{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T22:40:37Z","timestamp":1725835237659},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319263618"},{"type":"electronic","value":"9783319263625"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_27","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T10:10:45Z","timestamp":1445854245000},"page":"588-614","source":"Crossref","is-referenced-by-count":0,"title":["Elite: Automatic Orchestration of Elastic Detection Services to Secure Cloud Hosting"],"prefix":"10.1007","author":[{"given":"Yangyi","family":"Chen","sequence":"first","affiliation":[]},{"given":"Vincent","family":"Bindschaedler","sequence":"additional","affiliation":[]},{"given":"XiaoFeng","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Stefan","family":"Berger","sequence":"additional","affiliation":[]},{"given":"Dimitrios","family":"Pendarakis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"27_CR1","doi-asserted-by":"crossref","unstructured":"Somorovsky, J., Heiderich, M., Jensen, M., Schwenk, J., Gruschka, N., Lo Iacono, L.: All your clouds are belong to us: Security analysis of cloud management interfaces. In: CCSW (2011)","DOI":"10.1145\/2046660.2046664"},{"key":"27_CR2","unstructured":"Mulazzani, M., Schrittwieser, S., Leithner, M., Huber, M., Weippl, E.: Dark clouds on the horizon: using cloud storage as attack vector and online slack space. In: USENIX Security (2011)"},{"key":"27_CR3","unstructured":"McAfee SaaS Endpoint Protection Suite. \n                      http:\/\/www.mcafee.com\/us\/products\/saas-endpoint-protection-suite.aspx"},{"key":"27_CR4","unstructured":"Trend Micro Deep Security as a Service. \n                      http:\/\/www.trendmicro.com\/us\/business\/saas\/deep-security-as-a-service\/index.html"},{"key":"27_CR5","unstructured":"Alerg Logic Public Cloud Security. \n                      https:\/\/www.alertlogic.com\/products-services\/public-cloud-security\/"},{"key":"27_CR6","unstructured":"Heat - OpenStack. \n                      https:\/\/wiki.openstack.org\/wiki\/Heat"},{"key":"27_CR7","unstructured":"AWS CloudFormation. \n                      https:\/\/aws.amazon.com\/cloudformation\/"},{"key":"27_CR8","unstructured":"Sung, A.H., Xu, J., Chavez, P., Mukkamala, S.: Static analyzer of vicious executables (save). In: ACSAC, Washington, DC, USA (2004)"},{"key":"27_CR9","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: USENIX Security, Berkeley, CA, USA (2006)"},{"key":"27_CR10","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security (2009)"},{"key":"27_CR11","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: CCS, New York, USA (2007)","DOI":"10.1145\/1315245.1315261"},{"key":"27_CR12","doi-asserted-by":"crossref","first-page":"151","DOI":"10.3233\/JCS-980109","volume":"6","author":"SA Hofmeyr","year":"1998","unstructured":"Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6, 151\u2013180 (1998)","journal-title":"J. Comput. Secur."},{"key":"27_CR13","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: IEEE S&P (1996)"},{"key":"27_CR14","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1145\/545186.545187","volume":"5","author":"CC Michael","year":"2002","unstructured":"Michael, C.C., Ghosh, A.: Simple, state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur. 5, 203\u2013237 (2002). \n                      http:\/\/doi.acm.org\/10.1145\/545186.545187","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"27_CR15","unstructured":"Provos, N.: Improving host security with system call policies. In: USENIX Security (2002)"},{"key":"27_CR16","unstructured":"IBM InfoSphere Streams. \n                      http:\/\/www-03.ibm.com\/software\/products\/en\/infosphere-streams"},{"key":"27_CR17","unstructured":"Storm - The Apache Software Foundation! \n                      http:\/\/storm.incubator.apache.org\/"},{"key":"27_CR18","unstructured":"Apache Storm - A system for processing streaming data in real time. \n                      http:\/\/hortonworks.com\/hadoop\/storm\/"},{"key":"27_CR19","unstructured":"Apache ZooKeeper. \n                      http:\/\/zookeeper.apache.org\/"},{"key":"27_CR20","unstructured":"Google Hacking Database. \n                      http:\/\/www.exploit-db.com\/google-dorks\/"},{"key":"27_CR21","unstructured":"AWS CloudFormation Sample Template WordPressMultiAZ. \n                      https:\/\/s3-us-west-2.amazonaws.com\/cloudformation-templates-us-west-2\/WordPress_Multi_AZ.template"},{"key":"27_CR22","unstructured":"Heat API Instance Tools. \n                      https:\/\/launchpad.net\/heat-cfntools"},{"key":"27_CR23","unstructured":"AWS CloudFormation Templates. \n                      https:\/\/aws.amazon.com\/cloudformation\/aws-cloudformation-templates\/"},{"key":"27_CR24","unstructured":"Distributed Ruby Send instance eval\/syscall Code Execution. \n                      