Attribution of Economic Denial of Sustainability Attacks in Public Clouds

  • Mohammad Karami
  • Songqing ChenEmail author
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 198)


The cloud pricing model leaves cloud consumers vulnerable to Economic Denial of Sustainability (EDoS) attacks. In this type of attacks, an adversary first identifies web resources with high levels of cloud resource consumption, and then uses a botnet of compromised hosts to make fraudulent requests to these costly web resources. The attacker’s goal is to disrupt the economical sustainability of the victim by inflicting cost through fraudulent consumption of billable cloud resources.

In this paper, we propose two different Markov-based models to profile the behavior of legitimate users in terms of their resource consumption and to detect malicious sources engaged in fraudulent use of cloud resources. Our experimental evaluation results demonstrate the effectiveness of the proposed attribution methodology for identifying malicious sources participating in EDoS attacks.


Economic Denial of Sustainability EDoS detection Markov chain Hidden semi Markov model 



We would like to thank anonymous reviewers for their comments. This work was supported in part by an ARO grant W911NF-15-1-0262 and a NSF grant CNS-1524462.


  1. 1.
  2. 2.
  3. 3.
    Amazon ec2 pricing (2016).
  4. 4.
    Alomari, E., Manickam, S., Gupta, B., Karuppayah, S., Alfaris, R.: Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. arXiv preprint arXiv:1208.0403 (2012)
  5. 5.
    Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)CrossRefGoogle Scholar
  6. 6.
    Beitollahi, H., Deconinck, G.: Tackling application-layer DDoS attacks. Procedia Comput. Sci. 10, 432–441 (2012)CrossRefGoogle Scholar
  7. 7.
    Bursztein, E., Bethard, S., Fabry, C., Mitchell, J.C., Jurafsky, D.: How good are humans at solving captchas? A large scale evaluation. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 399–413. IEEE (2010)Google Scholar
  8. 8.
    Bursztein, E., Martin, M., Mitchell, J.: Text-based captcha strengths and weaknesses. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 125–138. ACM (2011)Google Scholar
  9. 9.
    Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-14527-8_1 CrossRefGoogle Scholar
  10. 10.
    Thomas, K., Huang, D., Wang, D., Bursztein, E., Grier, C., Holt, T.J., Kruegel, C., McCoy, D., Savage, S., Vigna, G.: Framing dependencies introduced by underground commoditization. In: Proceedings of the 14th Annual Workshop on the Economics of Information Security (2015), Netherlands, June 22–23 (2015)Google Scholar
  11. 11.
    Idziorek, J., Tannian, M.: Exploiting cloud utility models for profit and ruin. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), pp. 33–40. IEEE (2011)Google Scholar
  12. 12.
    Idziorek, J., Tannian, M., Jacobson, D.: Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, pp. 61–72. ACM (2011)Google Scholar
  13. 13.
    Idziorek, J., Tannian, M., Jacobson, D.: Attribution of fraudulent resource consumption in the cloud. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 99–106. IEEE (2012)Google Scholar
  14. 14.
    Idziorek, J., Tannian, M.F., Jacobson, D.: The insecurity of cloud utility models. IT Prof. 2, 22–27 (2013)CrossRefGoogle Scholar
  15. 15.
    Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, pp. 293–304. ACM (2002)Google Scholar
  16. 16.
    Karami, M., McCoy, D.: Understanding the emerging threat of DDoS-as-a-service. In: Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (2013)Google Scholar
  17. 17.
    Karami, M., Park, Y., McCoy, D.: Stress testing the booters: understanding and undermining the business of DDoS services. In: Proceedings of the World Wide Web Conference (WWW) (2016)Google Scholar
  18. 18.
    Khor, S.H., Nakao, A.: sPoW: on-demand cloud-based eDDOS mitigation mechanism. In: HotDep (Fifth Workshop on Hot Topics in System Dependability) (2009)Google Scholar
  19. 19.
    Mitchell, T.M.: Machine Learning, vol. 45, p. 995. McGraw-Hill, Burr Ridge (1997)zbMATHGoogle Scholar
  20. 20.
    Motoyama, M., Levchenko, K., Kanich, C., McCoy, D., Voelker, G.M., Savage, S.: Re: Captchas-understanding captcha-solving services in an economic context. In: USENIX Security Symposium, vol. 10, p. 3 (2010)Google Scholar
  21. 21.
    Naresh Kumar, M., Sujatha, P., Kalva, V., Nagori, R., Katukojwala, K., Kumar, M.: Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: 2012 Fourth International Conference on Computational Intelligence and Communication Networks (CICN), pp. 535–539. IEEE (2012)Google Scholar
  22. 22.
    Oikonomou, G., Mirkovic, J.: Modeling human behavior for defense against flash-crowd attacks. In: IEEE International Conference on Communications, ICC 2009, pp. 1–6. IEEE (2009)Google Scholar
  23. 23.
    Ryan, M.D.: Cloud computing security: the scientific challenge, and a survey of solutions. J. Syst. Softw. 86(9), 2263–2268 (2013)CrossRefGoogle Scholar
  24. 24.
    Sood, A.K., Enbody, R.J.: Crimeware-as-a-service—a survey of commoditized crimeware in the underground market. Int. J. Crit. Infrastruct. Prot. 6(1), 28–38 (2013)CrossRefGoogle Scholar
  25. 25.
    Sqalli, M.H., Al-Haidari, F., Salah, K.: Edos-shield-a two-steps mitigation technique against edos attacks in cloud computing. In: 2011 Fourth IEEE International Conference on Utility and Cloud Computing (UCC), pp. 49–56. IEEE (2011)Google Scholar
  26. 26.
    Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)CrossRefGoogle Scholar
  27. 27.
    Takabi, H., Joshi, J.B., Ahn, G.-J.: Security and privacy challenges in cloud computing environments. IEEE Secur. Priv. 6, 24–31 (2010)CrossRefGoogle Scholar
  28. 28.
    Thing, V.L., Sloman, M., Dulay, N.: A Survey of Bots Used for Distributed Denial of Service Attacks. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) SEC 2007. IFIP, vol. 232, pp. 229–240. Springer, Boston, MA (2007). doi: 10.1007/978-0-387-72367-9_20 CrossRefGoogle Scholar
  29. 29.
    Wang, H., Xi, Z., Li, F., Chen, S.: Abusing public third-party services for EDoS attacks. In: 10th USENIX Workshop on Offensive Technologies (WOOT 2016) (2016)Google Scholar
  30. 30.
    Wen, S., Jia, W., Zhou, W., Zhou, W., Xu, C.: Cald: surviving various application-layer DDoS attacks that mimic flash crowd. In: 2010 4th International Conference on Network and System Security (NSS), pp. 247–254. IEEE (2010)Google Scholar
  31. 31.
    Yu, S.-Z.: Hidden semi-Markov models. Artif. Intell. 174(2), 215–243 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Yu, S.-Z., Kobayashi, H.: An efficient forward-backward algorithm for an explicit-duration hidden Markov model. IEEE Sig. Process. Lett. 10(1), 11–14 (2003)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2017

Authors and Affiliations

  1. 1.Department of Computer ScienceGeorge Mason UniversityFairfaxUSA

Personalised recommendations