Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy最新文献

筛选

英文中文

CloudShield: Real-time Anomaly Detection in the Cloud CloudShield:云中的实时异常检测

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy Pub Date : 2021-08-20 DOI: 10.1145/3577923.3583639

Zecheng He, Guangyuan Hu, Ruby B. Lee

{"title":"CloudShield: Real-time Anomaly Detection in the Cloud","authors":"Zecheng He, Guangyuan Hu, Ruby B. Lee","doi":"10.1145/3577923.3583639","DOIUrl":"https://doi.org/10.1145/3577923.3583639","url":null,"abstract":"In cloud computing, it is desirable if suspicious activities can be detected by automatic anomaly detection systems. Although anomaly detection has been investigated in the past, it remains unsolved in cloud computing. Challenges are: characterizing the normal behavior of a cloud server, distinguishing between benign and malicious anomalies (attacks), and preventing alert fatigue due to false alarms. We propose CloudShield, a practical and generalizable real-time anomaly and attack detection system for cloud computing. Cloudshield uses a general, pretrained deep learning model with different cloud workloads, to predict the normal behavior and provide real-time and continuous detection by examining the model reconstruction error distributions. Once an anomaly is detected, to reduce alert fatigue, CloudShield automatically distinguishes between benign programs, known attacks, and zero-day attacks, by examining the reconstruction error distributions. We evaluate the proposed CloudShield on representative cloud benchmarks. Our evaluation shows that CloudShield, using model pretraining, can apply to a wide scope of cloud workloads. Especially, we observe that CloudShield can detect the recently proposed speculative execution attacks, e.g., Spectre and Meltdown attacks, in milliseconds. Furthermore, we show that CloudShield accurately differentiates and prioritizes known attacks, and potential zero-day attacks, from benign programs. Thus, it significantly reduces false alarms by up to 99.0%.","PeriodicalId":387479,"journal":{"name":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129008034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

FLAP - A Federated Learning Framework for Attribute-based Access Control Policies 基于属性的访问控制策略的联邦学习框架

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy Pub Date : 2020-10-19 DOI: 10.1145/3577923.3583641

A. A. Jabal, E. Bertino, Jorge Lobo, D. Verma, S. Calo, A. Russo

{"title":"FLAP - A Federated Learning Framework for Attribute-based Access Control Policies","authors":"A. A. Jabal, E. Bertino, Jorge Lobo, D. Verma, S. Calo, A. Russo","doi":"10.1145/3577923.3583641","DOIUrl":"https://doi.org/10.1145/3577923.3583641","url":null,"abstract":"Technology advances in areas such as sensors, IoT, and robotics, enable new collaborative applications (e.g., autonomous devices). A primary requirement for such collaborations is to have a secure system that enables information sharing and information flow protection. A policy-based management system is a key mechanism for secure selective sharing of protected resources. However, policies in each party of a collaborative environment cannot be static as they have to adapt to different contexts and situations. One advantage of collaborative applications is that each party in the collaboration can take advantage of the knowledge of the other parties for learning or enhancing its own policies. We refer to this learning mechanism as policy transfer. The design of a policy transfer framework has challenges, including policy conflicts and privacy issues. Policy conflicts typically arise because of differences in the obligations of the parties, whereas privacy issues result because of data sharing constraints for sensitive data. Hence, the policy transfer framework should be able to tackle such challenges by considering minimal sharing of data and supporting policy adaptation to address conflict. In the paper, we propose a framework that aims at addressing such challenges. We introduce a formal definition of the policy transfer problem for attribute-based access control policies. We then introduce the transfer methodology which consists of three sequential steps. Finally, we report experimental results.","PeriodicalId":387479,"journal":{"name":"Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134359917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy 第十三届ACM数据与应用安全与隐私会议论文集

Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy Pub Date : 1900-01-01 DOI: 10.1145/3577923

引用次数: 0

首页上一页