Big data based security analytics for protecting virtualized infrastructures in cloud computing

Thu Yein Win*, Huaglory Tianfield, Quentin Mair

*Corresponding author for this work

    Research output: Contribution to journalArticlepeer-review

    323 Downloads (Pure)


    Virtualized infrastructure in cloud computing has become an attractive target for cyberattackers to launch advanced attacks. This paper proposes a novel big data based security analytics approach to detecting advanced attacks in virtualized infrastructures. Network logs as well as user application logs collected periodically from the guest virtual machines (VMs) are stored in the Hadoop Distributed File System (HDFS). Then, extraction of attack features is performed through graph-based event correlation and MapReduce parser based identification of potential attack paths. Next, determination of attack presence is performed through two-step machine learning, namley logistic regression is applied to calculate attack's conditional probabilities with respect to the attributes, and belief propagation is applied to calculate the belief in existence of an attack based on them. Experiments are conducted to evaluate the proposed approach using well-known malware as well as in comparison with existing security techniques for virtualized infrastructure. The results show that our proposed approach is effective in detecting attacks with minimal performance overhead.
    Original languageEnglish
    Pages (from-to)11-25
    Number of pages15
    JournalIEEE Transactions on Big Data
    Issue number1
    Early online date15 Jun 2017
    Publication statusPublished - 1 Mar 2018


    • virtualized infrastructure
    • virtualization security
    • cloud security
    • malware detection
    • rootkit detection
    • security analytics
    • event correlation
    • logistic regression
    • belief propagation


    Dive into the research topics of 'Big data based security analytics for protecting virtualized infrastructures in cloud computing'. Together they form a unique fingerprint.

    Cite this