DDoS attacks usually take up early stage actions such as multi-step exploitation, low frequency vulnerability scanning and compromising identified vulnerable virtual machines as zombies and lastly DDoS attacks through the compromised zombies. Within the cloud system particularly the Infrastructure-as-a-Service (IaaS) clouds the detection of zombie study attacks is extremely hard. This is for the reason that cloud users may set up vulnerable applications on their virtual machines. To prevent susceptible virtual machines from being compromised in the cloud we propose a multi-phase distributed vulnerability detection, measurement and countermeasure selection method called NICE which is built on attack graph based on analytical models and reconfigurable virtual network-based countermeasures.

 

Network Security, Cloud Computing, Intrusion Detection, Attack Graph, Zombie Detection.

Coud Sercurity Alliance, “Top threats to cloud computing v1.0,” https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf, March 2010.

M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A view of cloud computing,” ACM Commun., vol. 53, no. 4, pp.

–58, Apr. 2010.

B. Joshi, A. Vijayan, and B. Joshi, “Securing cloud computing environment against DDoS attacks,” IEEE Int’l Conf. Computer Communication and Informatics (ICCCI ’12), Jan. 2012.

H. Takabi, J. B. Joshi, and G. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security & Privacy, vol. 8, no. 6, pp. 24–31, Dec. 2010.

“Open vSwitch project,” http://openvswitch.org, May 2012.

Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J. Barker, “Detecting spam zombies by monitoring outgoing messages,” IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198–210, Apr. 2012.

G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, “BotHunter: detecting malware infection through IDS-driven dialog correlation,” Proc. of 16th USENIX Security Symp. (SS ’07), pp. 12:1–12:16, Aug. 2007.

G. Gu, J. Zhang, and W. Lee, “BotSniffer: detecting botnet command and control channels in network traffic,” Proc. of 15th Ann. Network and Distributed Sytem Security Symp. (NDSS ’08), Feb. 2008.

O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, “Automated generation and analysis of attack graphs,” Proc. IEEE Symp. on Security and Privacy, 2002, pp. 273–284. [10] “NuSMV: A new symbolic model checker,” http://afrodite.itc.it:1024/∼nusmv. Aug. 2012.

S. H. Ahmadinejad, S. Jalili, and M. Abadi, “A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs,” Computer Networks, vol. 55, no. 9, pp. 2221–2240, Jun. 2011.

X. Ou, S. Govindavajhala, and A. W. Appel, “MulVAL: a logicbased network security analyzer,” Proc. of 14th USENIX Security Symp., pp. 113–128. 2005.

R. Sadoddin and A. Ghorbani, “Alert correlation survey: framework and techniques,” Proc. ACM Int’l Conf. on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business

Services (PST ’06), pp. 37:1–37:10. 2006.

L. Wang, A. Liu, and S. Jajodia, “Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts,” Computer Communications, vol. 29, no. 15, pp. 2917–2933, Sep. 2006.

S. Roschke, F. Cheng, and C. Meinel, “A new alert correlation algorithm based on attack graph,” Computational Intelligence in Security for Information Systems, LNCS, vol. 6694, pp. 58–67. Springer,2011.