![Page 1: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/1.jpg)
DDoS Attack in Cloud Computing
2010. 10. 11B. Cha
![Page 2: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/2.jpg)
Agenda• DDoS Attacks 과 DDoS defense 분류 • Scenarios of DDoS Attacks in Cloud Computing
– Attacks using Clod Computing– Defense in Cloud Computing– Target in Eucalyptus– Sign of Attacks in Cloud Computing
• Anomaly Detection in Cloud Computing– Proposed Multistage DDoS Attack Detection – Monitoring– Lightweight Anomaly Detection
• Coarse-grained data • Bayesian Method• Triggered
– Focused Anomaly Detection• STM• LTM
![Page 3: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/3.jpg)
DDoS Attack 분류
![Page 4: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/4.jpg)
DDoS Attack 분류
![Page 5: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/5.jpg)
DDoS defense 분류
![Page 6: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/6.jpg)
Malicious Client
Services
Node Controllers
ClC & CC
DDoSAttacks
Leases Re-
sources
Legacy Target System
Node Controllers
ClC & CC
Cloud Sys-tem
(B)
(C)
(A)
DDoS Attacks using Cloud Comput-ing
Node Controllers
ClC & CC
Assumption: 1. Private Clouds
Normal Manager
![Page 7: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/7.jpg)
Malicious Client
Services
Node Controllers
ClC & CC
DDoSAttacks
Leases Re-
sources
Legacy System
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
DDoS Attacks using Cloud Comput-ing
(B)
(C)
(A)
Node Controllers
ClC & CC
ClusterCon-
troller
(1) (2)
Normal Manager
![Page 8: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/8.jpg)
Node Controllers
ClC & CC
Cloud Sys-tem
(C)
Malicious Client
Services
DDoSAttacks
Leases Re-
sources
Legacy System
Defense in Cloud Computing
(B)
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
(A)
ClusterCon-
troller
(1)
(2) (3)Normal Client
Normal Manager
![Page 9: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/9.jpg)
Node Controllers
ClC & CC
Cloud Sys-tem
(C)
Malicious Client
Services
Service Re-
quest
Leases Re-
sources
Legacy System
Defense in Cloud Computing
(B)
Node Con-
trollers
Cloud Con-
troller
Target Cloud Sys-
tem
(A)
ClusterCon-
troller
(2)
Malicious Man-ager
External Moni-tor
Used Resources Amount in aspect of availability
(1)
Elastics Forces(Fatigue) Measurement
in DDoS attacks
![Page 10: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/10.jpg)
EC2ools
CLC Users, Key-pairs, Image Metadata
SC
S3 Tools
Walrus
CC
NC
SC CC
NC
Cluster A
Cluster B
Front-end Node
Each Node
Client 1
Target in Eucalyptus
![Page 11: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/11.jpg)
Source System
Target Cloud System
DDoS Attack
iTG
jSRC
Traf-fic
Src
jSRC
Traf-fic
Tg
iTG
Time
Tg XT
Time
XT
Traf-fic
Traf-fic
Cloud Burst Attack
(a)
(b)
Time
(1) (2)
Sign of Attacks in Cloud Computing
Tg XT
Coarse-grained Data
Fine-grained Data
Prior & Poste-rior Prob.
![Page 12: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/12.jpg)
Multistage DDoS Attack Detection
• Multistage DDoS Attack Detection– Stage 1: Monitoring– Stage 2: Lightweight Anomaly Detection– Stage 3: Focused Anomaly Detection
• Considerations in Monitoring– Volume Data in Cloud– Monitoring Location
• Source-End• Victim-End
– Interval delta_T
• Considerations in Learning Alg.– Unsupervised Learning Alg.– Supervised or Semi-supervised Learning Alg.: Bulk Anomaly– Relation between distance based and statistical anomalies for two-dimen-
sional data sets
![Page 13: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/13.jpg)
Multistage DDoS Attack Detection
• Considerations in Lightweight Anomaly Detection– Top List
• In-bound• Out-bound
– Detection Algorithm• Entropy• Statistics Techniques• Chi-Square
– Coarse-grained data• 굵은 덩어리 -> DDoS Attacks• Fine-grained data: Normal & 임계치 결정
– Bayesian Method• 사전 확률 (Prior Probability) 과 사후 확률 (Posterior Probability)• 사후 확률은 베이즈 정리에 의해서 사전 확률과 우도 (Likelihood function)d 에 의해서 계산 가능
)()()(
)()()( TGPSRCTGL
SRCP
TGPTGSRCPSRCTGP
)(
)()()(
TGP
SRCPSRCTGPTGSRCP
tconsngnormalizai
iorlikelihoodposterior
tan_
Pr
![Page 14: DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha](https://reader036.vdocument.in/reader036/viewer/2022062310/56649dc55503460f94ab8a83/html5/thumbnails/14.jpg)
Multistage DDoS Attack Detection
• Considerations in Focused Anomaly Detection– Interval delta_T– Time Policy
• STM(Short-Term Memory)• LTM(Long-Term Memory)
– LTM• History• Symptom of Attacks
– Scanning , Stealth Scanning
• Attack Scenario• Misuse Detection Rule
Time
Stage
Interval delta_TSTM LTM
Monitoring
Lightweight AD
Focused AD
Coarse-grained data
Volume data in Cloud