Speakers
Synopsis
Online Social Network Botnets (OSNs) attacks pose a growing threat to cloud environment and reduce the service availability and reliability for the users through launching Distributed Denial-of-service (DDoS) attacks on crucial servers in the cloud. Most of the botnet attacks can be detected by intrusion detection or firewall systems (IDS). In this work, an investigation is conducted about the properties of OSN botnet attack scenarios launching DDoS attacks toward a cloud system. Then, a sequential game model is developed to analyze both attackers and defenders' best equilibrium strategies for the proposed botnet scenario. Moreover, an optimal strategies for the defender against various attack strategies is formulated.
Various botnet detection techniques have been proposed in literature such as abnormal behavior, communication signature-based techniques, and so forth. However, the new generation of botnets can evade IDS in the cloud through passive activities, target and intention concealment. It makes the detection difficult to determine whether if the incoming traffic is benign or malicious botnet attacks. Thus, it is important to evaluate the cloud’s resiliency and functionality against various successful attack scenarios based on optimal defense strategies.
Social network botnet attacks involve the deployment of sophisticated botnets that exploit the interconnected nature of social networks to identify the targets, exploit the vulnerabilities, and launch attacks. Prevalence and impact of these botnet-driven attacks have been recently studied. While the detection of these botnet attacks can be challenging, it remains crucial to gain comprehensive insights into and evaluate the new strategies employed by both attackers and defenders. This evaluation can be further utilised to formulate effective defense plans aimed at mitigating the impact of botnet attacks.
In this work, we assumed the attackers can leverage Online Social Network Botnets (OSN) botnet to launch both passive and active attacks against a cloud system. Launching passive attacks enables the attackers to collect information about the targets. OSN botnet consists of a botmaster and bots. Finding critical targets in the cloud is performed by the botmaster. Then, the targets captured by botmaster and will be distributed to the bots for further attacks. The botnet attack scenario undergoes four steps including monitoring the target system, launching passive attacks to gain information about critical Virtual Machines (VMs) in the cloud, planning a subtle strategy for attack, and finally launch DDoS attack toward critical VMs in the target cloud system.
The conducted experiments reveal the best defense strategies that can be taken against botnet attacks with various attack rates to keep the cloud utility in an acceptable level.
