Abstract
In this chapter, we present an automated learning-based proactive auditing system, namely LeaPS, which automatically learns probabilistic dependencies, and hence, addresses the inefficiencies of existing solutions. To this end, we describe a log processor, which processes (as discussed later) real-world cloud logs and prepares them for different learning techniques (e.g., Bayesian network and sequence pattern mining) to allow capturing dependency relationships. Unlike most learning-based security solutions, since we are not relying on learning techniques to detect abnormal behaviors, we avoid the well-known limitations of high false positive rates; any inaccuracy in the learning phase would only affect the efficiency, as will be demonstrated through experiments later in this chapter. We believe this idea of leveraging learning for efficiency, instead of security, may be adapted to benefit other security solutions. As demonstrated by our implementation and experimental results, LeaPS provides an automated, efficient, and scalable solution for different cloud platforms to increase their transparency and accountability to tenants.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amazon, Amazon virtual private cloud. https://aws.amazon.com/vpc. Accessed 14 Feb 2018
BayesFusion, GeNIe and SMILE. https://www.bayesfusion.com. Accessed 14 Feb 2018
M. Bellare, B. Yee, Forward integrity for secure audit logs. Technical report, Citeseer (1997)
S. Bleikertz, C. Vogel, T. GroĂŸ, S. Mödersheim, Proactive security analysis of changes in virtualized infrastructures, in Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC) (ACM, New York, 2015), pp. 51–60
Cloud Security Alliance, Cloud control matrix CCM v3.0.1 (2014). https://cloudsecurityalliance.org/research/ccm/. Accessed 14 Feb 2018
Cloud Security Alliance, CSA STAR program and open certification framework in 2016 and beyond (2016). https://downloads.cloudsecurityalliance.org/star/csa-star-program-cert-prep.pdf. Accessed 14 Feb 2018
A.P. Dempster, N.M. Laird, D.B. Rubin, Maximum likelihood from incomplete data via the em algorithm. J. R Stat. Soc. Ser. B 39, 1–38 (1977)
Elasticsearch, Logstash. https://www.elastic.co/products/logstash. Accessed 14 Feb 2018
P. Fournier-Viger, SPMF, an open-source data mining library. http://www.philippe-fournier-viger.com/spmf/index.php. Accessed 14 Feb 2018
P. Fournier-Viger, C.-W. Wu, V.S. Tseng, Mining maximal sequential patterns without candidate maintenance, in International Conference on Advanced Data Mining and Applications (Springer, Berlin, 2013), pp. 169–180
A. Gomariz, M. Campos, R. Marin, B. Goethals, Clasp: an efficient algorithm for mining frequent closed sequences, in Pacific-Asia Conference on Knowledge Discovery and Data Mining (Springer, Berlin, 2013), pp. 50–61
Google, Google cloud platform. https://cloud.google.com. Accessed 14 Feb 2018
D. Heckerman, A tutorial on learning with bayesian networks, in Learning in Graphical Models (Springer, Berlin, 1998), pp. 301–354
ISO Std IEC, ISO 27017. Information technology- security techniques- code of practice for information security controls based on ISO/IEC 27002 for cloud services (DRAFT) (2012). http://www.iso27001security.com/html/27017.html. Accessed 14 Feb 2018
S.L. Lauritzen, The EM algorithm for graphical association models with missing data. Comput. Stat. Data Anal. 19(2), 191–201 (1995)
M. Li, W. Zang, K. Bai, M. Yu, P. Liu, Mycloud: supporting user-configured privacy protection in cloud computing, in Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC) (ACM, New York, 2013), pp. 59–68
S. Majumdar, Y. Jarraya, T. Madi, A. Alimohammadifar, M. Pourzandi, L. Wang, M. Debbabi, Proactive verification of security compliance for clouds through pre-computation: application to OpenStack, in European Symposium on Research in Computer Security (ESORICS) (Springer, Berlin, 2016), pp. 47–66
Microsoft, Microsoft Azure virtual network. https://azure.microsoft.com. Accessed 14 Feb 2018
K. Murphy, A brief introduction to graphical models and Bayesian networks (1998). https://www.cs.ubc.ca/~murphyk/Bayes/bayes_tutorial.pdf. Accessed Jan 2019
OpenStack, Nova network security group changes are not applied to running instances (2015). https://security.openstack.org/ossa/OSSA-2015-021.html. Accessed 14 Feb 2018
OpenStack, OpenStack open source cloud computing software (2015). http://www.openstack.org. Accessed 14 Feb 2018
OpenStack, OpenStack user survey (2016). https://www.openstack.org/assets/survey/October2016SurveyReport.pdf. Accessed 14 Feb 2018
J. Pearl, Causality: Models, Reasoning and Inference (Cambridge University Press, 2000)
J. Pei, J. Han, B. Mortazavi-Asl, J. Wang, H. Pinto, Q. Chen, U. Dayal, M.-C. Hsu, Mining sequential patterns by pattern-growth: the prefixspan approach. IEEE Trans. Knowl. Data Eng. 16(11), 1424–1440 (2004)
K. Ren, C. Wang, Q. Wang, Security challenges for the public cloud. IEEE Internet Comput. 16(1), 69–73 (2012)
WSGI, Middleware and libraries for WSGI (2016). http://wsgi.readthedocs.io/en/latest/libraries.html. Accessed 15 Feb 2018
X. Zhu, S. Song, J. Wang, S.Y. Philip, J. Sun, Matching heterogeneous events with patterns, in 30th International Conference on Data Engineering (ICDE) (IEEE, Piscataway, 2014), pp. 376–387
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Majumdar, S. et al. (2019). Proactive Security Auditing in Clouds. In: Cloud Security Auditing. Advances in Information Security, vol 76. Springer, Cham. https://doi.org/10.1007/978-3-030-23128-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-23128-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-23127-9
Online ISBN: 978-3-030-23128-6
eBook Packages: Computer ScienceComputer Science (R0)