A Security Monitoring Framework For Virtualization Based HEP Infrastructures

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the...

Descripción completa

Detalles Bibliográficos
Autores principales: Gomez Ramirez, A., Martinez Pedreira, M., Grigoras, C., Betev, L., Lara, C., Kebschull, U.
Lenguaje:eng
Publicado: 2017
Materias:
hep-ex
Particle Physics - Experiment
cs.CR
Computing and Computers
cs.AI
cs.DC
Acceso en línea:https://dx.doi.org/10.1088/1742-6596/898/10/102004
http://cds.cern.ch/record/2259900
_version_ 1780953954936422400
author Gomez Ramirez, A.
Martinez Pedreira, M.
Grigoras, C.
Betev, L.
Lara, C.
Kebschull, U.
author_facet Gomez Ramirez, A.
Martinez Pedreira, M.
Grigoras, C.
Betev, L.
Lara, C.
Kebschull, U.
author_sort Gomez Ramirez, A.
collection CERN
description High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware. This malware was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.
id cern-2259900
institution Organización Europea para la Investigación Nuclear
language eng
publishDate 2017
record_format invenio
spelling cern-22599002021-09-16T11:34:30Zdoi:10.1088/1742-6596/898/10/102004http://cds.cern.ch/record/2259900engGomez Ramirez, A.Martinez Pedreira, M.Grigoras, C.Betev, L.Lara, C.Kebschull, U.A Security Monitoring Framework For Virtualization Based HEP Infrastructureshep-exParticle Physics - Experimentcs.CRComputing and Computerscs.AIComputing and Computerscs.DCComputing and ComputersHigh Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware. This malware was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. We describe a novel framework that accomplishes these requirements, with a proof of concept implementation for the ALICE experiment at CERN. We show how we achieve a fully virtualized environment that improves the security by isolating services and Jobs without a significant performance impact. We also describe a collected dataset for Machine Learning based Intrusion Prevention and Detection Systems on Grid computing. This dataset is composed of resource consumption measurements (such as CPU, RAM and network traffic), logfiles from operating system services, and system call data collected from production Jobs running in an ALICE Grid test site and a big set of malware samples. This malware set was collected from security research sites. Based on this dataset, we will proceed to develop Machine Learning algorithms able to detect malicious Jobs.arXiv:1704.04782oai:cds.cern.ch:22599002017-04-16
spellingShingle hep-ex
Particle Physics - Experiment
cs.CR
Computing and Computers
cs.AI
Computing and Computers
cs.DC
Computing and Computers
Gomez Ramirez, A.
Martinez Pedreira, M.
Grigoras, C.
Betev, L.
Lara, C.
Kebschull, U.
A Security Monitoring Framework For Virtualization Based HEP Infrastructures
title A Security Monitoring Framework For Virtualization Based HEP Infrastructures
title_full A Security Monitoring Framework For Virtualization Based HEP Infrastructures
title_fullStr A Security Monitoring Framework For Virtualization Based HEP Infrastructures
title_full_unstemmed A Security Monitoring Framework For Virtualization Based HEP Infrastructures
title_short A Security Monitoring Framework For Virtualization Based HEP Infrastructures
title_sort security monitoring framework for virtualization based hep infrastructures
topic hep-ex
Particle Physics - Experiment
cs.CR
Computing and Computers
cs.AI
Computing and Computers
cs.DC
Computing and Computers
url https://dx.doi.org/10.1088/1742-6596/898/10/102004
http://cds.cern.ch/record/2259900
work_keys_str_mv AT gomezramireza asecuritymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT martinezpedreiram asecuritymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT grigorasc asecuritymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT betevl asecuritymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT larac asecuritymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT kebschullu asecuritymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT gomezramireza securitymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT martinezpedreiram securitymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT grigorasc securitymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT betevl securitymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT larac securitymonitoringframeworkforvirtualizationbasedhepinfrastructures
AT kebschullu securitymonitoringframeworkforvirtualizationbasedhepinfrastructures

Ejemplares similares