Detecting Malicious Migration on Edge to Prevent Running Data Leakage

With the popularity of the Internet of Things (IoT) applications, for instance, smart homes and smart medical, edge servers have become increasingly critical infrastructures. Nevertheless, the loose management puts the edge server under the threat of malicious administrators, which causes the leaking risks of the user’s data security. We first give a Data Sniffing Attack that malicious administrators can use live migration to complete without being discovered. To resist the attack, the transparency of live migration to users is the most severe difficulty, where there has not been an effective solution yet. In this paper, we propose a live migration detection model to simulate the migration process, namely observing the indicator values that can obtain without high authorities and calculating the possibility of state transition. Then through many migration experiments, we present the immediate indicators represented by the OS interrupts and the persistent indicators represented by the IO speed, and sort these indicator values into datasets. Next, we train ten frequently-used classifiers and show their accuracy. Eventually, we analyze the advantages and disadvantages of different algorithms in predicting migration and provide the weight recommendation if applied in the detection model.