|Article title||DETECTION OF NETWORK ATTACKS AND COUNTERMEASURE SELECTION IN CLOUD SYSTEMS|
|Authors||L.S. Kramarov, L.K. Babenko|
|Section||SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS|
|Month, Year||12, 2013 @en|
|Abstract||Cloud security is one of most important issues that has attracted a lot of research and development effort in past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as multistep exploitation, low-frequency vulnerability scanning, and compromising identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, we propose a multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE, which is built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. The proposed framework leverages OpenFlow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.|
|Keywords||Network security; cloud computing; intrusion detection; attack graph.|
|References||1. Armbrust M., Fox A., Griffith R. A View of Cloud Computing // ACM Comm. – Apr. 2010. - Vol. 53, № 4. – С. 50-58.
2. Keller E., Szefer J., Rexford J., Lee R. B. NoHype: Virtualized Cloud Infrastructure without the Virtualization. Proc. 37th ACM Ann. Int’l Symp. Computer Architecture (ISCA ’10), June 2010. – P. 350-361.
3. Roy A., Kim D.S., Trivedi K. Scalable Optimal Countermeasure Selection Using Implicit Enumeration on Attack Countermeasure Trees. Proc. IEEE Int’l Conf. Dependable Systems Networks (DSN ’12), June 2012.
4. Mell P., Scarfone K., Romanosky S. Common Vulnerability Scoring System (CVSS),” http://www.first.org/cvss/cvss-guide.html, May 2010.
5. National Institute of Standards and Technology, “National Vulnerability Database, NVD,” http://nvd.nist. gov, 2012.