Anomaly detection in secure cloud environments using a Self-Organizing Feature Map (SOFM) model For clustering sets of R-ordered vector-structured features

Shirazi, Syed Noor Ul Hassan and Stephanakis, Ioannis M. and Chochliouros, Ioannis P. and Sfakianakis, Evangelos (2015) Anomaly detection in secure cloud environments using a Self-Organizing Feature Map (SOFM) model For clustering sets of R-ordered vector-structured features. In: EANN '15. ACM. ISBN 9781450335805

Full text not available from this repository.

Abstract

Cloud computing delivers services over virtualized networks to many end-users. Cloud services are characterized by such attributes as on-demand self-service, broad network access, resource pooling, rapid and elastic resource provisioning and metered services of various qualities. Cloud networks provide data as well as multimedia and video services. Cloud computing for critical structure IT is a relative new area of potential applications. Cloud networks are classified into private cloud networks, public cloud networks and hybrid cloud networks. Anomaly detection systems are defined as a branch of intrusion detection systems that deal with identifying anomalous events with respect to normal system behavior. A novel application of a Self-Organizing-Feature Map (SOFM) of reduced/aggregate sets of ordered vector structured features that are used for detecting anomalies in the context of secure cloud environments is herein proposed. Multivalue inputs consist of reduced/aggregate ordered sets of vector and binary features. The nodes of the SOFM - after training - are indicative of local distributions of feature measurements during normal cloud operation. Anomalies are detected as outliers of the trained SOFM. Each structured vector consists of binary as well as histogram data. The aggregated Canberra distance is used to order histogram data whereas the Jaccard distance is used for multivalue binary data. The so-called Cross-Order Distance Matrix is defined for both cases. The distance depends upon the selection of a similarity/distance measure and a method for operating upon the elements of the Cross-Order Distance Matrix. Several methods of estimating the distance between two ordered sets of features are investigated in the course of this paper.

Item Type:
Contribution in Book/Report/Proceedings
ID Code:
78755
Deposited By:
Deposited On:
18 Mar 2016 16:10
Refereed?:
Yes
Published?:
Published
Last Modified:
18 Sep 2023 02:35