Title: Security event correlation approach for cloud computing
Authors: Massimo Ficco
Addresses: Dipartimento di Ingegneria Industriale e dell'Informazione, Second University of Naples (SUN), Via Roma 29, 81031 Aversa, Italy
Abstract: Cloud computing is a new business model, which represents an opportunity for users, companies, and public organisations to reduce costs and increase efficiency, as well as an alternative way for providing services and resources. In this pay-by-use model, security plays a key role. Cyber attacks are a serious danger, which can compromise the quality of the service delivered to the customers, as well as the costs of the provided cloud resources and services. In this paper, a hybrid and hierarchical event correlation approach for intrusion detection in cloud computing is presented. It consists of detecting intrusion symptoms by collecting diverse information at several cloud architectural levels, using distributed security probes, as well as performing complex event analysis based on a complex event processing engine. The escalation process from intrusion symptoms to the identified cause and target of the intrusion is driven by a knowledge-base represented by an ontology. A prototype implementation of the proposed intrusion detection solution is also presented.
Keywords: cloud computing; intrusion detection; security; event correlation; complex event processing; CEP; cyber attacks; ontology.
DOI: 10.1504/IJHPCN.2013.056525
International Journal of High Performance Computing and Networking, 2013 Vol.7 No.3, pp.173 - 185
Received: 24 Oct 2012
Accepted: 14 Mar 2013
Published online: 30 Jul 2014 *