Embed Size (px)
DESCRIPTION
DDoS Attack in Cloud Computing. 2010. 10. 11 B. Cha. Agenda. DDoS Attacks 과 DDoS defense 분류 Scenarios of DDoS Attacks in Cloud Computing Attacks using Clod Computing Defense in Cloud Computing Target in Eucalyptus Sign of Attacks in Cloud Computing - PowerPoint PPT Presentation
Citation preview
DDoS Attack in Cloud Computing2010. 10. 11
B. Cha
Agenda• DDoS Attacks 과 DDoS defense 분류 • Scenarios of DDoS Attacks in Cloud Computing
– Attacks using Clod Computing– Defense in Cloud Computing– Target in Eucalyptus– Sign of Attacks in Cloud Computing
• Anomaly Detection in Cloud Computing– Proposed Multistage DDoS Attack Detection – Monitoring– Lightweight Anomaly Detection
• Coarse-grained data • Bayesian Method• Triggered
– Focused Anomaly Detection• STM• LTM
DDoS Attack 분류
DDoS Attack 분류
DDoS defense 분류
Malicious Client
Services
Node ControllersClC & CC
DDoSAttacks
Leases Re-
sources
Legacy Target System
Node ControllersClC & CC
Cloud Sys-tem
(B)
(C)
(A)
DDoS Attacks using Cloud Comput-ing
Node ControllersClC & CC
Assumption: 1. Private Clouds
Normal Manager
Malicious Client
Services
Node ControllersClC & CC
DDoSAttacks
Leases Re-
sources
Legacy System
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
DDoS Attacks using Cloud Comput-ing
(B)
(C)
(A)
Node ControllersClC & CC
ClusterCon-
troller
(1) (2)
Normal Manager
Node ControllersClC & CC
Cloud Sys-tem
(C)
Malicious Client
ServicesDDoS
Attacks
Leases Re-
sources
Legacy System
Defense in Cloud Computing
(B)
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
(A)
ClusterCon-
troller
(1)(2) (3)Normal Client
Normal Manager
Node ControllersClC & CC
Cloud Sys-tem
(C)
Malicious Client
Services
Service Re-
quest
Leases Re-
sources
Legacy System
Defense in Cloud Computing
(B)
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
(A)
ClusterCon-
troller
(2)
Malicious Man-ager
External Moni-tor
Used Resources Amount in aspect of availability
(1)
Elastics Forces(Fatigue) Measurement
in DDoS attacks
EC2ools
CLC Users, Key-pairs, Image Metadata
SC
S3 Tools
Walrus
CC
NC
SC CC
NC
Cluster A
Cluster B
Front-end Node
Each Node
Client 1
Target in Eucalyptus
Source System
Target Cloud System
DDoS AttackiTG
jSRC
Traf -fic
Src
jSRC
Traf -fic
Tg
iTG
TimeTg XT
Time
XT
Traf -fic
Traf -fic
Cloud Burst Attack
(a)
(b)
Time
(1) (2)
Sign of Attacks in Cloud Computing
Tg XT
Coarse-grained Data
Fine-grained Data
Prior & Poste-rior Prob.
Multistage DDoS Attack Detection• Multistage DDoS Attack Detection
– Stage 1: Monitoring– Stage 2: Lightweight Anomaly Detection– Stage 3: Focused Anomaly Detection
• Considerations in Monitoring– Volume Data in Cloud– Monitoring Location
• Source-End• Victim-End
– Interval delta_T
• Considerations in Learning Alg.– Unsupervised Learning Alg.– Supervised or Semi-supervised Learning Alg.: Bulk Anomaly– Relation between distance based and statistical anomalies for two-dimensional
data sets
Multistage DDoS Attack Detection• Considerations in Lightweight Anomaly Detection
– Top List• In-bound• Out-bound
– Detection Algorithm• Entropy• Statistics Techniques• Chi-Square
– Coarse-grained data• 굵은 덩어리 -> DDoS Attacks• Fine-grained data: Normal & 임계치 결정
– Bayesian Method• 사전 확률 (Prior Probability) 과 사후 확률 (Posterior Probability)• 사후 확률은 베이즈 정리에 의해서 사전 확률과 우도 (Likelihood function)d 에 의해서 계산 가능
)()()(
)()()( TGPSRCTGL
SRCPTGPTGSRCP
SRCTGP
)()()(
)(TGP
SRCPSRCTGPTGSRCP
tconsngnormalizaiiorlikelihoodposteriortan_
Pr
Multistage DDoS Attack Detection• Considerations in Focused Anomaly Detection
– Interval delta_T– Time Policy
• STM(Short-Term Memory)• LTM(Long-Term Memory)
– LTM• History• Symptom of Attacks
– Scanning , Stealth Scanning• Attack Scenario• Misuse Detection Rule
Time
Stage
Interval delta_TSTM LTM
Monitoring
Lightweight AD
Focused AD
Coarse-grained data
Volume data in Cloud
