Detecting the Origin of DDoS Attacks in OpenStack Cloud Platform Using Data Mining Techniques

  • Konstantin Borisenko
  • Andrey Rukavitsyn
  • Andrei Gurtov
  • Andrey Shorov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9870)

Abstract

The paper presents the results of the design and implementation of detection system against DDoS attacks for OpenStack cloud computing platform. Proposed system uses data mining techniques to detect malicious traffic. Formal models of detecting components are described. To train data mining models real legitimate traffic was combined with modelled malicious one. Paper presents results of detecting the origin of DDoS attacks on cloud instances.

Keywords

Cloud security DDoS attacks Cloud security components Data mining 

References

  1. 1.
    Salesforce.com: What is Cloud Computing? - Salesforce UK. http://www.salesforce.com/uk/cloudcomputing/#where
  2. 2.
    Secucloud web-site: Secucloud. https://secucloud.com/en/company/about-us
  3. 3.
    Weins, K.: RightScale State of the Cloud 2013: A New Industry Survey. http://www.rightscale.com/blog/cloud-industry-insights/rightscale-state-cloud-2013-new-industry-survey
  4. 4.
    Munz, G., Li, S., Carle, G.: Traffic anomaly detection using k-means clustering. In: GI/ITG Workshop MMBnet (2007)Google Scholar
  5. 5.
    Docs.openstack.org: OpenStack Docs: Scenario: Legacy with Open vSwitch. http://docs.openstack.org/networking-guide/scenario_legacy_ovs.html
  6. 6.
    Michael Scheck. Netflow For Incident Detection/Cisco CSIRT. https://www.first.org/global/practices/Netflow.pdf
  7. 7.
    Oracle web-site: Oracle Exalogic Elastic Cloud: System Overview. http://www.oracle.com/us/products/middleware/exalogic/exalogic-system-overview-1724075.pdf
  8. 8.
    Delimitrou, C., Kozyrakis, C.: Security Implications of Data Mining in Cloud Scheduling. IEEE Comput. Arch. Lett. 1–1 (2015)Google Scholar
  9. 9.
    Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for DDoS attack defense in cloud environment. Future Gen. Comput. Syst. 29, 1838–1850 (2013)CrossRefGoogle Scholar
  10. 10.
    Vieira, K., Schulter, A., Westphall, C., Westphall, C.: Intrusion detection for grid and cloud computing. IT Prof. 12, 38–43 (2010)CrossRefGoogle Scholar
  11. 11.
    Zolotukhin, M., Hamalainen, T., Kokkonen, T., et al.: Data mining approach for detection of DDoS attacks utilizing SSL/TLS protocol. In: 15th International Conference, NEW2AN 2015, St. Petersburg, Russia, pp. 274–285 (2015)Google Scholar
  12. 12.
    Bekeneva, Y., Borisenko, K., Shorov, A., Kotenko, I.: Investigation of DDoS attacks by hybrid simulation. In: Khalil, I., et al. (eds.) ICT-EurAsia 2015 and CONFENIS 2015. LNCS, vol. 9357, pp. 179–189. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24315-3_18 CrossRefGoogle Scholar
  13. 13.
    Borisenko, K., Smirnov, A., Novikova, E., Shorov, A.: DDoS attacks detection in cloud computing using data mining techniques. In: Perner, P. (ed.) ICDM 2016. LNCS (LNAI), vol. 9728, pp. 197–211. Springer, Heidelberg (2016). doi:10.1007/978-3-319-41561-1_15 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Konstantin Borisenko
    • 1
  • Andrey Rukavitsyn
    • 1
  • Andrei Gurtov
    • 2
    • 3
  • Andrey Shorov
    • 1
  1. 1.Department of Computer Science and EngineeringSaint-Petersburg Electrotechnical University “LETI”Saint-PetersburgRussia
  2. 2.Department of Computer and Information ScienceLinköping UniversityLinköpingSweden
  3. 3.SCA Research LabITMO UniversitySaint-PetersburgRussia

Personalised recommendations