论文信息 - Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

The cloud computing environment offers malicious users the ability to spawn multiple instances of cloud nodes that are similar to virtual machines, except that they can have separate external IP addresses. In this paper we demonstrate how this ability can be exploited by an attacker to distribute his/her attack, in particular SQL injection attacks, in such a way that an intrusion detection system (IDS) could fail to identify this attack. To demonstrate this, we set up a small private cloud, established a vulnerable website in one instance, and placed an IDS within the cloud to monitor the network traffic. We found that an attacker could quite easily defeat the IDS by periodically altering its IP address. To detect such an attacker, we propose to use multi-agent plan recognition, where the multiple source IPs are considered as different agents who are mounting a collaborative attack. We show that such a formulation of this problem yields a more sophisticated approach to detecting SQL injection attacks within a cloud computing environment.

Alan Kebert | Bikramjit Barnejee | Juan Solano | Wanda Solano

[1] Lei Li,et al. Multi-Agent Plan Recognition with Partial Team Traces and Plan Libraries , 2011, IJCAI.

[2] Bikramjit Banerjee,et al. Branch and Price for Multi-Agent Plan Recognition , 2011, AAAI.

[3] Alessandro Orso,et al. A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[4] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[5] Kelly M. Kavanagh,et al. Magic Quadrant for Security Information and Event Management , 2011 .

[6] Bikramjit Banerjee,et al. Multi-Agent Plan Recognition: Formalization and Algorithms , 2010, AAAI.

[7] Zahid Anwar,et al. Digital Forensics for Eucalyptus , 2011, 2011 Frontiers of Information Technology.

[8] Subbarao Kambhampati,et al. Action-Model Based Multi-agent Plan Recognition , 2012, NIPS.

[9] Richard Wolski,et al. The Eucalyptus Open-Source Cloud-Computing System , 2009, 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid.