A Factorial Space for a System-Based Detection of Botcloud Activity

Author

Hammi, Badis ; Khatoun, Rida ; Doyen, Guillaume

Author_Institution

Univ. de Technol. de Troyes, Troyes, France

fYear

2014

fDate

March 30 2014-April 2 2014

Firstpage

1

Lastpage

5

Abstract

Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud´s behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.

Keywords

cloud computing; computer network security; distributed processing; principal component analysis; transport protocols; UDP-flood DDoS attacks; botcloud activity; botcloud detection; botcoud behavior; botnets; cloud computing; cloud service provider; distributed massive attacks; distributed system behavior analysis; factorial space; legitimate activity; legitimate usage; malicious use; principal component analysis; source-based detection; system metrics; system-based detection; Cloud computing; Collaboration; Computer crime; Intrusion detection; Measurement; Monitoring; Principal component analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on

Conference_Location

Dubai

Type

conf

DOI

10.1109/NTMS.2014.6813996

Filename

6813996