Classic intrusion detection mechanisms are not flexible enough to cope with cloud specific
characteristics such as frequent infrastructure changes. This makes them unable to address
new cloud specific security issues. In this paper we introduce the cloud incident detection
system Security Audit as a Service (SAaaS). It is built upon intelligent autonomous
agents, which are aware of underlying business driven intercommunication of cloud
services. This enables the presented SAaaS architecture to be flexible and to supported
cross customer event monitoring within a cloud infrastructure. A contribution of this
paper it to provide a high-level design of the SAaaS architecture, an introduction into the
proposed Security Business Flow Language (SBFL), a first prototype of an autonomous
agent and an evaluation about, which cloud specific security problems are addressed by
the presented architecture. It is shown that autonomous agents and behaviour analysis are
fertile approaches to detect cloud specific security problems and can create a cloud audit
Sorry, this publication is not currently available to the public due to copyright restrictions.
We are unable to provide copies of this publication at present.
Centre for Security, Communications and Network Research (CSCAN), Room A304 Portland Square, Plymouth University, Plymouth, PL4 8AA, United Kingdom
Telephone: +44 (0) 1752 586234, Fax: +44 (0) 1752 586300, Email: email@example.com