Authors:
Alexander Oppermann
1
;
Federico Grasso Toro
1
;
Florian Thiel
1
and
Jean-Pierre Seifert
2
Affiliations:
1
Physikalisch-Technische Bundesanstalt (PTB), Germany
;
2
Technische Uuniversität Berlin, Germany
Keyword(s):
Anomaly Detection, Continous Monitoring, Secure Cloud Computing, Anomaly Detection as a Service, Distributed Computing, Legal Metrology.
Abstract:
Securing Computer Systems against all kind of threats is an impossible challenge to fulfill. Although, in the field of Legal Metrology, it shall be assured that one can rely on the measurement carried out by a trusted computer system. In a distributed environment, a measurement instrument cannot be simply disconnected to gurantee its security. However, being able to monitor the computer systems constantly in order to deduce a normal system behaviour, can be a particular promising approach to secure such systems. In cases of detected anomalies, the system evaluates them to measure the severity of the detected incident and place it into three different categories: green, yellow and red. The presented Anomaly Detection Module can detect attacks against distributed applications in an cloud computing environment, using pattern recognition for clustering as well as statistical approaches. Both, inexperienced and experienced attacks have been tested and results are presented.