Title: COMPUTERS & SECURITYImported from Authenticus Search for Journal Publications

Vol. 78

Pages: 33-42

ISSN: 0167-4048

ISI Web of Knowledge - 4 Citations

Scopus - 6 Citations

Authenticus ID: P-00P-S81

DOI: 10.1016/j.cose.2018.05.016

Abstract (EN): Its distributed nature and ubiquitous service make the cloud subject to several vulnerabilities. One of the main tools used for reporting suspicious activity in the network's traffic is the Intrusion Detection System. However, two significant problems arise: the huge volume of control messages between the virtual machines and the servers; and the associated transfer costs. In this work, we propose a Triple-Similarity Mechanism (T-SyM) for grouping similar alarms that may correspond to the same attack (or attempt) in order to reduce the number of messages and, consequently, the total amount of information. In addition, we propose an algorithm for calculating the severity level of the alarms. T-SyM works on the basis of 3 steps: individual similarity (Euclidian distance), clustering relevant features (k-means algorithm) and generating the output (the Tanimoto coefficient). An evaluation of the most common attacks is performed using real traces from an IDS. Our mechanism was able to decrease the number of alarms by up to 90% and reduce the total amount of data by more than 80%.

Language: English

Type (Professor's evaluation): Scientific

No. of pages: 10