A factorial space for a system-based detection of botcloud activity

Badis Hammi; Rida Khatoun; Guillaume Doyen

doi:10.1109/NTMS.2014.6813996

A factorial space for a system-based detection of botcloud activity

Badis Hammi, Rida Khatoun, Guillaume Doyen

GSM-LASMIS

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.

Original language	English
Title of host publication	2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops
Publisher	IEEE Computer Society
ISBN (Print)	9781479932238
DOIs	https://doi.org/10.1109/NTMS.2014.6813996
Publication status	Published - 1 Jan 2014
Externally published	Yes
Event	2014 6th International Conference on New Technologies, Mobility and Security, NTMS 2014 - Dubai, United Arab Emirates Duration: 30 Mar 2014 → 2 Apr 2014

Publication series

Name	2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops

Conference

Conference	2014 6th International Conference on New Technologies, Mobility and Security, NTMS 2014
Country/Territory	United Arab Emirates
City	Dubai
Period	30/03/14 → 2/04/14

Access to Document

10.1109/NTMS.2014.6813996

Cite this

Hammi, B., Khatoun, R., & Doyen, G. (2014). A factorial space for a system-based detection of botcloud activity. In 2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops Article 6813996 (2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops). IEEE Computer Society. https://doi.org/10.1109/NTMS.2014.6813996

Hammi, Badis ; Khatoun, Rida ; Doyen, Guillaume. / A factorial space for a system-based detection of botcloud activity. 2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops. IEEE Computer Society, 2014. (2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops).

@inproceedings{c97e90f64eb343c7ac1878bff3db44b2,

title = "A factorial space for a system-based detection of botcloud activity",

abstract = "Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.",

author = "Badis Hammi and Rida Khatoun and Guillaume Doyen",

year = "2014",

month = jan,

day = "1",

doi = "10.1109/NTMS.2014.6813996",

language = "English",

isbn = "9781479932238",

series = "2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops",

publisher = "IEEE Computer Society",

booktitle = "2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops",

note = "2014 6th International Conference on New Technologies, Mobility and Security, NTMS 2014 ; Conference date: 30-03-2014 Through 02-04-2014",

}

Hammi, B , Khatoun, R & Doyen, G 2014, A factorial space for a system-based detection of botcloud activity. in 2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops., 6813996, 2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops, IEEE Computer Society, 2014 6th International Conference on New Technologies, Mobility and Security, NTMS 2014, Dubai, United Arab Emirates, 30/03/14. https://doi.org/10.1109/NTMS.2014.6813996

A factorial space for a system-based detection of botcloud activity. / Hammi, Badis ; Khatoun, Rida; Doyen, Guillaume.
2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops. IEEE Computer Society, 2014. 6813996 (2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A factorial space for a system-based detection of botcloud activity

AU - Hammi, Badis

AU - Khatoun, Rida

AU - Doyen, Guillaume

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.

AB - Today, beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers, and Botnets supporting DDoS attacks are among the greatest beneficiaries of this malicious use. Such a phenomena is a major issue since it strongly increases the power of distributed massive attacks while involving the responsibility of cloud service providers that do not own appropriate solutions. In this paper, we present an original approach that enables a source-based de- tection of UDP-flood DDoS attacks based on a distributed system behavior analysis. Based on a principal component analysis, our contribution consists in: (1) defining the involvement of system metrics in a botcoud's behavior, (2) showing the invariability of the factorial space that defines a botcloud activity and (3) among several legitimate activities, using this factorial space to enable a botcloud detection.

U2 - 10.1109/NTMS.2014.6813996

DO - 10.1109/NTMS.2014.6813996

M3 - Conference contribution

AN - SCOPUS:84901424155

SN - 9781479932238

T3 - 2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops

BT - 2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops

PB - IEEE Computer Society

T2 - 2014 6th International Conference on New Technologies, Mobility and Security, NTMS 2014

Y2 - 30 March 2014 through 2 April 2014

ER -

Hammi B , Khatoun R, Doyen G. A factorial space for a system-based detection of botcloud activity. In 2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops. IEEE Computer Society. 2014. 6813996. (2014 6th International Conference on New Technologies, Mobility and Security - Proceedings of NTMS 2014 Conference and Workshops). doi: 10.1109/NTMS.2014.6813996

A factorial space for a system-based detection of botcloud activity

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this