Attribution of Fraudulent Resource Consumption in the Cloud

Author

Idziorek, Joseph ; Tannian, Mark ; Jacobson, Doug

Author_Institution

Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA, USA

fYear

2012

fDate

24-29 June 2012

Firstpage

99

Lastpage

106

Abstract

Obligated by a utility pricing model, Internet-facing web resources hosted in the public cloud are vulnerable to Fraudulent Resource Consumption (FRC) attacks. Unlike an application-layer DDoS attack that consumes resources with the goal of disrupting short-term availability, an FRC attack is a considerably more subtle attack that instead seeks to disrupt the long-term financial viability of operating in the cloud by exploiting the utility pricing model over an extended time period. By fraudulently consuming web resources in sufficient volume (i.e. data transferred out of the cloud), an attacker (e.g. botnet) is able to incur significant fraudulent charges to the victim. This paper proposes an attribution methodology to identify malicious clients participating in an FRC attack. Experimental results demonstrate that the presented methodology achieves qualified success against challenging attack scenarios.

Keywords

cloud computing; fraud; pricing; security of data; FRC attack; Internet-facing Web resources; application-layer DDoS attack; fraudulent resource consumption attacks; fraudulent resource consumption attribution; long-term financial viability; malicious clients identification; public cloud; utility pricing model; Bandwidth; Cloud computing; Computer crime; Context; NASA; Pricing; Training; anomaly detection; application-layer DDoS; attribution; cloud computing; fraudulent resource consumption attack; security; utility pricing model;

fLanguage

English

Publisher

ieee

Conference_Titel

Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on

Conference_Location

Honolulu, HI

ISSN

2159-6182

Print_ISBN

978-1-4673-2892-0

Type

conf

DOI

10.1109/CLOUD.2012.23

Filename

6253494