An autonomous agent based incident detection system for cloud environments |
Classic intrusion detection mechanisms are not flexible
Doelitzscher F, Reich C, Knahl MH, Clarke NL
enough to cope with cloud specific characteristics such as
frequent infrastructure changes. This makes them unable to
address new cloud specific security issues. In this paper we
introduce the cloud incident detection system Security Audit as a
Service (SAaaS). It is build upon intelligent autonomous agents,
which are aware of underlying business flows of deployed cloud
instances. Business flows are modelled in form of Security Service
Level Agreements, which enable the SAaaS architecture to be
flexible and to supported cross customer event monitoring of a
cloud infrastructure. As contribution of this paper we provide
a high-level design of the SAaaS architecture, an introduction
into the concept of Security Service Level Agreements, a first
prototype of an autonomous agent and an evaluation about,
which cloud specific security problems are addressed by the
presented architecture.