Authors:
Amanda Viescinski
1
;
Tiago Heinrich
1
;
Newton C. Will
2
and
Carlos Maziero
1
Affiliations:
1
Federal University of Paraná, Curitiba, Brazil
;
2
Federal University of Technology - Paraná, Dois Vizinhos, Brazil
Keyword(s):
Intrusion Detection, Distributed Computing, Security.
Abstract:
Computational clouds offer services in different formats, aiming to adapt to the needs of each client. This scenario of distributed systems is responsible for the communication, management of services and tools through the exchange of messages. Thus, security in such environments is an important factor. However, the implementation of secure systems to protect information has been a difficult goal to achieve. In addition to the prevention mechanisms, a common approach to achieve security is intrusion detection, which can be carried out by anomaly detection. This technique does not require prior knowledge of attack patterns, since the normal behavior of the monitored environment is used as a basis for detection. This work proposes a behavioral modeling technique for distributed applications using the traces of operations of its nodes, allowing the development of a strategy to identify anomalies. The chosen strategy consists of modeling the normal behavior of the system, which is arrang
ed in sets of n-grams of events. Our goal is to build functional and effective models, which make it possible to detect anomalies in the system, with reduced rates of false positives. The results obtained through the evaluation of the models highlight the feasibility of using n-grams to represent correct activities of a system, with favorable results in the false positive rate and also in terms of accuracy.
(More)