@inproceedings{f3dfc54bb7e4418f93e187e3ef7dcf28,
title = "Toward a source detection of botclouds: A PCA-based approach",
abstract = "Cloud computing security is often focused on data and users security and protection against external intrusions. However, it exists an area of cloud security that is often overlooked and that can have disastrous consequences: the conversion of cloud computing into an attack vector. Beyond a legitimate usage, the numerous advantages of cloud computing are exploited by attackers. Botnets supporting Distributed Denial of Service (DDoS) attacks are among the greatest beneficiaries of this malicious use. In this paper, we propose a novel source-based detection approach that aims at detecting the abnormal virtual machines behavior. The originality of our approach resides in (1) relying only on the system's metrics of virtual machines and (2) considering a source-based detection. Our approach is based on Principal Component Analysis to detect anomalies that can be signs of botcloud's behavior supporting DDoS flooding attacks. We also present the results of the evaluation of our detection algorithm.",
author = "Hammi Badis and Guillaume Doyen and Rida Khatoun",
year = "2014",
month = jan,
day = "1",
doi = "10.1007/978-3-662-43862-6\_13",
language = "English",
isbn = "9783662438619",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "105--117",
booktitle = "Monitoring and Securing Virtualized Networks and Services - 8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014, Proceedings",
note = "8th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2014 ; Conference date: 30-06-2014 Through 03-07-2014",
}