A Factorial Space for a System-Based Detection of Botcloud Activity

Submitted by BrandonB on Thu, 04/30/2015 - 1:20pm

Title	A Factorial Space for a System-Based Detection of Botcloud Activity
Publication Type	Conference Paper
Year of Publication	2014
Authors	Hammi, B., Khatoun, R., Doyen, G.
Conference Name	New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on
Date Published	March
Keywords	botcloud activity, botcloud detection, botcoud behavior, botnets, cloud computing, cloud service provider, Collaboration, Computer crime, computer network security, distributed massive attacks, distributed processing, distributed system behavior analysis, factorial space, Intrusion detection, legitimate activity, legitimate usage, malicious use, Measurement, Monitoring, principal component analysis, source-based detection, system metrics, system-based detection, transport protocols, UDP-flood DDoS attacks
Abstract	Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.
DOI	10.1109/NTMS.2014.6813996
Citation Key	6813996

Groups:

Science of Security VO