https:\/\/www.rapid7.com\/db\/modules\/exploit\/linux\/misc\/drb_remote_codeexec"},{"key":"27_CR25","unstructured":"Java RMI Server Insecure Default Configuration Java Code Execution. \n                      https:\/\/www.rapid7.com\/db\/modules\/exploit\/multi\/misc\/java_rmi_server"},{"key":"27_CR26","unstructured":"SQLite Home Page. \n                      http:\/\/www.sqlite.org\/"},{"key":"27_CR27","unstructured":"Samba Guest Account Symlink Traversal Arbitrary File Access. \n                      http:\/\/www.osvdb.org\/62145"},{"key":"27_CR28","unstructured":"Samba Symlink Directory Traversal. \n                      https:\/\/www.rapid7.com\/db\/modules\/auxiliary\/admin\/smb\/samba_symlink_traversal"},{"key":"27_CR29","unstructured":"Need for speed: Testing the networking performance of the top 4 cloud providers. \n                      http:\/\/gigaom.com\/2014\/04\/12\/need-for-speed-testing-the-networking-performance-of-the-top-4-cloud-providers\/"},{"key":"27_CR30","unstructured":"Google Compute Engine: Transparent maintenance. \n                      https:\/\/developers.google.com\/compute\/docs\/zones#maintenance"},{"key":"27_CR31","doi-asserted-by":"crossref","unstructured":"Kim, G.H., Spafford, E.H.: The design and implementation of tripwire: a file system integrity checker. In: CCS, New York, USA (1994)","DOI":"10.1145\/191177.191183"},{"key":"27_CR32","unstructured":"Vigna, G., Kruegel, C.: Host-based intrusion detection (2005)"},{"key":"27_CR33","unstructured":"Roesch, M.: Snort - lightweight intrusion detection for networks. In: USENIX System Administration, Berkeley, CA, USA (1999)"},{"key":"27_CR34","doi-asserted-by":"publisher","first-page":"11994","DOI":"10.1016\/j.eswa.2009.05.029","volume":"36","author":"C-F Tsai","year":"2009","unstructured":"Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36, 11994\u201312000 (2009)","journal-title":"Expert Syst. Appl."},{"key":"27_CR35","unstructured":"Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: S&P (1999)"},{"key":"27_CR36","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1023\/A:1006624031083","volume":"14","author":"W Lee","year":"2000","unstructured":"Lee, W., Stolfo, S.J., Mok, K.W.: Adaptive intrusion detection: a data mining approach. Artif. Intell. Rev. 14, 533\u2013567 (2000)","journal-title":"Artif. Intell. Rev."},{"key":"27_CR37","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1145\/2007183.2007189","volume":"45","author":"F Azmandian","year":"2011","unstructured":"Azmandian, F., Moffie, M., Alshawabkeh, M., Dy, J., Aslam, J., Kaeli, D.: Virtual machine monitor-based lightweight intrusion detection. ACM SIGOPS 45, 38\u201353 (2011)","journal-title":"ACM SIGOPS"},{"key":"27_CR38","unstructured":"Garfinkel, T., Rosenblum, M., et al.: A virtual machine introspection based architecture for intrusion detection. In: NDSS (2003)"},{"key":"27_CR39","doi-asserted-by":"crossref","unstructured":"Kholidy, H.A., Baiardi, F.: CIDS: a framework for intrusion detection in cloud systems. In: ITNG (2012)","DOI":"10.1109\/ITNG.2012.94"},{"key":"27_CR40","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1016\/j.jnca.2012.05.003","volume":"36","author":"C Modi","year":"2013","unstructured":"Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. JNCA 36, 42\u201357 (2013)","journal-title":"JNCA"},{"key":"27_CR41","doi-asserted-by":"crossref","unstructured":"Patel, A., Taghavi, M., Bakhtiyari, K., Celestino Jr., J.: Review: an intrusion detection and prevention system in cloud computing: a systematic review. JNCA 36, 25\u201341 (2013)","DOI":"10.1016\/j.jnca.2012.08.007"},{"key":"27_CR42","unstructured":"Gember, A., Krishnamurthy, A., John, S.S., Grandl, R., Gao, X., Anand, A.: Stratos: a network-aware orchestration layer for virtual middleboxes in clouds. arXiv (2013)"},{"key":"27_CR43","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1145\/762476.762477","volume":"6","author":"SN Chari","year":"2003","unstructured":"Chari, S.N., Cheng, P.-C.: Bluebox: A policy-driven, host-based intrusion detection system. ACM TISSEC 6, 173\u2013200 (2003)","journal-title":"ACM TISSEC"},{"key":"27_CR44","first-page":"43","volume":"1","author":"S Smalley","year":"2001","unstructured":"Smalley, S., Vance, C., Salamon, W.: Implementing selinux as a linux security module. NAI Labs Rep. 1, 43 (2001)","journal-title":"NAI Labs Rep."},{"key":"27_CR45","unstructured":"SUSE AppArmor. \n                      https:\/\/www.suse.com\/support\/security\/apparmor\/"},{"key":"27_CR46","unstructured":"Harada, T., Horie, T., Tanaka, K.: Task oriented management obviates your onus on linux. In: Linux Conference (2004)"},{"key":"27_CR47","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of system-call monitoring. In: ACSAC (2008)","DOI":"10.1109\/ACSAC.2008.54"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T05:33:37Z","timestamp":1559280817000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}