Clustering methods comparison: Application to source based detection of botclouds

Badis Hammi; Mohamed Cherif Rahal; Rida Khatoun

doi:10.1109/SSIC.2016.7571810

Clustering methods comparison: Application to source based detection of botclouds

Badis Hammi
, Mohamed Cherif Rahal
, Rida Khatoun

VEDECOM

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Recently, cloud computing has conquered IT markets and majority of institutions use its services at different scales. As any IT technology, cloud computing suffers from security issues and numerous studies were - and in progress - given in order to overcome them. However, most of the latter focus on data, users and infrastructure security from external attacks, and very few ones focus on the issue of using the cloud's infrastructure as an attack tool or support. To address the issue of botnets hosted in the cloud, we realized an experimental campaign where we implemented a botnet on a virtualized infrastructure and realized numerous attacks. The collected data was exploited in order to study and compare the effectiveness of clustering methods in the detection of DDoS attacks generated by botnets in the cloud.

Original language	English
Title of host publication	2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781509024704
DOIs	https://doi.org/10.1109/SSIC.2016.7571810
Publication status	Published - 19 Sept 2016
Event	2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Paris, France Duration: 18 Jul 2016 → 19 Jul 2016

Publication series

Name	2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings

Conference

Conference	2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016
Country/Territory	France
City	Paris
Period	18/07/16 → 19/07/16

Keywords

Botcloud
DDoS
botnet
cloud security
clustering
egress detection
source based detection

Access to Document

10.1109/SSIC.2016.7571810

Cite this

Hammi, B., Rahal, M. C., & Khatoun, R. (2016). Clustering methods comparison: Application to source based detection of botclouds. In 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings Article 7571810 (2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SSIC.2016.7571810

Hammi, Badis ; Rahal, Mohamed Cherif ; Khatoun, Rida. / Clustering methods comparison : Application to source based detection of botclouds. 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2016. (2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings).

@inproceedings{0a6ec28b30ad493c93a1e03bd17ae5f2,

title = "Clustering methods comparison: Application to source based detection of botclouds",

abstract = "Recently, cloud computing has conquered IT markets and majority of institutions use its services at different scales. As any IT technology, cloud computing suffers from security issues and numerous studies were - and in progress - given in order to overcome them. However, most of the latter focus on data, users and infrastructure security from external attacks, and very few ones focus on the issue of using the cloud's infrastructure as an attack tool or support. To address the issue of botnets hosted in the cloud, we realized an experimental campaign where we implemented a botnet on a virtualized infrastructure and realized numerous attacks. The collected data was exploited in order to study and compare the effectiveness of clustering methods in the detection of DDoS attacks generated by botnets in the cloud.",

keywords = "Botcloud, DDoS, botnet, cloud security, clustering, egress detection, source based detection",

author = "Badis Hammi and Rahal, \{Mohamed Cherif\} and Rida Khatoun",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 ; Conference date: 18-07-2016 Through 19-07-2016",

year = "2016",

month = sep,

day = "19",

doi = "10.1109/SSIC.2016.7571810",

language = "English",

series = "2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings",

}

Hammi, B, Rahal, MC & Khatoun, R 2016, Clustering methods comparison: Application to source based detection of botclouds. in 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings., 7571810, 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016, Paris, France, 18/07/16. https://doi.org/10.1109/SSIC.2016.7571810

Clustering methods comparison: Application to source based detection of botclouds. / Hammi, Badis; Rahal, Mohamed Cherif; Khatoun, Rida.
2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2016. 7571810 (2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Clustering methods comparison

T2 - 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016

AU - Hammi, Badis

AU - Rahal, Mohamed Cherif

AU - Khatoun, Rida

PY - 2016/9/19

Y1 - 2016/9/19

N2 - Recently, cloud computing has conquered IT markets and majority of institutions use its services at different scales. As any IT technology, cloud computing suffers from security issues and numerous studies were - and in progress - given in order to overcome them. However, most of the latter focus on data, users and infrastructure security from external attacks, and very few ones focus on the issue of using the cloud's infrastructure as an attack tool or support. To address the issue of botnets hosted in the cloud, we realized an experimental campaign where we implemented a botnet on a virtualized infrastructure and realized numerous attacks. The collected data was exploited in order to study and compare the effectiveness of clustering methods in the detection of DDoS attacks generated by botnets in the cloud.

AB - Recently, cloud computing has conquered IT markets and majority of institutions use its services at different scales. As any IT technology, cloud computing suffers from security issues and numerous studies were - and in progress - given in order to overcome them. However, most of the latter focus on data, users and infrastructure security from external attacks, and very few ones focus on the issue of using the cloud's infrastructure as an attack tool or support. To address the issue of botnets hosted in the cloud, we realized an experimental campaign where we implemented a botnet on a virtualized infrastructure and realized numerous attacks. The collected data was exploited in order to study and compare the effectiveness of clustering methods in the detection of DDoS attacks generated by botnets in the cloud.

KW - Botcloud

KW - DDoS

KW - botnet

KW - cloud security

KW - clustering

KW - egress detection

KW - source based detection

UR - https://www.scopus.com/pages/publications/84992026501

U2 - 10.1109/SSIC.2016.7571810

DO - 10.1109/SSIC.2016.7571810

M3 - Conference contribution

AN - SCOPUS:84992026501

T3 - 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings

BT - 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 18 July 2016 through 19 July 2016

ER -

Hammi B, Rahal MC, Khatoun R. Clustering methods comparison: Application to source based detection of botclouds. In 2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2016. 7571810. (2016 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications, SSIC 2016 - Proceedings). doi: 10.1109/SSIC.2016.7571810

Clustering methods comparison: Application to source based detection of botclouds

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this