Detecting fraudulent use of cloud resources

Cloud Computing Security Workshop Pub Date : 2011-10-21 DOI:10.1145/2046660.2046676

Joseph Idziorek, Mark Tannian, D. Jacobson

{"title":"Detecting fraudulent use of cloud resources","authors":"Joseph Idziorek, Mark Tannian, D. Jacobson","doi":"10.1145/2046660.2046676","DOIUrl":null,"url":null,"abstract":"Initial threat modeling and security research on the public cloud model has primarily focused on the confidentiality and integrity of data transferred, processed, and stored in the cloud. Little attention has been paid to the external threat sources that have the capability to affect the financial viability, hence the long-term availability, of services hosted in the public cloud. Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC) attack is a much more subtle attack carried out over a longer duration of time. The objective of the attacker is to exploit the utility pricing model which governs the resource usage in the cloud model by fraudulently consuming web content with the purpose of depriving the victim of their long-term economic availability of hosting publicly accessible web content in the cloud. In this paper, we thoroughly describe the FRC attack and discuss why current application-layer DDoS detection schemes are not applicable to a more subtle attack. We propose three detection metrics that together form the criteria for identifying a FRC attack from that of normal web activity. Experimental results based on three plausible attack scenarios show that an attacker without knowledge of the web log has a difficult time mimicking the self-similar and consistent request semantics of normal web activity.","PeriodicalId":300613,"journal":{"name":"Cloud Computing Security Workshop","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"47","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cloud Computing Security Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2046660.2046676","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 47

Abstract

Initial threat modeling and security research on the public cloud model has primarily focused on the confidentiality and integrity of data transferred, processed, and stored in the cloud. Little attention has been paid to the external threat sources that have the capability to affect the financial viability, hence the long-term availability, of services hosted in the public cloud. Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC) attack is a much more subtle attack carried out over a longer duration of time. The objective of the attacker is to exploit the utility pricing model which governs the resource usage in the cloud model by fraudulently consuming web content with the purpose of depriving the victim of their long-term economic availability of hosting publicly accessible web content in the cloud. In this paper, we thoroughly describe the FRC attack and discuss why current application-layer DDoS detection schemes are not applicable to a more subtle attack. We propose three detection metrics that together form the criteria for identifying a FRC attack from that of normal web activity. Experimental results based on three plausible attack scenarios show that an attacker without knowledge of the web log has a difficult time mimicking the self-similar and consistent request semantics of normal web activity.

查看原文本刊更多论文

检测欺诈性使用云资源

公共云模型的初始威胁建模和安全研究主要集中在云中传输、处理和存储的数据的机密性和完整性。很少有人关注有能力影响公共云托管服务的财务可行性(从而影响其长期可用性)的外部威胁来源。与应用层DDoS攻击类似，欺诈性资源消耗(FRC)攻击是一种更加隐蔽的攻击，持续时间更长。攻击者的目标是利用控制云模型中资源使用的公用事业定价模型，通过欺诈性地消费web内容，目的是剥夺受害者在云中托管公开可访问的web内容的长期经济可用性。在本文中，我们详细描述了FRC攻击，并讨论了为什么当前的应用层DDoS检测方案不适用于更微妙的攻击。我们提出了三个检测指标，它们共同构成了从正常web活动中识别FRC攻击的标准。基于三种貌似合理的攻击场景的实验结果表明，不了解web日志的攻击者很难模仿正常web活动的自相似和一致请求语义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Cloud Computing Security Workshop

自引率

0.00%

发文量