Please use this identifier to cite or link to this item: https://ah.lib.nccu.edu.tw/handle/140.119/112487
DC FieldValueLanguage
dc.contributor資管系
dc.creator曾宇瑞zh_TW
dc.creator郁方zh_TW
dc.creatorLi, Yen Hanen_US
dc.creatorTzeng, Yeu Rueyen_US
dc.creatorYu, Fangen_US
dc.date2016-02
dc.date.accessioned2017-09-01T02:06:43Z-
dc.date.available2017-09-01T02:06:43Z-
dc.date.issued2017-09-01T02:06:43Z-
dc.identifier.urihttp://nccur.lib.nccu.edu.tw/handle/140.119/112487-
dc.description.abstractCloud computing has become one of the most dominant computation platforms in recent years. Security threats could be one of the major stunning blocks on this evolution road. While system vendors and cloud tenants benefit much from sharing resources in the cloud environment, security breaches can cause more significant damages of the cloud ecosystem than personal computers. Virtualization techniques facilitate the movement of intrusion detection system to cloud-host operating systems with virtual machine management by observing behaviors of virtual machines (VMs). However, a VM-based detection system inherits the semantic gap problem: it is needed the ability to reveal (malicious) behaviors of VMs from observed data. We propose an automatic and systematic analysis framework for charactering malware behaviors using unsupervised clustering. This framework consists of three phases: (1) unsupervised clustering on behaviors of VMs, (2) supervised classification rule derivation, and (3) online system detection. Specifically, we collect and cluster system call distributions of VMs within a small period as samples, identify clusters that contain only samples from malicious VMs, and derive detection rules by extracting features of these malicious clusters. VMs that have been observed their system call distributions falling into a malicious cluster are considered to be malicious. We have integrated the presented framework with OpenStack and develop a prototype online monitoring system, called VISO. We conduct several experiments against common attacks, showing the effectiveness of VISO on clustering, classifying and detecting malicious behaviors of VMs.
dc.format.extent208 bytes-
dc.format.mimetypetext/html-
dc.relationProceedings - IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015 , 34-41en_US
dc.subjectComputer crime; Intrusion detection; Java programming language; Malware; Personal computers; Semantics; Cloud securities; Clustering; Detecting malicious behaviors; Intrusion Detection Systems; On-line monitoring system; Supervised classification; Virtual machine introspection; Virtual machine management; Cloud computing
dc.titleVISO: Characterizing malicious behaviors of virtual machines with unsupervised clusteringen_US
dc.typeconference
dc.identifier.doi10.1109/CloudCom.2015.19
dc.doi.urihttp://dx.doi.org/10.1109/CloudCom.2015.19
item.grantfulltextopen-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.cerifentitytypePublications-
item.openairetypeconference-
item.fulltextWith Fulltext-
Appears in Collections:會議論文
Files in This Item:
File Description SizeFormat
index.html208 BHTML2View/Open
Show simple item record

Google ScholarTM

Check

Altmetric

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.