Finding the pin in the haystack: A Bot Traceback service for public clouds

2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems (ICICIS) Pub Date : 2015-12-01 DOI:10.1109/INTELCIS.2015.7397230

E. Hossny, S. Khattab, F. Omara, H. Hassan

{"title":"Finding the pin in the haystack: A Bot Traceback service for public clouds","authors":"E. Hossny, S. Khattab, F. Omara, H. Hassan","doi":"10.1109/INTELCIS.2015.7397230","DOIUrl":null,"url":null,"abstract":"Cloud computing permits customers to host their data and applications to the cloud with an interesting economic cost-benefit tradeoff. However, the low price of cloud computing resources encourages attackers to rent a bulk of their botnets on the cloud and launch their attacks from there, which makes customers worry about using cloud computing. Therefore, in this paper, we propose a Bot Traceback (BTB) service for reporting and tracing back the presence of a bot inside an IaaS cloud provider. BTB aims to identify the virtual machine on which a bot runs either inside the same provider or inside a federated provider. The BTB service has been implemented as a part of the security tools in the EASI-CLOUDS project and has been deployed online. We present the implementation details of the BTB service and its main components (the BTB reporting service and BTB detection service). The BTB detection service will start running after a BTB report is received either from the same provider or from another federated provider.","PeriodicalId":6478,"journal":{"name":"2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems (ICICIS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems (ICICIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INTELCIS.2015.7397230","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Cloud computing permits customers to host their data and applications to the cloud with an interesting economic cost-benefit tradeoff. However, the low price of cloud computing resources encourages attackers to rent a bulk of their botnets on the cloud and launch their attacks from there, which makes customers worry about using cloud computing. Therefore, in this paper, we propose a Bot Traceback (BTB) service for reporting and tracing back the presence of a bot inside an IaaS cloud provider. BTB aims to identify the virtual machine on which a bot runs either inside the same provider or inside a federated provider. The BTB service has been implemented as a part of the security tools in the EASI-CLOUDS project and has been deployed online. We present the implementation details of the BTB service and its main components (the BTB reporting service and BTB detection service). The BTB detection service will start running after a BTB report is received either from the same provider or from another federated provider.

查看原文本刊更多论文

大海捞针:公共云的Bot追溯服务

云计算允许客户将他们的数据和应用程序托管到云中，并在经济上进行有趣的成本效益权衡。然而，云计算资源的低廉价格鼓励攻击者在云上租用大量僵尸网络，并从那里发动攻击，这使得客户对使用云计算感到担忧。因此，在本文中，我们提出了一个Bot Traceback (BTB)服务，用于报告和跟踪IaaS云提供商内部Bot的存在。BTB旨在识别机器人在其上运行的虚拟机，该虚拟机在同一提供程序内或在联合提供程序内运行。BTB服务已作为EASI-CLOUDS项目安全工具的一部分实施，并已在线部署。我们介绍了BTB服务及其主要组件(BTB报告服务和BTB检测服务)的实现细节。BTB检测服务将在从同一提供者或从另一个联合提供者接收到BTB报告后开始运行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE Seventh International Conference on Intelligent Computing and Information Systems (ICICIS)

自引率

0.00%

发文量