Toward a Source Detection of Botclouds: A PCA-Based Approach

Abstract : Cloud computing security is often focused on data and users security and protection against external intrusions. However, it exists an area of cloud security that is often overlooked and that can have disastrous consequences: the conversion of cloud computing into an attack vector. Beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers. Botnets supporting Distributed Denial of Service (DDoS) attacks are among the greatest beneficiaries of this malicious use. In this paper, we propose a novel source-based detection approach that aims at detecting the abnormal virtual machines behavior. The originality of our approach resides in (1) relying only on the system’s metrics of virtual machines and (2) considering a source-based detection. Our approach is based on Principal Component Analysis to detect anomalies that can be signs of botcloud’s behavior supporting DDoS flooding attacks. We also present the results of the evaluation of our detection algorithm.
Complete list of metadatas

Cited literature [19 references]  Display  Hide  Download

https://hal.inria.fr/hal-01401295
Contributor : Hal Ifip <>
Submitted on : Wednesday, November 23, 2016 - 10:25:16 AM
Last modification on : Friday, December 20, 2019 - 1:37:07 AM
Long-term archiving on: Tuesday, March 21, 2017 - 3:38:45 AM

File

978-3-662-43862-6_13_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Hammi Badis, Guillaume Doyen, Rida Khatoun. Toward a Source Detection of Botclouds: A PCA-Based Approach. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. pp.105-117, ⟨10.1007/978-3-662-43862-6_13⟩. ⟨hal-01401295⟩

Share

Metrics

Record views

130

Files downloads

622