Abstract
Cloud computing security is often focused on data and users security and protection against external intrusions. However, it exists an area of cloud security that is often overlooked and that can have disastrous consequences: the conversion of cloud computing into an attack vector. Beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers. Botnets supporting Distributed Denial of Service (DDoS) attacks are among the greatest beneficiaries of this malicious use. In this paper, we propose a novel source-based detection approach that aims at detecting the abnormal virtual machines behavior. The originality of our approach resides in (1) relying only on the system’s metrics of virtual machines and (2) considering a source-based detection. Our approach is based on Principal Component Analysis to detect anomalies that can be signs of botcloud’s behavior supporting DDoS flooding attacks. We also present the results of the evaluation of our detection algorithm.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Pedram, H., Jia, J., Daria, R.: Botcloud an emerging platform for cyber-attacks (October 2012), http://baesystemsdetica.blogspot.fr
Clark, K.P., Warnier, M., Brazier, F.M.T.: Botclouds - the future of cloud-based botnets? In: Leymann, F., Ivanov, I., van Sinderen, M.J., Shishkov, B.B. (eds.) Proceedings of the 1st International Conference on Cloud Computing and Services Science (CLOSER 2011), pp. 597–603. Science and Technology Publications (2011)
Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DOS and DDOS problems. ACM Computing Surveys (CSUR) 39(1) (2007)
Dean, D.J., Nguyen, H., Gu, X.: Ubl: unsupervised behavior learning for predicting performance anomalies in virtualized cloud systems. In: Proceedings of the 9th International Conference on Autonomic Computing, ICAC 2012, pp. 191–200. ACM (2012)
François, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. 20(6), 1828–1841 (2012)
Dash, D., Kveton, B., Agosta, J.M., Schooler, E., Chandrashekar, J., Bachrach, A., Newman, A.: When gossip is good: Distributed probabilistic inference for detection of slow network intrusions. In: Proceedings of the 21st National Conference on Artificial Intelligence, AAAI 2006, vol. 2, pp. 1115–1122. AAAI Press (2006)
Zhou, C.V., Karunasekera, S., Leckie, C.: A peer-to-peer collaborative intrusion detection system. In: 2005 13th IEEE International Conference on Networks, Jointly Held with the 2005 IEEE 7th Malaysia International Conference on Communication, vol. 1, p. 6 (2005)
Li, J., Lim, D.-Y., Sollins, K.: Dependency-based distributed intrusion detection. In: Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test 2007, DETER, p. 8. USENIX Association (2007)
Mirkovic, J., Reiher, P.: D-ward: a source-end defense against flooding denial-of-service attacks. IEEE Transactions on Dependable and Secure Computing 2(3), 216–232 (2005)
Badis, H., Doyen, G., Khatoun, R.: Understanding botclouds from a system perspective: a principal component analysis. In: Network Operations and Management Symposium (NOMS 2014). IFIP/IEEE (May 2014) (accepted paper)
Badis, H., Khatoun, R., Doyen, G.: A factorial space for a system-based detection of botcloud activity. In: Sixth IFIP International Conference on New Technologies, Mobility and Security (NTMS 2014). IFIP/IEEE (March 2014) (accepted paper)
Chun, B., Culler, D., Roscoe, T., Bavier, A., Peterson, L., Wawrzoniak, M., Bowman, M.: Planetlab: an overlay testbed for broad-coverage services. SIGCOMM Comput. Commun. Rev. 33(3), 3–12 (2003)
Ruiter, J., Warnier, M.: Privacy regulations for cloud computing: Compliance and implementation in theory and practice. In: Gutwirth, S., Poullet, Y., De Hert, P., Leenes, R. (eds.) Computers, Privacy and Data Protection: an Element of Choice, pp. 361–376. Springer, Netherlands (2011)
Wold, S., Esbensen, K., Geladi, P.: Principal component analysis. Chemometrics and Intelligent Laboratory Systems 2, 37–52 (1987), Proceedings of the Multivariate Statistical Workshop for Geologists and Geochemists
Shyu, M.-L, Chen, S.-C, Sarinnapakorn, K., Chang, L.W.: A novel anomaly detection scheme based on principal component classifier. Technical report, DTIC Document (2003)
Brauckhoff, D., Salamatian, K., May, M.: Applying pca for traffic anomaly detection: Problems and solutions. In: IEEE INFOCOM 2009, pp. 2866–2870 (April 2009)
Lee, Y.-J., Yeh, Y.-R., Wang, Y.-C.F.: Anomaly detection via online oversampling principal component analysis. IEEE Transactions on Knowledge and Data Engineering 25(7), 1460–1470 (2013)
Meyer, C.D.: Matrix analysis and applied linear algebra, vol. 2. SIAM (2000)
Baldi, P., Brunak, S., Chauvin, Y., Andersen, C.A.F., Nielsen, H.: Assessing the accuracy of prediction algorithms for classification: an overview. Bioinformatics 16(5), 412–424 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 International Federation for Information Processing
About this paper
Cite this paper
Badis, H., Doyen, G., Khatoun, R. (2014). Toward a Source Detection of Botclouds: A PCA-Based Approach. In: Sperotto, A., Doyen, G., Latré, S., Charalambides, M., Stiller, B. (eds) Monitoring and Securing Virtualized Networks and Services. AIMS 2014. Lecture Notes in Computer Science, vol 8508. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43862-6_13
Download citation
DOI: https://doi.org/10.1007/978-3-662-43862-6_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43861-9
Online ISBN: 978-3-662-43862-6
eBook Packages: Computer ScienceComputer Science (R0)