Detecting the Origin of DDoS Attacks in OpenStack Cloud Platform Using Data Mining Techniques
The paper presents the results of the design and implementation of detection system against DDoS attacks for OpenStack cloud computing platform. Proposed system uses data mining techniques to detect malicious traffic. Formal models of detecting components are described. To train data mining models real legitimate traffic was combined with modelled malicious one. Paper presents results of detecting the origin of DDoS attacks on cloud instances.
KeywordsCloud security DDoS attacks Cloud security components Data mining
The authors want to gratefully thank the director of Second Saint Petersburg Highschool Marder Ludmila Maratovna and system administrator Shilnikov Denis Evgenievich for providing us the possibility to implement our components in schools corporate network and monitoring the traffic flows values.
The paper has been prepared within the scope of the state project “Organization of scientific research” of the main part of the state plan of the Board of Education of Russia, the project part of the state plan of the Board of Education of Russia (task 2.136.2014/K), supported by grant of RFBR #16-07-00625, supported by Russian President’s fellowship, as well as with the financial support of the Foundation for Assistance to Small Innovative Enterprises in the scientific and technical spheres #10134gu2015.
- 1.Salesforce.com: What is Cloud Computing? - Salesforce UK. http://www.salesforce.com/uk/cloudcomputing/#where
- 2.Secucloud web-site: Secucloud. https://secucloud.com/en/company/about-us
- 3.Weins, K.: RightScale State of the Cloud 2013: A New Industry Survey. http://www.rightscale.com/blog/cloud-industry-insights/rightscale-state-cloud-2013-new-industry-survey
- 4.Munz, G., Li, S., Carle, G.: Traffic anomaly detection using k-means clustering. In: GI/ITG Workshop MMBnet (2007)Google Scholar
- 5.Docs.openstack.org: OpenStack Docs: Scenario: Legacy with Open vSwitch. http://docs.openstack.org/networking-guide/scenario_legacy_ovs.html
- 6.Michael Scheck. Netflow For Incident Detection/Cisco CSIRT. https://www.first.org/global/practices/Netflow.pdf
- 7.Oracle web-site: Oracle Exalogic Elastic Cloud: System Overview. http://www.oracle.com/us/products/middleware/exalogic/exalogic-system-overview-1724075.pdf
- 8.Delimitrou, C., Kozyrakis, C.: Security Implications of Data Mining in Cloud Scheduling. IEEE Comput. Arch. Lett. 1–1 (2015)Google Scholar
- 11.Zolotukhin, M., Hamalainen, T., Kokkonen, T., et al.: Data mining approach for detection of DDoS attacks utilizing SSL/TLS protocol. In: 15th International Conference, NEW2AN 2015, St. Petersburg, Russia, pp. 274–285 (2015)Google Scholar