Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments

Cogranne, Rémi; Doyen, Guillaume; Ghadban, Nisrine; Hammi, Badis

doi:10.1109/tnsm.2017.2785628

Cited by 10 publications

(4 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To lower the latency when collecting data and to ensure the isolation among network slices, in each region, we deploy a VM monitor for a network slice to collect and store metrics data of VMs in the network slice as a local database. VM monitors resort to the virtualization layer to capture resource metrics of VMs [4], [6]. The resource metrics are related with the CPU usage, memory consumption, disk read/write and network input/output.…”

Section: Three-tier Distributed Anomaly Detection Frameworkmentioning

confidence: 99%

“…[5]. Existing researches [6], [7], [8] have shown that the abnormal behaviors of VMs usually come with a significant change in resource metrics, so it is a good way to implement anomaly detection for VMs by collecting and analyzing its multi-dimensional resource metrics data. Although there have been many interesting researches for anomaly detection, including statistical and probability methods [9], [10], distance-based methods [11], [12], domain-based methods [13], [14], reconstruction-based methods [15], [16], [17], and information theory based methods [18], as classified in [19], detecting anomalies of VMs in virtualized network slicing environment still faces many challenges:…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Federated Multi-Discriminator BiWGAN-GP Based Collaborative Anomaly Detection for Virtualized Network Slicing

Wang

Liang

Lun

et al. 2022

IEEE Trans. on Mobile Comput.

View full text Add to dashboard Cite

Virtualized network slicing allows a multitude of logical networks to be created on a common substrate infrastructure to support diverse services. A virtualized network slice is a logical combination of multiple virtual network functions, which run on virtual machines (VMs) as software applications by virtualization techniques. As the performance of network slices hinges on the normal running of VMs, detecting and analyzing anomalies in VMs are critical. Based on the three-tier management framework of virtualized network slicing, we first develop a federated learning (FL) based three-tier distributed VM anomaly detection framework, which enables distributed network slice managers to collaboratively train a global VM anomaly detection model while keeping metrics data locally. The high-dimensional, imbalanced, and distributed data features in virtualized network slicing scenarios invalidate the existing anomaly detection models. Considering the powerful ability of generative adversarial network (GAN) in capturing the distribution from complex data, we design a new multi-discriminator Bidirectional Wasserstein GAN with Gradient Penalty (BiWGAN-GP) model to learn the normal data distribution from high-dimensional resource metrics datasets that are spread on multiple VM monitors. The multi-discriminator BiWGAN-GP model can be trained over distributed data sources, which avoids high communication and computation overhead caused by the centralized collection and processing of local data. We define an anomaly score as the discriminant criterion to quantify the deviation of new metrics data from the learned normal distribution to detect abnormal behaviors arising in VMs. The efficiency and effectiveness of the proposed collaborative anomaly detection algorithm are validated through extensive experimental evaluation on a real-world dataset.

show abstract

Section: Three-tier Distributed Anomaly Detection Frameworkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Federated Multi-Discriminator BiWGAN-GP Based Collaborative Anomaly Detection for Virtualized Network Slicing

Wang

Liang

Lun

et al. 2022

IEEE Trans. on Mobile Comput.

View full text Add to dashboard Cite

show abstract

“…Then, in other work, we proposed an Intrusion Detection System approach for DDoS attacks launched by botclouds. Finally, we proposed a decentralized and distributed source‐based detection protocol to meet the requirements of the cloud infrastructure . However, this approach was designed only for the first case of cloud resources' abuse, namely, where an attacker creates VMs dedicated to the attack activity.…”

Section: Related Work On Botcloud Detection Approachesmentioning

confidence: 99%

“…Finally, we proposed a decentralized and distributed source-based detection protocol to meet the requirements of the cloud infrastructure. 59,60 However, this approach was designed only for the first case of cloud resources' abuse, namely, where an attacker creates VMs dedicated to the attack activity. Thus, all of the activity of the VM is malicious.…”

Section: Related Work On Botcloud Detection Approachesmentioning

confidence: 99%

An empirical investigation of botnet as a service for cyberattacks

Hammi

Zeadally

Khatoun

2018

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

During the last years, cloud computing has emerged and imposed itself as a cost‐effective solution for providing high quality Information Technology services. However, beyond a legitimate usage, the benefits of cloud computing are being exploited by attackers in nefarious ways and botnets are among the greatest beneficiaries of this malicious use. This botnet trend is a major issue because it strongly increases the power of massive distributed attacks when leveraging the capabilities of cloud service providers that do not have appropriate detection approaches in place to detect botnets exploiting cloud resources (also referred to as botclouds). We developed a free experimental intra–Cloud Service Provider (CSP) botnet that exploits CSPs' trial versions. We used this intra‐CSP botnet to execute numerous TCP SYN flood and UDP flood attacks during one week. Our empirical results demonstrate that, contrary to what CSPs claim, all the CSPs (with the exception of one) we have tested still cannot detect or issued no warnings when malicious activities were launched from their cloud computing platforms. Besides, CSP's trial versions can easily be exploited to perpetrate large scale cyberattacks. We argue that efficient, cost‐effective, scalable detection approaches that can detect botclouds need to be developed in the future to address this challenge.

show abstract

Secure and efficient multi-tenant database management system for cloud computing environment

Pallavi¹,

Jayarekha²

2020

Int. j. inf. tecnol.

View full text Add to dashboard Cite

Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments

Cited by 10 publications

References 42 publications

Federated Multi-Discriminator BiWGAN-GP Based Collaborative Anomaly Detection for Virtualized Network Slicing

Federated Multi-Discriminator BiWGAN-GP Based Collaborative Anomaly Detection for Virtualized Network Slicing

An empirical investigation of botnet as a service for cyberattacks

Secure and efficient multi-tenant database management system for cloud computing environment

Contact Info

Product

Resources

About