Download presentation
Presentation is loading. Please wait.
1
DDoS Attack in Cloud Computing
B. Cha
2
Agenda DDoS Attacks 과 DDoS defense 분류
Scenarios of DDoS Attacks in Cloud Computing Attacks using Clod Computing Defense in Cloud Computing Target in Eucalyptus Sign of Attacks in Cloud Computing Anomaly Detection in Cloud Computing Proposed Multistage DDoS Attack Detection Monitoring Lightweight Anomaly Detection Coarse-grained data Bayesian Method Triggered Focused Anomaly Detection STM LTM
3
DDoS Attack 분류
4
DDoS Attack 분류
5
DDoS defense 분류
6
DDoS Attacks using Cloud Computing
Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC Assumption: Private Clouds Node Controllers DDoS Attacks Legacy Target System Services (B) Cloud System ClC & CC Node Controllers (C)
7
DDoS Attacks using Cloud Computing
Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC Node Controllers DDoS Attacks Legacy System (1) (2) Services (B) Target Cloud System Cloud Controller Node Controllers Cluster Controller (C)
8
Defense in Cloud Computing
Normal Manager Normal Client (2) (3) (1) Target Cloud System Malicious Client Cloud Controller Node Controllers Cluster Controller (A) Leases Resources Legacy System DDoS Attacks Services (B) Cloud System ClC & CC Node Controllers (C)
9
Defense in Cloud Computing
Elastics Forces(Fatigue) Measurement in DDoS attacks Malicious Manager (1) External Monitor Target Cloud System Malicious Client Cloud Controller Node Controllers Cluster Controller (A) Leases Resources Service Request (2) Used Resources Amount in aspect of availability Legacy System Services (B) Cloud System ClC & CC Node Controllers (C)
10
Users, Key-pairs, Image Metadata
Target in Eucalyptus Client 1 EC2ools S3 Tools Front-end Node Users, Key-pairs, Image Metadata CLC Walrus Cluster A Cluster B CC SC SC CC NC NC Each Node
11
Sign of Attacks in Cloud Computing
Target Cloud System DDoS Attack Source System Coarse-grained Data Traffic Fine-grained Data (a) Traffic Src (b) Tg Prior & Posterior Prob. Time (1) (2) Traffic Traffic Cloud Burst Attack Time Time Tg Tg
12
Multistage DDoS Attack Detection
Stage 1: Monitoring Stage 2: Lightweight Anomaly Detection Stage 3: Focused Anomaly Detection Considerations in Monitoring Volume Data in Cloud Monitoring Location Source-End Victim-End Interval delta_T Considerations in Learning Alg. Unsupervised Learning Alg. Supervised or Semi-supervised Learning Alg.: Bulk Anomaly Relation between distance based and statistical anomalies for two-dimensional data sets
13
Multistage DDoS Attack Detection
Considerations in Lightweight Anomaly Detection Top List In-bound Out-bound Detection Algorithm Entropy Statistics Techniques Chi-Square Coarse-grained data 굵은 덩어리 -> DDoS Attacks Fine-grained data: Normal & 임계치 결정 Bayesian Method 사전 확률(Prior Probability)과 사후 확률(Posterior Probability) 사후 확률은 베이즈 정리에 의해서 사전 확률과 우도(Likelihood function)d에 의해서 계산 가능
14
Multistage DDoS Attack Detection
Considerations in Focused Anomaly Detection Interval delta_T Time Policy STM(Short-Term Memory) LTM(Long-Term Memory) LTM History Symptom of Attacks Scanning , Stealth Scanning Attack Scenario Misuse Detection Rule Stage Focused AD Coarse-grained data Lightweight AD Volume data in Cloud Monitoring Interval delta_T Time STM LTM
Similar presentations
