310 likes | 1.02k Views
DDoS Attack in Cloud Computing. 2010. 10. 11 B. Cha. Agenda. DDoS Attacks 과 DDoS defense 분류 Scenarios of DDoS Attacks in Cloud Computing Attacks using Clod Computing Defense in Cloud Computing Target in Eucalyptus Sign of Attacks in Cloud Computing
E N D
DDoS Attack in Cloud Computing 2010. 10. 11 B. Cha
Agenda • DDoS Attacks 과 DDoS defense 분류 • Scenarios of DDoS Attacks in Cloud Computing • Attacks using Clod Computing • Defense in Cloud Computing • Target in Eucalyptus • Sign of Attacks in Cloud Computing • Anomaly Detection in Cloud Computing • Proposed Multistage DDoS Attack Detection • Monitoring • Lightweight Anomaly Detection • Coarse-grained data • Bayesian Method • Triggered • Focused Anomaly Detection • STM • LTM
DDoS Attacks using Cloud Computing Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC • Assumption: • PrivateClouds Node Controllers DDoS Attacks Legacy Target System Services (B) Cloud System ClC & CC Node Controllers (C)
DDoS Attacks using Cloud Computing Normal Manager (A) Leases Resources ClC & CC Node Controllers Malicious Client ClC & CC Node Controllers DDoS Attacks Legacy System (1) (2) Services (B) Target Cloud System Node Controllers Cloud Controller Cluster Controller (C)
Defense in Cloud Computing Normal Manager Normal Client (3) (2) (1) Target Cloud System Node Controllers Malicious Client Cloud Controller Cluster Controller (A) Leases Resources Legacy System DDoS Attacks Services (B) Cloud System ClC & CC Node Controllers (C)
Defense in Cloud Computing Elastics Forces(Fatigue) Measurement in DDoS attacks Malicious Manager (1) External Monitor Target Cloud System Node Controllers Malicious Client Cloud Controller Cluster Controller (A) Leases Resources Service Request (2) Used Resources Amount in aspect of availability Legacy System Services (B) Cloud System ClC & CC Node Controllers (C)
Target in Eucalyptus Client1 EC2ools S3 Tools Front-end Node Users, Key-pairs, Image Metadata CLC Walrus Cluster A Cluster B CC SC SC CC NC NC Each Node
Sign of Attacks in Cloud Computing Target Cloud System DDoS Attack Source System Coarse-grained Data Traffic Fine-grained Data (a) Traffic Src (b) Tg Prior & Posterior Prob. Time (1) (2) Cloud Burst Attack Traffic Traffic Time Time Tg Tg
Multistage DDoS Attack Detection • Multistage DDoS Attack Detection • Stage 1: Monitoring • Stage 2: Lightweight Anomaly Detection • Stage 3: Focused Anomaly Detection • Considerations in Monitoring • Volume Data in Cloud • Monitoring Location • Source-End • Victim-End • Interval delta_T • Considerations in Learning Alg. • Unsupervised Learning Alg. • Supervised or Semi-supervised Learning Alg.: Bulk Anomaly • Relation between distance based and statistical anomalies for two-dimensional data sets
Multistage DDoS Attack Detection • Considerations in Lightweight Anomaly Detection • Top List • In-bound • Out-bound • Detection Algorithm • Entropy • Statistics Techniques • Chi-Square • Coarse-grained data • 굵은덩어리 -> DDoS Attacks • Fine-grained data: Normal & 임계치 결정 • Bayesian Method • 사전확률(Prior Probability)과사후 확률(Posterior Probability) • 사후확률은 베이즈 정리에 의해서 사전 확률과 우도(Likelihood function)d에 의해서 계산 가능
Multistage DDoS Attack Detection • Considerations in Focused Anomaly Detection • Interval delta_T • Time Policy • STM(Short-Term Memory) • LTM(Long-Term Memory) • LTM • History • Symptom of Attacks • Scanning , Stealth Scanning • Attack Scenario • Misuse Detection Rule Stage Focused AD • Coarse-grained data Lightweight AD • Volume data in Cloud Monitoring Interval delta_T Time STM LTM