Publication details

Home Publications Publication details

Incident detection for cloud environments
Doelitzscher F, Reich C, Knahl MH, Clarke NL
Proceedings of the Third International Conference on Emerging Network Intelligence (EMERGING 2011), ISBN: 978-1-61208-174-8, pp100-105, 2011
Links:  External link available

Security and privacy concerns hinder a broad
adoption of cloud computing in industry. In this paper we
identify cloud specific security risks and introduce the cloud
incident detection system Security Audit as a Service (SAaaS).
SAaaS is built on autonomous distributed agents feeding a
complex event processing engine, informing about a cloud’s
security state. In addition to technical monitoring factors like
number of open network connections business process flows can
be modelled to detect customer overlapping security incidents.
In case of identified attacks actions can be defined to protect the
cloud service assets. As contribution of this paper we provide a
high-level design of the SAaaS architecture and a first prototype
of a virtual machine agent. We show how an incident detection
system for a cloud environment should be designed to address
cloud specific security problems.

Doelitzscher F, Reich C, Knahl MH, Clarke NL