Cloud security auditing based on behavioural modelling

Abstract

Multi-tenancy is one of the most attractive features of cloud computing, which provides significant benefits to both clients and service providers by supporting elastic, efficient and on-demand resource provisioning and allocation. Multi-tenancy also introduces additional security auditing opportunities. Security auditing can be consolidated and offloaded onto a dedicated and well-protected service. The timely prevention of intrusive behaviour and malicious processes using signature-based intrusion detection technologies or system call level anomaly analysis is a very challenging task due to a high rate of false alarms. In this work, a behavioural modelling scheme is proposed to audit the behaviours of client virtual machine and detect suspicious processes on the level of functionality. The proposed scheme can be used as a community security auditing service. The scheme can also be used by cloud providers to offer automatic identification and auditing of the tenant’s services. Our preliminary results have...