Understanding botclouds from a system perspective: A principal component analysis

Abstract : Cloud computing is gaining ground and becoming one of the fast growing segments of the IT industry. However, if its numerous advantages are mainly used to support a legitimate activity, it is now exploited for a use it was not meant for: malicious users leverage its power and fast provisioning to turn it into an attack support. Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use since they can be setup on demand and at very large scale without requiring a long dissemination phase nor an expensive deployment costs. For cloud service providers, preventing their infrastructure from being turned into an Attack as a Service delivery model is very challenging since it requires detecting threats at the source, in a highly dynamic and heterogeneous environment. In this paper, we present the result of an experiment campaign we performed in order to understand the operational behavior of a botcloud used for a DDoS attack. The originality of our work resides in the consideration of system metrics that, while never considered for state-of-the-art botnets detection, can be leveraged in the context of a cloud to enable a source based detection. Our study considers both attacks based on TCP-flood and UDP-storm and for each of them, we provide statistical results based on a principal component analysis, that highlight the recognizable behavior of a botcloud as compared to other legitimate workloads.
Document type :
Conference papers
Complete list of metadatas

https://hal-utt.archives-ouvertes.fr/hal-02274911
Contributor : Jean-Baptiste Vu Van <>
Submitted on : Friday, August 30, 2019 - 12:14:51 PM
Last modification on : Monday, September 16, 2019 - 4:36:04 PM

Identifiers

  • HAL Id : hal-02274911, version 1

Collections

Citation

Hammi Badis, Guillaume Doyen, Rida Khatoun. Understanding botclouds from a system perspective: A principal component analysis. NOMS 2014 - 2014 IEEE/IFIP Network Operations and Management Symposium, May 2014, Krakow, Poland. pp.1-9. ⟨hal-02274911⟩

Share

Metrics

Record views

7