EyeCloud: A BotCloud Detection System

Memarian, Mohammad Reza; Conti, Mauro; Leppänen, Ville

doi:10.1109/trustcom.2015.484

Cited by 8 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Through this process, they can detect the probability of botnet infection based on the process of independent Poisson process and detection based on negative selection. The authors in [38] proposed EyeCloud, a system that detects members of Botcloud that abuse cloud resources. To reach its goal, EyeCloud relies on Virtual Machine Introspection (VMI).…”

Section: Source-end Detection Of Ddos Attacksmentioning

confidence: 99%

Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments

Cogranne

Doyen

Ghadban

et al. 2018

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Cloud computing has gained an important role in providing high quality and cost-effective IT services by outsourcing part of their operations to dedicated cloud providers. If intrinsic security issues of this architecture have been extensively studied, it has recently been considered as a ready-to-use platform able to perform malicious activities, thus offering new targets for indirect threats. However, its large scale, the heterogeneous and dynamic nature of the activities it executes, as well as multitenancy and privacy-related issues, make the security operation complex. Consequently, cloud providers can hardly detect and mitigate malicious activities they unknowingly host. Leveraging the autonomic paradigm represents a promising solution to face such a complexity, but it requires efficient grounded monitoring and analysis functions to efficiently detect malicious activities hidden within the large number of legitimate ones. In this effort, this paper presents a robust and cost-effective solution to detect malicious activities in a public virtualized environment. Its contribution is twofold: (1) a scalable and robust workload estimation of the virtual host activities in a cloud and (2) a detection algorithm able to discriminate infected hosts with low malicious activities hidden within their legitimate workload and potentially scattered on several tenants. For both of these contributions, we establish their theoretical performance, which demonstrates their optimality, and we evaluate their efficiency on a dataset made of real data collected on PlanetLab. Finally, we study the scalability on a large dataset that consists of simulated data resulting from the real dataset modeling. This demonstrates

show abstract

Section: Source-end Detection Of Ddos Attacksmentioning

confidence: 99%

Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments

Cogranne

Doyen

Ghadban

et al. 2018

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…Memarian et al proposed EyeCloud , a system that detects members of a botcloud that abuse cloud resources. To achieve its goal, EyeCloud relies on Virtual Machine Introspection , a technique used in virtualization to inspect the memory space of a VM from a secure point that can be another VM (ie, Dom0 ).…”

Section: Related Work On Botcloud Detection Approachesmentioning

confidence: 99%

An empirical investigation of botnet as a service for cyberattacks

Hammi

Zeadally

Khatoun

2018

Trans Emerging Tel Tech

View full text Add to dashboard Cite

During the last years, cloud computing has emerged and imposed itself as a cost‐effective solution for providing high quality Information Technology services. However, beyond a legitimate usage, the benefits of cloud computing are being exploited by attackers in nefarious ways and botnets are among the greatest beneficiaries of this malicious use. This botnet trend is a major issue because it strongly increases the power of massive distributed attacks when leveraging the capabilities of cloud service providers that do not have appropriate detection approaches in place to detect botnets exploiting cloud resources (also referred to as botclouds). We developed a free experimental intra–Cloud Service Provider (CSP) botnet that exploits CSPs' trial versions. We used this intra‐CSP botnet to execute numerous TCP SYN flood and UDP flood attacks during one week. Our empirical results demonstrate that, contrary to what CSPs claim, all the CSPs (with the exception of one) we have tested still cannot detect or issued no warnings when malicious activities were launched from their cloud computing platforms. Besides, CSP's trial versions can easily be exploited to perpetrate large scale cyberattacks. We argue that efficient, cost‐effective, scalable detection approaches that can detect botclouds need to be developed in the future to address this challenge.

show abstract

“…Even though cloud storage offers several advantages compared to traditional and local storage of data, cloud users are concerned about the integrity of stored data, security and user privacy issues [3,4]. There exist several solutions which could be considered by security experts in order to protect the stored data, and preserve privacy of the cloud users [5,6,7,8]. Adopting security mechanisms is useful in protecting data against being modified and accessed by unauthorized users, and make it difficult for the attackers to abuse the data.…”

Section: Introductionmentioning

confidence: 99%

Investigating Storage as a Service Cloud Platform

Dargahi¹,

Dehghantanha²,

Conti³

2017

Contemporary Digital Forensic Investigations of Cloud and Mobile Applications

View full text Add to dashboard Cite

Due to the flexibility, affordability and portability of cloud storage, individuals and companies envisage the cloud storage as one of the preferred storage media nowadays. This attracts the eyes of cyber criminals, since much valuable information such as user credentials, and private customer records are stored in the cloud. There are many ways for criminals to compromise cloud services; ranging from non-technical attack methods, such as social engineering, to deploying advanced malwares. Therefore, it is vital for cyber forensics examiners to be equipped and informed about best methods for investigation of different cloud platforms. In this chapter, using pCloud (an extensively used online cloud storage service) as a case study, and we elaborate on different kinds of artefacts retrievable during a forensics examination. We carried out our experiments on four different virtual machines running four popular operating systems: a 64bit Windows 8, Ubuntu 14.04.1 LTS, Android 4.4.2, and iOS 8.1. Moreover, we examined cloud remnants of two different web browsers: Internet Explorer and Google Chrome on Windows. We believe that our study would promote awareness among digital forensic examiners on how to conduct cloud storage forensics examination.

show abstract

EyeCloud: A BotCloud Detection System

Cited by 8 publications

References 9 publications

Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments

Detecting Botclouds at Large Scale: A Decentralized and Robust Detection Method for Multi-Tenant Virtualized Environments

An empirical investigation of botnet as a service for cyberattacks

Investigating Storage as a Service Cloud Platform

Contact Info

Product

Resources

About