cloud data and services. Monitoring the abnormal behavior of virtual machines (VMs) is one of the most-important means to identify the causes of security incidents related to the cloud. However, current traditional abnormal-behavior-detection methods for VMs on cloud platforms face multiple challenges such as privacy protection and the semantic gap. Virtualization technology plays a key role in cloud computing. Meanwhile, virtualization security is the core issue of cloud computing security as well. To address these issues, this paper proposes a feature-fusion-based abnormal-behavior-detection method (FFABD) in a virtualization environment. This method acquires the hardware features and syscalls of the VM at the physical machine level and the virtualization level, respectively. Therefore, this method is not limited by the operating system running on the VM. This makes our method more efficient and universally applicable compared to traditional abnormal-VM-detectionmethods. The ensemble learning model performs the best among all the models, achieving an Accuracy of 99.7%.
Funder
National Key R&D Program of China
Tianjin Key R&D Program
2019 Tianjin New Generation AI Technology Key Project
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering