TL;DR
CloudShield is a real-time anomaly detection system for cloud computing that uses deep learning to identify malicious activities and reduce false alarms, including zero-day attacks, with high accuracy and speed.
Contribution
It introduces a generalizable deep learning-based approach for real-time anomaly detection in cloud environments, capable of distinguishing benign, known, and zero-day attacks.
Findings
Detects speculative execution attacks like Spectre and Meltdown in milliseconds
Reduces false alarms by up to 99.0%
Applies effectively across diverse cloud workloads
Abstract
In cloud computing, it is desirable if suspicious activities can be detected by automatic anomaly detection systems. Although anomaly detection has been investigated in the past, it remains unsolved in cloud computing. Challenges are: characterizing the normal behavior of a cloud server, distinguishing between benign and malicious anomalies (attacks), and preventing alert fatigue due to false alarms. We propose CloudShield, a practical and generalizable real-time anomaly and attack detection system for cloud computing. Cloudshield uses a general, pretrained deep learning model with different cloud workloads, to predict the normal behavior and provide real-time and continuous detection by examining the model reconstruction error distributions. Once an anomaly is detected, to reduce alert fatigue, CloudShield automatically distinguishes between benign programs, known attacks, and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
