Detecting fraudulent use of cloud resources
J Idziorek, M Tannian, D Jacobson - … of the 3rd ACM workshop on Cloud …, 2011 - dl.acm.org
J Idziorek, M Tannian, D Jacobson
Proceedings of the 3rd ACM workshop on Cloud computing security workshop, 2011•dl.acm.orgInitial threat modeling and security research on the public cloud model has primarily focused
on the confidentiality and integrity of data transferred, processed, and stored in the cloud.
Little attention has been paid to the external threat sources that have the capability to affect
the financial viability, hence the long-term availability, of services hosted in the public cloud.
Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC)
attack is a much more subtle attack carried out over a longer duration of time. The objective …
on the confidentiality and integrity of data transferred, processed, and stored in the cloud.
Little attention has been paid to the external threat sources that have the capability to affect
the financial viability, hence the long-term availability, of services hosted in the public cloud.
Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC)
attack is a much more subtle attack carried out over a longer duration of time. The objective …
Initial threat modeling and security research on the public cloud model has primarily focused on the confidentiality and integrity of data transferred, processed, and stored in the cloud. Little attention has been paid to the external threat sources that have the capability to affect the financial viability, hence the long-term availability, of services hosted in the public cloud. Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC) attack is a much more subtle attack carried out over a longer duration of time. The objective of the attacker is to exploit the utility pricing model which governs the resource usage in the cloud model by fraudulently consuming web content with the purpose of depriving the victim of their long-term economic availability of hosting publicly accessible web content in the cloud. In this paper, we thoroughly describe the FRC attack and discuss why current application-layer DDoS detection schemes are not applicable to a more subtle attack. We propose three detection metrics that together form the criteria for identifying a FRC attack from that of normal web activity. Experimental results based on three plausible attack scenarios show that an attacker without knowledge of the web log has a difficult time mimicking the self-similar and consistent request semantics of normal web activity.
ACM Digital Library