Malicious behavior classification in PaaS

Cemile Diler Özdemir*, Mehmet Tahir Sandıkkaya, Yusuf Yaslan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

PaaS delivery model let cloud customers share cloud provider resources through their cloud applications. This structure requires a strong security mechanism that isolates customer applications to prevent interference. For concurrent configurations of common providers, cloud applications are mostly deployed as server side web applications that share a common thread pool. In this paper, a malicious thread behavior detection framework that utilizes machine learning algorithms is proposed to classify whether the cloud platform executes a malicious flow in the currently active thread. The framework uses CPU metrics of worker threads and N-Gram frequencies of basic, privacy-friendly user operations as its features during machine learning phase. The proof of concept results are evaluated on a real-life cloud application scenario using Random Forest, Adaboost and Bagging ensemble learning algorithms. The scenario results indicate that the malicious request detection accuracy of the proposed framework is up to 87.6%. It is foreseen that better feature selection and targeted classifiers may end up with better ratios.

Original languageEnglish
Title of host publicationCloud Computing and Services Science - 8th International Conference, CLOSER 2018, Revised Selected Papers
EditorsVíctor Méndez Muñoz, Donald Ferguson, Markus Helfert, Claus Pahl
PublisherSpringer Verlag
Pages215-232
Number of pages18
ISBN (Print)9783030291921
DOIs
Publication statusPublished - 2019
Event8th International Conference on Cloud Computing and Services Science, CLOSER 2018 - Funchal, Portugal
Duration: 19 Mar 201821 Mar 2018

Publication series

NameCommunications in Computer and Information Science
Volume1073
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Conference

Conference8th International Conference on Cloud Computing and Services Science, CLOSER 2018
Country/TerritoryPortugal
CityFunchal
Period19/03/1821/03/18

Bibliographical note

Publisher Copyright:
© 2019, Springer Nature Switzerland AG.

Keywords

  • Cloud security
  • Machine learning
  • Malicious behavior
  • PaaS

Fingerprint

Dive into the research topics of 'Malicious behavior classification in PaaS'. Together they form a unique fingerprint.

Cite this