通过集群方法检测恶意虚拟机

2015 International Conference on Cloud Technologies and Applications (CloudTech) Pub Date : 2015-06-02 DOI:10.1109/CLOUDTECH.2015.7336986

Mohammad-Mahdi Bazm, R. Khatoun, Y. Begriche, L. Khoukhi, Xiuzhen Chen, A. Serhrouchni

{"title":"通过集群方法检测恶意虚拟机","authors":"Mohammad-Mahdi Bazm, R. Khatoun, Y. Begriche, L. Khoukhi, Xiuzhen Chen, A. Serhrouchni","doi":"10.1109/CLOUDTECH.2015.7336986","DOIUrl":null,"url":null,"abstract":"Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.","PeriodicalId":293168,"journal":{"name":"2015 International Conference on Cloud Technologies and Applications (CloudTech)","volume":"130 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Malicious virtual machines detection through a clustering approach\",\"authors\":\"Mohammad-Mahdi Bazm, R. Khatoun, Y. Begriche, L. Khoukhi, Xiuzhen Chen, A. Serhrouchni\",\"doi\":\"10.1109/CLOUDTECH.2015.7336986\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.\",\"PeriodicalId\":293168,\"journal\":{\"name\":\"2015 International Conference on Cloud Technologies and Applications (CloudTech)\",\"volume\":\"130 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Conference on Cloud Technologies and Applications (CloudTech)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CLOUDTECH.2015.7336986\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Cloud Technologies and Applications (CloudTech)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLOUDTECH.2015.7336986","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

云计算旨在为网络上的用户提供巨大的资源和服务、并行处理和可靠访问。云的灵活资源可能被恶意行为者用来攻击其他基础设施。云可以作为执行这些攻击的平台，云中的虚拟机可以扮演属于僵尸网络的恶意虚拟机的角色，向受害者发送大量流量。对于云服务提供商来说，防止他们的基础设施变成攻击平台是非常具有挑战性的，因为它需要在高度动态和异构的环境中从源头检测攻击。本文提出了一种基于网络参数分析的云环境恶意行为检测方法。该方法是一种基于源的攻击检测方法，将熵和聚类方法应用于网络参数。在Cloudsim上模拟了Cloud的环境。数据集群可以实现高性能，正确集群的虚拟机百分比高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Malicious virtual machines detection through a clustering approach

Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 International Conference on Cloud Technologies and Applications (CloudTech)

自引率

0.00%

发文量