Detection of Information leakage in cloud

TL;DR

This paper proposes a machine learning-based framework for detecting covert information leakage channels in cloud environments, focusing on accuracy, cost-efficiency, and robustness against noisy data.

Contribution

It introduces a signature-based detection framework utilizing feature extraction and SVMs to identify covert channels in cloud traffic, addressing limitations of existing methods.

Findings

High detection accuracy achieved

Low-cost and scalable approach

Robust performance in noisy environments

Abstract

Recent research shows that colluded malware in different VMs sharing a single physical host may use a resource as a channel to leak critical information. Covert channels employ time or storage characteristics to transmit confidential information to attackers leaving no trail.These channels were not meant for communication and hence control mechanisms do not exist. This means these remain undetected by traditional security measures employed in firewalls etc in a network. The comprehensive survey to address the issue highlights that accurate methods for fast detection in cloud are very expensive in terms of storage and processing. The proposed framework builds signature by extracting features which accurately classify the regular from covert traffic in cloud and estimates difference in distribution of data under analysis by means of scores. It then adds context to the signature and finally using machine learning (Support Vector Machines),a model is built and trained for deploying in cloud. The results show that the framework proposed is high in accuracy while being low cost and robust as it is tested after adding noise which is likely to exist in public cloud environments.