Publication details

Home Publications Publication details

An agent based business aware incident detection system for cloud environments
Doelitzscher F, Reich C, Knahl MH, Passfall A, Clarke NL
Journal of Cloud Computing: Advances, Systems and Applications, 1:9, ISSN: 2192-113X, 2012
Links:  External link available

Classic intrusion detection mechanisms are not flexible enough to cope with cloud specific
characteristics such as frequent infrastructure changes. This makes them unable to address
new cloud specific security issues. In this paper we introduce the cloud incident detection
system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous
agents, which are aware of underlying business driven intercommunication of cloud
services. This enables the presented SAaaS architecture to be flexible and to supported
cross customer event monitoring within a cloud infrastructure. A contribution of this
paper it to provide a high-level design of the SAaaS architecture, an introduction into the
proposed Security Business Flow Language (SBFL), a first prototype of an autonomous
agent and an evaluation about, which cloud specific security problems are addressed by
the presented architecture. It is shown that autonomous agents and behaviour analysis are
fertile approaches to detect cloud specific security problems and can create a cloud audit
system.

Doelitzscher F, Reich C, Knahl MH, Passfall A, Clarke NL