CloudIDEA: A Malware Defense Architecture for Cloud Data Centers

• Published in: On the Move to Meaningful Internet Systems: OTM 2015 Conferences pp. 594 - 611
• Main Authors: Fischer, Andreas, Kittel, Thomas, Kolosnjaji, Bojan, Lengyel, Tamas K., Mandarawi, Waseem, de Meer, Hermann, Müller, Tilo, Protsenko, Mykola, Reiser, Hans P., Taubmann, Benjamin, Weishäupl, Eva
• Format: Book Chapter
• Language: English
• Published: Cham Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Cloud Computing; Cloud Provider; Intrusion Detection; System Call; Virtual Machine
• ISBN: 9783319261478; 3319261479
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-26148-5_40

Due to the proliferation of cloud computing, cloud-based systems are becoming an increasingly attractive target for malware. In an Infrastructure-as-a-Service (IaaS) cloud, malware located in a customer’s virtual machine (VM) affects not only this customer, but may also attack the cloud infrastructure and other co-hosted customers directly. This paper presents CloudIDEA, an architecture that provides a security service for malware defens in cloud environments. It combines lightweight intrusion monitoring with on-demand isolation, evidence collection, and in-depth analysis of VMs on dedicated analysis hosts. A dynamic decision engine makes on-demand decisions on how to handle suspicious events considering cost-efficiency and quality-of-service constraints.