A decentralized approach for adaptive workload estimation in virtualized environments

Ghadban, Nisrine; Cogranne, Rémi; Doyen, Guillaume

doi:10.23919/inm.2017.7987460

Cited by 1 publication

(2 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence we adopt the notation ψ t,v (i) instead of ψ T . Since the updates of the principal axes described in Equations (6)- (7) are performed for all virtual hosts of all tenants, the latter should have very similar estimations at the end of the gossip process. This is represented as step 3 in Figure 1.…”

Section: Decentralized Estimation Of Legitimate Activitiesmentioning

confidence: 99%

“…This paper further extends prior work by the authors. It leverages the workload estimation engine presented in [7] and the dataset presented in [8] (other previous works in that field such as [9] are out of the scope of this contribution since they do not follow the same research methodology). The original contributions presented in this paper are: (1) a statistical method for the detection of infected virtual hosts executing a malicious activity potentially scattered over several tenants; (2) the theoretical assessment of the method performance; (3) its validation in terms of performance on a real dataset integrating a botnet perpetrating a DDoS attack and (4) its scalability support by leveraging a large-scale realistic dataset generated from the real data.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments

Cogranne

Doyen

Ghadban

et al. 2018

IEEE Trans. Netw. Serv. Manage.

Self Cite

View full text Add to dashboard Cite

Cloud computing has gained an important role in providing high quality and cost-effective IT services by outsourcing part of their operations to dedicated cloud providers. If intrinsic security issues of this architecture have been extensively studied, it has recently been considered as a ready-to-use platform able to perform malicious activities, thus offering new targets for indirect threats. However, its large scale, the heterogeneous and dynamic nature of the activities it executes, as well as multitenancy and privacy-related issues, make the security operation complex. Consequently, cloud providers can hardly detect and mitigate malicious activities they unknowingly host. Leveraging the autonomic paradigm represents a promising solution to face such a complexity, but it requires efficient grounded monitoring and analysis functions to efficiently detect malicious activities hidden within the large number of legitimate ones. In this effort, this paper presents a robust and cost-effective solution to detect malicious activities in a public virtualized environment. Its contribution is twofold: (1) a scalable and robust workload estimation of the virtual host activities in a cloud and (2) a detection algorithm able to discriminate infected hosts with low malicious activities hidden within their legitimate workload and potentially scattered on several tenants. For both of these contributions, we establish their theoretical performance, which demonstrates their optimality, and we evaluate their efficiency on a dataset made of real data collected on PlanetLab. Finally, we study the scalability on a large dataset that consists of simulated data resulting from the real dataset modeling. This demonstrates

show abstract

Section: Decentralized Estimation Of Legitimate Activitiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%