LMHADC: Lightweight Method for Host based Anomaly Detection in Cloud using Mobile Agents

Abstract

With ever-growing complexity and dynamically of cloud computing systems, security monitoring has become more and more important. In this paper, we propose a lightweight framework for host based real-time anomaly detection in cloud computing. Firstly, unlike the traditional host based anomaly detection methods in which data collection agents usually occupy too many host resources, we employ the intelligent mobile agent which can automatically transfer to other hosts to collect data according to the monitoring task requirements, in turn reduce the number of data collection agents running in the platform. Secondly, we employ Principal Component Analysis (PCA) to extract the main features from the collected data and further reduce the data dimension. Thirdly, to mine the abnormal behavior point candidates, DBSCAN clustering is applied to labeling and gathers the entire data into corresponding cluster sets based on the data characteristics. The clusters containing a very small number of instances and the isolated instance are regarded as anomaly candidates since normal instances usually present as highly coherent clusters. Finally, to better improve the accuracy of anomaly detection, we propose an analysis method based on continuous sliding time window to eliminate the influence of the noise caused by normal operations, the anomaly candidates are further analyzed to finally determine whether the host is in abnormal status or not. The experimental results based on the anomaly detection platform we constructed show that the proposed method has lower computational complexity and higher detection accuracy, which can reduce the time complexity by 50% with detection accuracy is above 95%.