Funcionalidades e recursos nativos da computação em nuvem na detecção, identificação e mitigação de ataques a serviços e a clientes: uma contribuição pelo uso de aprendizado de máquina
Nenhuma Miniatura disponível
Data
2021-10-29
Autores
Corrêa, João Henrique Gonçalves Medeiros
Título da Revista
ISSN da Revista
Título de Volume
Editor
Universidade Federal do Espírito Santo
Resumo
Attacks, whether denial-of-service or intrusion, are a permanent challenge in computer networks, with a further escalation due to migration of services to cloud computing environments. This new computing paradigm, in which services share the same infrastructure, potentializes the problems generated by these attacks, leading to disastrous consequences for users, enterprises, and corporations. In the literature, network middleboxes such as Deep Packet Inspectors are usually required to perform the task of detecting these attacks. These systems end up being dependent on attack signatures and specific protocols. Moreover, there is a great difficulty in locating the collection of traffic within the data center. Also, the insertion of these systems leads to an increase in service time, affecting metrics related to Quality-of-Service (QoS) and Experience (QoE). If traffic is being used in conjunction with encryption algorithms, the operation of these systems is impaired. Several cloud infrastructures have powerful native telemetry systems, commonly used for resource monitoring and billing. Our thesis here is that machine learning algorithms help deepen the analysis of the massive volumes of data extracted from the native data collection service of the cloud infrastructure, which provides monitoring of a multitude of metrics from both physical and virtual hosts. Thus, we use machine learning algorithms to process datasets collected from the service of native telemetry of the cloud infrastructure to perform the detection and identification. These datasets contain information from the victim virtual machine hosted in the cloud environment. After performing the detection and identification, mechanism of the cloud environment itself are used to mitigate attacks, as exemplified by autoscaling. To perform a proof-of-concept, we used an experimental environment, with the OpenStack cloud platform, with both DDoS and intrusion attacks. Telemetry data was used as input to machine learning algorithms to classify the presence of an attack. Results showed good accuracy and a good relationship between false positives and true positives to detect and identify attacks. Finally, the mitigation mechanism offered greater availability for clients during denial-of-service attacks.
Descrição
Palavras-chave
Computação em nuvem , segurança de redes , aprendizado de máquina , telemetria