Towards Abuse Detection and Prevention in IaaS Cloud Computing

Cloud computing is frequently being used to host online services. Abuse of cloud resources poses an important problem for cloud service providers. If third parties are affected by abuse, bad publicity or legal liabilities may ensue for the provider. There is an unsatisfactory level of protection against abuse of cloud offerings at the moment. In this paper, we analyse the current state of abuse detection and prevention in IaaS cloud computing. To establish what constitutes abuse in an IaaS environment, a survey of acceptable use policies of cloud service providers was conducted. We have found that existing intrusion detection and prevention techniques are only of limited use in this environment due to the high level of control that users can exercise over their resources. However, cloud computing opens up different opportunities for intrusion detection. We present possible approaches for abuse detection, which we plan to investigate further in future work.

[1]  A. Jeffree,et al.  Acceptable Use Policy , 1991, Comput. Networks ISDN Syst..

[2]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[3]  Sudhir N. Dhage,et al.  Intrusion detection system in cloud computing environment , 2011, ICWET.

[4]  Anil Somayaji,et al.  The Futility of DNSSec , 2010 .

[5]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[6]  W. Timothy Strayer,et al.  Detecting Botnets with Tight Command and Control , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[7]  Frank Doelitzscher,et al.  Incident Detection for Cloud Environments , 2011 .

[8]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[9]  Martin Knahl,et al.  Anomaly Detection in IaaS Clouds , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[10]  T.Y. Lin,et al.  Anomaly detection , 1994, Proceedings New Security Paradigms Workshop.

[11]  Damon McCoy,et al.  Dialing Back Abuse on Phone Verified Accounts , 2014, CCS.

[12]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[13]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[14]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[15]  Hari Balakrishnan,et al.  Fast portscan detection using sequential hypothesis testing , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[16]  Richard Clayton,et al.  Stopping Spam by Extrusion Detection , 2004, CEAS.

[17]  Irfan Gul,et al.  Distributed Cloud Intrusion Detection Model , 2011 .

[18]  Ruby B. Lee,et al.  BitDeposit: Deterring Attacks and Abuses of Cloud Computing Services through Economic Measures , 2013, 2013 13th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing.

[19]  Daniele Sgandurra,et al.  Cloud security is not (just) virtualization security: a short paper , 2009, CCSW '09.

[20]  Fang Hao,et al.  Secure Cloud Computing with a Virtualized Network Infrastructure , 2010, HotCloud.

[21]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[22]  Jie Xu,et al.  An automatic intrusion diagnosis approach for clouds , 2011, Int. J. Autom. Comput..

[23]  Raouf Boutaba,et al.  A survey of network virtualization , 2010, Comput. Networks.

[24]  Sureswaran Ramadass,et al.  A Survey of Botnet and Botnet Detection , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[25]  Xuxian Jiang,et al.  SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures , 2011, NDSS.

[26]  Salvador Mandujano,et al.  Outbound Intrusion Detection , 2004 .