Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | briana-johns |
View: | 220 times |
Download: | 0 times |
DDoS Attack in Cloud Computing
2010. 10. 11B. Cha
Agenda• DDoS Attacks 과 DDoS defense 분류 • Scenarios of DDoS Attacks in Cloud Computing
– Attacks using Clod Computing– Defense in Cloud Computing– Target in Eucalyptus– Sign of Attacks in Cloud Computing
• Anomaly Detection in Cloud Computing– Proposed Multistage DDoS Attack Detection – Monitoring– Lightweight Anomaly Detection
• Coarse-grained data • Bayesian Method• Triggered
– Focused Anomaly Detection• STM• LTM
DDoS Attack 분류
DDoS Attack 분류
DDoS defense 분류
Malicious Client
Services
Node Controllers
ClC & CC
DDoSAttacks
Leases Re-
sources
Legacy Target System
Node Controllers
ClC & CC
Cloud Sys-tem
(B)
(C)
(A)
DDoS Attacks using Cloud Comput-ing
Node Controllers
ClC & CC
Assumption: 1. Private Clouds
Normal Manager
Malicious Client
Services
Node Controllers
ClC & CC
DDoSAttacks
Leases Re-
sources
Legacy System
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
DDoS Attacks using Cloud Comput-ing
(B)
(C)
(A)
Node Controllers
ClC & CC
ClusterCon-
troller
(1) (2)
Normal Manager
Node Controllers
ClC & CC
Cloud Sys-tem
(C)
Malicious Client
Services
DDoSAttacks
Leases Re-
sources
Legacy System
Defense in Cloud Computing
(B)
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
(A)
ClusterCon-
troller
(1)
(2) (3)Normal Client
Normal Manager
Node Controllers
ClC & CC
Cloud Sys-tem
(C)
Malicious Client
Services
Service Re-
quest
Leases Re-
sources
Legacy System
Defense in Cloud Computing
(B)
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
(A)
ClusterCon-
troller
(2)
Malicious Man-ager
External Moni-tor
Used Resources Amount in aspect of availability
(1)
Elastics Forces(Fatigue) Measurement
in DDoS attacks
EC2ools
CLC Users, Key-pairs, Image Metadata
SC
S3 Tools
Walrus
CC
NC
SC CC
NC
Cluster A
Cluster B
Front-end Node
Each Node
Client 1
Target in Eucalyptus
Source System
Target Cloud System
DDoS Attack
iTG
jSRC
Traf-fic
Src
jSRC
Traf-fic
Tg
iTG
Time
Tg XT
Time
XT
Traf-fic
Traf-fic
Cloud Burst Attack
(a)
(b)
Time
(1) (2)
Sign of Attacks in Cloud Computing
Tg XT
Coarse-grained Data
Fine-grained Data
Prior & Poste-rior Prob.
Multistage DDoS Attack Detection
• Multistage DDoS Attack Detection– Stage 1: Monitoring– Stage 2: Lightweight Anomaly Detection– Stage 3: Focused Anomaly Detection
• Considerations in Monitoring– Volume Data in Cloud– Monitoring Location
• Source-End• Victim-End
– Interval delta_T
• Considerations in Learning Alg.– Unsupervised Learning Alg.– Supervised or Semi-supervised Learning Alg.: Bulk Anomaly– Relation between distance based and statistical anomalies for two-dimen-
sional data sets
Multistage DDoS Attack Detection
• Considerations in Lightweight Anomaly Detection– Top List
• In-bound• Out-bound
– Detection Algorithm• Entropy• Statistics Techniques• Chi-Square
– Coarse-grained data• 굵은 덩어리 -> DDoS Attacks• Fine-grained data: Normal & 임계치 결정
– Bayesian Method• 사전 확률 (Prior Probability) 과 사후 확률 (Posterior Probability)• 사후 확률은 베이즈 정리에 의해서 사전 확률과 우도 (Likelihood function)d 에 의해서 계산 가능
)()()(
)()()( TGPSRCTGL
SRCP
TGPTGSRCPSRCTGP
)(
)()()(
TGP
SRCPSRCTGPTGSRCP
tconsngnormalizai
iorlikelihoodposterior
tan_
Pr
Multistage DDoS Attack Detection
• Considerations in Focused Anomaly Detection– Interval delta_T– Time Policy
• STM(Short-Term Memory)• LTM(Long-Term Memory)
– LTM• History• Symptom of Attacks
– Scanning , Stealth Scanning
• Attack Scenario• Misuse Detection Rule
Time
Stage
Interval delta_TSTM LTM
Monitoring
Lightweight AD
Focused AD
Coarse-grained data
Volume data in Cloud