Visible to the public A Factorial Space for a System-Based Detection of Botcloud Activity

TitleA Factorial Space for a System-Based Detection of Botcloud Activity
Publication TypeConference Paper
Year of Publication2014
AuthorsHammi, B., Khatoun, R., Doyen, G.
Conference NameNew Technologies, Mobility and Security (NTMS), 2014 6th International Conference on
Date PublishedMarch
Keywordsbotcloud activity, botcloud detection, botcoud behavior, botnets, cloud computing, cloud service provider, Collaboration, Computer crime, computer network security, distributed massive attacks, distributed processing, distributed system behavior analysis, factorial space, Intrusion detection, legitimate activity, legitimate usage, malicious use, Measurement, Monitoring, principal component analysis, source-based detection, system metrics, system-based detection, transport protocols, UDP-flood DDoS attacks

Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.

Citation Key6813996