DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha

Agenda DDoS Attacks 과 DDoS defense 분류 Scenarios of DDoS Attacks in Cloud Computing Attacks using Clod Computing Defense in Cloud Computing Target in Eucalyptus Sign of Attacks in Cloud Computing Anomaly Detection in Cloud Computing Proposed Multistage DDoS Attack Detection Monitoring Lightweight Anomaly Detection Coarse-grained data Bayesian Method Triggered Focused Anomaly Detection STM LTM

DDoS Attack 분류

DDoS Attack 분류

DDoS defense 분류

DDoS Attacks using Cloud Computing Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC Assumption: Private Clouds Node Controllers DDoS Attacks Legacy Target System Services (B) Cloud System ClC & CC Node Controllers (C)

DDoS Attacks using Cloud Computing Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC Node Controllers DDoS Attacks Legacy System (1) (2) Services (B) Target Cloud System Cloud Controller Node Controllers Cluster Controller (C)

Defense in Cloud Computing Normal Manager Normal Client (2) (3) (1) Target Cloud System Malicious Client Cloud Controller Node Controllers Cluster Controller (A) Leases Resources Legacy System DDoS Attacks Services (B) Cloud System ClC & CC Node Controllers (C)

Defense in Cloud Computing Elastics Forces(Fatigue) Measurement in DDoS attacks Malicious Manager (1) External Monitor Target Cloud System Malicious Client Cloud Controller Node Controllers Cluster Controller (A) Leases Resources Service Request (2) Used Resources Amount in aspect of availability Legacy System Services (B) Cloud System ClC & CC Node Controllers (C)

Users, Key-pairs, Image Metadata Target in Eucalyptus Client 1 EC2ools S3 Tools Front-end Node Users, Key-pairs, Image Metadata CLC Walrus Cluster A Cluster B CC SC SC CC NC NC Each Node

Sign of Attacks in Cloud Computing Target Cloud System DDoS Attack Source System Coarse-grained Data Traffic Fine-grained Data (a) Traffic Src (b) Tg Prior & Posterior Prob. Time (1) (2) Traffic Traffic Cloud Burst Attack Time Time Tg Tg

Multistage DDoS Attack Detection Stage 1: Monitoring Stage 2: Lightweight Anomaly Detection Stage 3: Focused Anomaly Detection Considerations in Monitoring Volume Data in Cloud Monitoring Location Source-End Victim-End Interval delta_T Considerations in Learning Alg. Unsupervised Learning Alg. Supervised or Semi-supervised Learning Alg.: Bulk Anomaly Relation between distance based and statistical anomalies for two-dimensional data sets

Multistage DDoS Attack Detection Considerations in Lightweight Anomaly Detection Top List In-bound Out-bound Detection Algorithm Entropy Statistics Techniques Chi-Square Coarse-grained data 굵은 덩어리 -> DDoS Attacks Fine-grained data: Normal & 임계치 결정 Bayesian Method 사전 확률(Prior Probability)과 사후 확률(Posterior Probability) 사후 확률은 베이즈 정리에 의해서 사전 확률과 우도(Likelihood function)d에 의해서 계산 가능

Multistage DDoS Attack Detection Considerations in Focused Anomaly Detection Interval delta_T Time Policy STM(Short-Term Memory) LTM(Long-Term Memory) LTM History Symptom of Attacks Scanning , Stealth Scanning Attack Scenario Misuse Detection Rule Stage Focused AD Coarse-grained data Lightweight AD Volume data in Cloud Monitoring Interval delta_T Time STM LTM