DDoS Attack in Cloud Computing

  • Published on

  • View

  • Download

Embed Size (px)


DDoS Attack in Cloud Computing. 2010. 10. 11 B. Cha. Agenda. DDoS Attacks DDoS defense Scenarios of DDoS Attacks in Cloud Computing Attacks using Clod Computing Defense in Cloud Computing Target in Eucalyptus Sign of Attacks in Cloud Computing - PowerPoint PPT Presentation


<p>Anomaly in Cloud Computing</p> <p>DDoS Attack in Cloud Computing2010. 10. 11B. ChaAgendaDDoS Attacks DDoS defense Scenarios of DDoS Attacks in Cloud ComputingAttacks using Clod ComputingDefense in Cloud ComputingTarget in EucalyptusSign of Attacks in Cloud ComputingAnomaly Detection in Cloud ComputingProposed Multistage DDoS Attack Detection MonitoringLightweight Anomaly DetectionCoarse-grained data Bayesian MethodTriggeredFocused Anomaly DetectionSTMLTM DDoS Attack </p> <p>3DDoS Attack </p> <p>DDoS defense </p> <p>Malicious ClientServicesNode ControllersClC &amp; CCDDoSAttacksLeases ResourcesLegacy Target System</p> <p>Node ControllersClC &amp; CCCloud System(B)(C)(A)DDoS Attacks using Cloud Computing</p> <p>Node ControllersClC &amp; CCAssumption: Private Clouds</p> <p>Normal Manager6</p> <p>Malicious ClientServicesNode ControllersClC &amp; CCDDoSAttacksLeases ResourcesLegacy System</p> <p>Node ControllersCloud ControllerTarget Cloud SystemDDoS Attacks using Cloud Computing(B)(C)(A)</p> <p>Node ControllersClC &amp; CC</p> <p>ClusterController(1)(2)</p> <p>Normal Manager7</p> <p>Node ControllersClC &amp; CCCloud System(C)</p> <p>Malicious ClientServicesDDoSAttacksLeases ResourcesLegacy SystemDefense in Cloud Computing(B)</p> <p>Node ControllersCloud ControllerTarget Cloud System(A)</p> <p>ClusterController(1)(2)(3)</p> <p>Normal Client</p> <p>Normal Manager8</p> <p>Node ControllersClC &amp; CCCloud System(C)</p> <p>Malicious ClientServicesService RequestLeases ResourcesLegacy SystemDefense in Cloud Computing(B)</p> <p>Node ControllersCloud ControllerTarget Cloud System(A)</p> <p>ClusterController(2)</p> <p>Malicious Manager</p> <p>External MonitorUsed Resources Amount in aspect of availability(1)Elastics Forces(Fatigue) Measurementin DDoS attacks9</p> <p>EC2oolsCLCUsers, Key-pairs, Image MetadataSCS3 ToolsWalrusCCNCSCCCNCCluster ACluster BFront-end NodeEach NodeClient 1Target in Eucalyptus10Source SystemTarget Cloud SystemDDoS Attack</p> <p>TrafficSrc</p> <p>TrafficTg</p> <p>TimeTg</p> <p>Time</p> <p>TrafficTrafficCloud Burst Attack(a)(b)Time(1)(2)Sign of Attacks in Cloud ComputingTg</p> <p>Coarse-grained DataFine-grained DataPrior &amp; Posterior Prob.11Multistage DDoS Attack DetectionMultistage DDoS Attack DetectionStage 1: MonitoringStage 2: Lightweight Anomaly DetectionStage 3: Focused Anomaly Detection </p> <p>Considerations in MonitoringVolume Data in CloudMonitoring LocationSource-EndVictim-EndInterval delta_T</p> <p>Considerations in Learning Alg.Unsupervised Learning Alg.Supervised or Semi-supervised Learning Alg.: Bulk AnomalyRelation between distance based and statistical anomalies for two-dimensional data sets</p> <p>Multistage DDoS Attack DetectionConsiderations in Lightweight Anomaly DetectionTop ListIn-boundOut-boundDetection AlgorithmEntropyStatistics TechniquesChi-SquareCoarse-grained data -&gt; DDoS AttacksFine-grained data: Normal &amp; Bayesian Method (Prior Probability) (Posterior Probability) (Likelihood function)d </p> <p>Multistage DDoS Attack DetectionConsiderations in Focused Anomaly DetectionInterval delta_TTime PolicySTM(Short-Term Memory)LTM(Long-Term Memory)LTMHistorySymptom of AttacksScanning , Stealth ScanningAttack ScenarioMisuse Detection RuleTimeStageInterval delta_TSTMLTMMonitoringLightweight ADFocused ADCoarse-grained data Volume data in Cloud14</p>