An agent based business aware incident detection system for cloud environments |
Classic intrusion detection mechanisms are not flexible enough to cope with cloud specific
Doelitzscher F, Reich C, Knahl MH, Passfall A, Clarke NL
characteristics such as frequent infrastructure changes. This makes them unable to address
new cloud specific security issues. In this paper we introduce the cloud incident detection
system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous
agents, which are aware of underlying business driven intercommunication of cloud
services. This enables the presented SAaaS architecture to be flexible and to supported
cross customer event monitoring within a cloud infrastructure. A contribution of this
paper it to provide a high-level design of the SAaaS architecture, an introduction into the
proposed Security Business Flow Language (SBFL), a first prototype of an autonomous
agent and an evaluation about, which cloud specific security problems are addressed by
the presented architecture. It is shown that autonomous agents and behaviour analysis are
fertile approaches to detect cloud specific security problems and can create a cloud audit
system.