ProvlntSec: a provenance cognition blueprint ensuring integrity and security for real life open source cloud

摘要

The distributed nature and growing demand for open source cloud makes the system an ideal target for malicious attacks and unauthorised file transfers. Requirements of provenance cognition scheme can come forward to solve the problem. However, such mechanisms of provenance detection has been considered to a limited extent for open source cloud computing. ProvlntSec is a novel mechanism that ensures effective collection of provenance information from a large pool of virtual machine (VM) instances on open source cloud platform. ProvlntSec captures critical system journals from VM instances and pattern matches those with predefined signatures to detect the presence of malicious activities. In addition, ProvlntSec identifies the Linux process trees to determine unauthorised file movements across different nodes. The experiments were executed in OpenStack Essex cloud environment running on real life system, and standard metrics were used to calculate the results. The obtained results show average precision values of 92.81% and 81.24% for malware detection and unauthorised file transfers respectively. At the same time, cumulative performance gains of 0.3991 and 8.77 are obtained. Upon comparison of the obtained results with benchmarks, ProvlntSec shows desirable gain in performance.