Malicious virtual machines detection through a clustering approach

Mohammad Bazm; Rida Khatoun; Youcef Begriche; Lyes Khoukhi; Xiuzhen Chen; Ahmed Serhrouchni

doi:10.1109/CloudTech.2015.7336986

Malicious virtual machines detection through a clustering approach

Mohammad Bazm
, Rida Khatoun
, Youcef Begriche
, Lyes Khoukhi
, Xiuzhen Chen
, Ahmed Serhrouchni

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.

Original language	English
Title of host publication	Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015
Editors	Mohamed Essaaidi, Mostapha Zbakh
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781467381499
DOIs	https://doi.org/10.1109/CloudTech.2015.7336986
Publication status	Published - 24 Nov 2015
Event	4th International Conference on Cloud Computing Technologies and Applications, CloudTech 2015 - Marrakech, Morocco Duration: 2 Jun 2015 → 4 Jun 2015

Publication series

Name	Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015

Conference

Conference	4th International Conference on Cloud Computing Technologies and Applications, CloudTech 2015
Country/Territory	Morocco
City	Marrakech
Period	2/06/15 → 4/06/15

Keywords

Cloud computing
DDoS
clustering
detection
entropy

Access to Document

10.1109/CloudTech.2015.7336986

Cite this

Bazm, M., Khatoun, R., Begriche, Y., Khoukhi, L., Chen, X., & Serhrouchni, A. (2015). Malicious virtual machines detection through a clustering approach. In M. Essaaidi, & M. Zbakh (Eds.), Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015 Article 7336986 (Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CloudTech.2015.7336986

Bazm, Mohammad ; Khatoun, Rida ; Begriche, Youcef et al. / Malicious virtual machines detection through a clustering approach. Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015. editor / Mohamed Essaaidi ; Mostapha Zbakh. Institute of Electrical and Electronics Engineers Inc., 2015. (Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015).

@inproceedings{0a2453c764404b6fa1a2cd4813f051ca,

title = "Malicious virtual machines detection through a clustering approach",

abstract = "Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.",

keywords = "Cloud computing, DDoS, clustering, detection, entropy",

author = "Mohammad Bazm and Rida Khatoun and Youcef Begriche and Lyes Khoukhi and Xiuzhen Chen and Ahmed Serhrouchni",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 4th International Conference on Cloud Computing Technologies and Applications, CloudTech 2015 ; Conference date: 02-06-2015 Through 04-06-2015",

year = "2015",

month = nov,

day = "24",

doi = "10.1109/CloudTech.2015.7336986",

language = "English",

series = "Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Mohamed Essaaidi and Mostapha Zbakh",

booktitle = "Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015",

}

Bazm, M, Khatoun, R, Begriche, Y, Khoukhi, L, Chen, X & Serhrouchni, A 2015, Malicious virtual machines detection through a clustering approach. in M Essaaidi & M Zbakh (eds), Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015., 7336986, Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015, Institute of Electrical and Electronics Engineers Inc., 4th International Conference on Cloud Computing Technologies and Applications, CloudTech 2015, Marrakech, Morocco, 2/06/15. https://doi.org/10.1109/CloudTech.2015.7336986

Malicious virtual machines detection through a clustering approach. / Bazm, Mohammad; Khatoun, Rida; Begriche, Youcef et al.
Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015. ed. / Mohamed Essaaidi; Mostapha Zbakh. Institute of Electrical and Electronics Engineers Inc., 2015. 7336986 (Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Malicious virtual machines detection through a clustering approach

AU - Bazm, Mohammad

AU - Khatoun, Rida

AU - Begriche, Youcef

AU - Khoukhi, Lyes

AU - Chen, Xiuzhen

AU - Serhrouchni, Ahmed

PY - 2015/11/24

Y1 - 2015/11/24

N2 - Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.

AB - Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.

KW - Cloud computing

KW - DDoS

KW - clustering

KW - detection

KW - entropy

U2 - 10.1109/CloudTech.2015.7336986

DO - 10.1109/CloudTech.2015.7336986

M3 - Conference contribution

AN - SCOPUS:84962822360

T3 - Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015

BT - Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015

A2 - Essaaidi, Mohamed

A2 - Zbakh, Mostapha

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 4th International Conference on Cloud Computing Technologies and Applications, CloudTech 2015

Y2 - 2 June 2015 through 4 June 2015

ER -

Bazm M, Khatoun R, Begriche Y, Khoukhi L, Chen X, Serhrouchni A. Malicious virtual machines detection through a clustering approach. In Essaaidi M, Zbakh M, editors, Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015. Institute of Electrical and Electronics Engineers Inc. 2015. 7336986. (Proceedings of 2015 International Conference on Cloud Computing Technologies and Applications, CloudTech 2015). doi: 10.1109/CloudTech.2015.7336986

Malicious virtual machines detection through a clustering approach

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this