1 / 14

DDoS Attack in Cloud Computing

DDoS Attack in Cloud Computing. 2010. 10. 11 B. Cha. Agenda. DDoS Attacks 과 DDoS defense 분류 Scenarios of DDoS Attacks in Cloud Computing Attacks using Clod Computing Defense in Cloud Computing Target in Eucalyptus Sign of Attacks in Cloud Computing

hoshi
Download Presentation

DDoS Attack in Cloud Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha

  2. Agenda • DDoS Attacks 과 DDoS defense 분류 • Scenarios of DDoS Attacks in Cloud Computing • Attacks using Clod Computing • Defense in Cloud Computing • Target in Eucalyptus • Sign of Attacks in Cloud Computing • Anomaly Detection in Cloud Computing • Proposed Multistage DDoS Attack Detection • Monitoring • Lightweight Anomaly Detection • Coarse-grained data • Bayesian Method • Triggered • Focused Anomaly Detection • STM • LTM

  3. DDoS Attack 분류

  4. DDoS Attack 분류

  5. DDoS defense 분류

  6. DDoS Attacks using Cloud Computing Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC • Assumption: • PrivateClouds Node Controllers DDoS Attacks Legacy Target System Services (B) Cloud System ClC & CC Node Controllers (C)

  7. DDoS Attacks using Cloud Computing Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC Node Controllers DDoS Attacks Legacy System (1) (2) Services (B) Target Cloud System Node Controllers Cloud Controller Cluster Controller (C)

  8. Defense in Cloud Computing Normal Manager Normal Client (3) (2) (1) Target Cloud System Node Controllers Malicious Client Cloud Controller Cluster Controller (A) Leases Resources Legacy System DDoS Attacks Services (B) Cloud System ClC & CC Node Controllers (C)

  9. Defense in Cloud Computing Elastics Forces(Fatigue) Measurement in DDoS attacks Malicious Manager (1) External Monitor Target Cloud System Node Controllers Malicious Client Cloud Controller Cluster Controller (A) Leases Resources Service Request (2) Used Resources Amount in aspect of availability Legacy System Services (B) Cloud System ClC & CC Node Controllers (C)

  10. Target in Eucalyptus Client1 EC2ools S3 Tools Front-end Node Users, Key-pairs, Image Metadata CLC Walrus Cluster A Cluster B CC SC SC CC NC NC Each Node

  11. Sign of Attacks in Cloud Computing Target Cloud System DDoS Attack Source System Coarse-grained Data Traffic Fine-grained Data (a) Traffic Src (b) Tg Prior & Posterior Prob. Time (1) (2) Cloud Burst Attack Traffic Traffic Time Time Tg Tg

  12. Multistage DDoS Attack Detection • Multistage DDoS Attack Detection • Stage 1: Monitoring • Stage 2: Lightweight Anomaly Detection • Stage 3: Focused Anomaly Detection • Considerations in Monitoring • Volume Data in Cloud • Monitoring Location • Source-End • Victim-End • Interval delta_T • Considerations in Learning Alg. • Unsupervised Learning Alg. • Supervised or Semi-supervised Learning Alg.: Bulk Anomaly • Relation between distance based and statistical anomalies for two-dimensional data sets

  13. Multistage DDoS Attack Detection • Considerations in Lightweight Anomaly Detection • Top List • In-bound • Out-bound • Detection Algorithm • Entropy • Statistics Techniques • Chi-Square • Coarse-grained data • 굵은덩어리 -> DDoS Attacks • Fine-grained data: Normal & 임계치 결정 • Bayesian Method • 사전확률(Prior Probability)과사후 확률(Posterior Probability) • 사후확률은 베이즈 정리에 의해서 사전 확률과 우도(Likelihood function)d에 의해서 계산 가능

  14. Multistage DDoS Attack Detection • Considerations in Focused Anomaly Detection • Interval delta_T • Time Policy • STM(Short-Term Memory) • LTM(Long-Term Memory) • LTM • History • Symptom of Attacks • Scanning , Stealth Scanning • Attack Scenario • Misuse Detection Rule Stage Focused AD • Coarse-grained data Lightweight AD • Volume data in Cloud Monitoring Interval delta_T Time STM LTM

More Related