Toward a Source Detection of Botclouds: A PCA-Based Approach - Monitoring and Securing Virtualized Networks and Services
Conference Papers Year : 2014

Toward a Source Detection of Botclouds: A PCA-Based Approach

Hammi Badis
Guillaume Doyen
  • Function : Author
  • PersonId : 868503
Rida Khatoun

Abstract

Cloud computing security is often focused on data and users security and protection against external intrusions. However, it exists an area of cloud security that is often overlooked and that can have disastrous consequences: the conversion of cloud computing into an attack vector. Beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers. Botnets supporting Distributed Denial of Service (DDoS) attacks are among the greatest beneficiaries of this malicious use. In this paper, we propose a novel source-based detection approach that aims at detecting the abnormal virtual machines behavior. The originality of our approach resides in (1) relying only on the system’s metrics of virtual machines and (2) considering a source-based detection. Our approach is based on Principal Component Analysis to detect anomalies that can be signs of botcloud’s behavior supporting DDoS flooding attacks. We also present the results of the evaluation of our detection algorithm.
Fichier principal
Vignette du fichier
978-3-662-43862-6_13_Chapter.pdf (639.2 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01401295 , version 1 (23-11-2016)

Licence

Identifiers

Cite

Hammi Badis, Guillaume Doyen, Rida Khatoun. Toward a Source Detection of Botclouds: A PCA-Based Approach. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jun 2014, Brno, Czech Republic. pp.105-117, ⟨10.1007/978-3-662-43862-6_13⟩. ⟨hal-01401295⟩
175 View
183 Download

Altmetric

Share

More