2013 IEEE Sixth International Conference on Cloud Computing (2012)
Honolulu, HI, USA USA
June 24, 2012 to June 29, 2012
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CLOUD.2012.23
Obligated by a utility pricing model, Internet-facing web resources hosted in the public cloud are vulnerable to Fraudulent Resource Consumption (FRC) attacks. Unlike an application-layer DDoS attack that consumes resources with the goal of disrupting short-term availability, an FRC attack is a considerably more subtle attack that instead seeks to disrupt the long-term financial viability of operating in the cloud by exploiting the utility pricing model over an extended time period. By fraudulently consuming web resources in sufficient volume (i.e. data transferred out of the cloud), an attacker (e.g. botnet) is able to incur significant fraudulent charges to the victim. This paper proposes an attribution methodology to identify malicious clients participating in an FRC attack. Experimental results demonstrate that the presented methodology achieves qualified success against challenging attack scenarios.
Pricing, Training, Computer crime, Bandwidth, Context, NASA, Cloud computing, anomaly detection, cloud computing, attribution, utility pricing model, fraudulent resource consumption attack, security, application-layer DDoS
Joseph Idziorek, Mark Tannian, Doug Jacobson, "Attribution of Fraudulent Resource Consumption in the Cloud", 2013 IEEE Sixth International Conference on Cloud Computing, vol. 00, no. , pp. 99-106, 2012, doi:10.1109/CLOUD.2012.23