DDoS Attack in Cloud Computing

Embed Size (px)

DESCRIPTION

DDoS Attack in Cloud Computing. 2010. 10. 11 B. Cha. Agenda. DDoS Attacks 과 DDoS defense 분류 Scenarios of DDoS Attacks in Cloud Computing Attacks using Clod Computing Defense in Cloud Computing Target in Eucalyptus Sign of Attacks in Cloud Computing - PowerPoint PPT Presentation

Text of DDoS Attack in Cloud Computing

Anomaly in Cloud Computing

DDoS Attack in Cloud Computing2010. 10. 11B. ChaAgendaDDoS Attacks DDoS defense Scenarios of DDoS Attacks in Cloud ComputingAttacks using Clod ComputingDefense in Cloud ComputingTarget in EucalyptusSign of Attacks in Cloud ComputingAnomaly Detection in Cloud ComputingProposed Multistage DDoS Attack Detection MonitoringLightweight Anomaly DetectionCoarse-grained data Bayesian MethodTriggeredFocused Anomaly DetectionSTMLTM DDoS Attack

3DDoS Attack

DDoS defense

Malicious ClientServicesNode ControllersClC & CCDDoSAttacksLeases ResourcesLegacy Target System

Node ControllersClC & CCCloud System(B)(C)(A)DDoS Attacks using Cloud Computing

Node ControllersClC & CCAssumption: Private Clouds

Normal Manager6

Malicious ClientServicesNode ControllersClC & CCDDoSAttacksLeases ResourcesLegacy System

Node ControllersCloud ControllerTarget Cloud SystemDDoS Attacks using Cloud Computing(B)(C)(A)

Node ControllersClC & CC

ClusterController(1)(2)

Normal Manager7

Node ControllersClC & CCCloud System(C)

Malicious ClientServicesDDoSAttacksLeases ResourcesLegacy SystemDefense in Cloud Computing(B)

Node ControllersCloud ControllerTarget Cloud System(A)

ClusterController(1)(2)(3)

Normal Client

Normal Manager8

Node ControllersClC & CCCloud System(C)

Malicious ClientServicesService RequestLeases ResourcesLegacy SystemDefense in Cloud Computing(B)

Node ControllersCloud ControllerTarget Cloud System(A)

ClusterController(2)

Malicious Manager

External MonitorUsed Resources Amount in aspect of availability(1)Elastics Forces(Fatigue) Measurementin DDoS attacks9

EC2oolsCLCUsers, Key-pairs, Image MetadataSCS3 ToolsWalrusCCNCSCCCNCCluster ACluster BFront-end NodeEach NodeClient 1Target in Eucalyptus10Source SystemTarget Cloud SystemDDoS Attack

TrafficSrc

TrafficTg

TimeTg

Time

TrafficTrafficCloud Burst Attack(a)(b)Time(1)(2)Sign of Attacks in Cloud ComputingTg

Coarse-grained DataFine-grained DataPrior & Posterior Prob.11Multistage DDoS Attack DetectionMultistage DDoS Attack DetectionStage 1: MonitoringStage 2: Lightweight Anomaly DetectionStage 3: Focused Anomaly Detection

Considerations in MonitoringVolume Data in CloudMonitoring LocationSource-EndVictim-EndInterval delta_T

Considerations in Learning Alg.Unsupervised Learning Alg.Supervised or Semi-supervised Learning Alg.: Bulk AnomalyRelation between distance based and statistical anomalies for two-dimensional data sets

Multistage DDoS Attack DetectionConsiderations in Lightweight Anomaly DetectionTop ListIn-boundOut-boundDetection AlgorithmEntropyStatistics TechniquesChi-SquareCoarse-grained data -> DDoS AttacksFine-grained data: Normal & Bayesian Method (Prior Probability) (Posterior Probability) (Likelihood function)d

Multistage DDoS Attack DetectionConsiderations in Focused Anomaly DetectionInterval delta_TTime PolicySTM(Short-Term Memory)LTM(Long-Term Memory)LTMHistorySymptom of AttacksScanning , Stealth ScanningAttack ScenarioMisuse Detection RuleTimeStageInterval delta_TSTMLTMMonitoringLightweight ADFocused ADCoarse-grained data Volume data in Cloud14