The present invention relates generally to a method and system for malicious application detection and prevention system for stream computing applications deployed in cloud computing environments.
A stream computing application ingests input data from one or more data sources, performs some form of processing of that data, e.g., aggregate, filter, detect patterns, etc., and then transmits the resulting output data to one or more data sinks. Preventing a stream computing application from performing Denial-of-Service (DoS) attacks or other attacks is hard to do, because the entire purpose of the stream computing application is to ingest data, process the data, and then sink the data. A malicious user could deploy a stream computing application for the sole purpose of attacking other services or sites on the Internet. The result could be blacklisting of the cloud provider's Internet Protocol (IP) address from other Internet sites, service availability impacts, etc.
Intrusion detection systems and malware detection can be used to detect and prevent malicious stream computing applications. Ample research exists in intrusion detection systems and malware detection. However, current solutions in screening applications are mostly manual or rule-based, and do not meet the needs of dynamic, on-demand applications deployed by customers.
Thus, there is a need in the art for a mechanism to allow legitimate cloud customers to write custom stream computing applications that ingest and sink data from and to unrestricted systems in multi-tenant environments, while preventing illegitimate users from deploying malicious applications.