A Review Paper on Botnet and Botnet Detection Techniques in Cloud Computing

Recently, botnets are the most radical of all cyberattacks and becoming the key issue in cloud computing. Botnets are the network of different compromised computers and/or smartphones. These devices are infected with malicious code by botmaster and controlled as groups. The attackers use these botnets for criminal activities such as DDoS, click fraud, phishing, spamming, sniffing traffic and spreading new malware. The main issue is how to detect these botnets? It becomes more interesting for the researchers related to cyber-security? This motivates us to write a review on botnets, its architecture and detection techniques

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies

On the prevention of Cross-VM cache-based side channel attacks / Zakira Inayat

The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. While it provides numerous benefits to the CC tenant, however, resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as side channel (SC) attacks. In particular, physical co-residency features allow attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. We investigate SC attacks involving the CPU cache and identify that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We go on to demonstrate the prevention mechanisms, however, the existing prevention techniques either require the client to change the software or the underlying hardware and suffer from performance degradation leading to reduce cache usage and increase overhead. To address this problem and improve performance, we investigate that new technique such as dynamic cache partition is necessary to mitigate these sorts of attacks in a cloud environment which is hypervisor-based and does not need the client to change their software and the underlying hardware. Finally, we propose new hypervisor-based mitigation technique, implementing them in a state-of-the-art cloud system which guarantees the security and performance feature of the system. The proposed prevention mechanism is evaluated using various benchmarking experiments. The evaluation results show that merging our proposed method into hypervisor can prevent cross-VM cache-based SC attacks without affecting the performance of hypervisor. Our dynamic partitioned (HBP-DCP based) hypervisor improves the bearable load by increasing the number of request per second by 45% and by decreasing the average response time by 5.58%. Moreover, improve cache utilization that each VM has access to by increasing cache read/modify/write, cache read, and cache write bandwidth in combine by 53.5% and increasing the cache access time by 15.53%, as a result substantially increase the efficiency as significant

Cloud Computing: Locally Sub-Clouds instead of Globally One Cloud

Efficiency (in term of time consumption) and effectiveness in resources utilization are the desired quality attributes in cloud services provision. The main purpose of which is to execute jobs optimally, i.e., with minimum average waiting, turnaround and response time by using effective scheduling technique. Replication provides improved availability and scalability; decreases bandwidth use and increases fault tolerance. To speed up access, file can be replicated so a user can access a nearby replica. This paper proposes architecture to convert Globally One Cloud to Locally Many Clouds. By combining replication and scheduling, this architecture improves efficiency and easy accessibility. In the case of failure of one sub cloud or one cloud service, clients can start using another cloud under “failover” techniques. As a result, no one cloud service will go down

A Static Approach towards Mobile Botnet Detection

The use of mobile devices, including smartphones, tablets, smart watches and notebooks are increasing day by day in our societies. They are usually connected to the Internet and offer nearly the same functionality, same memory and same speed like a PC. To get more benefits from these mobile devices, applications should be installed in advance. These applications are available from third party websites, such as google play store etc. In existing mobile devices operating systems, Android is very easy to attack because of its open source environment. Android OS use of open source facilty attracts malware developers to target mobile devices with their new malicious applications having botnet capabilities. Mobile botnet is one of the crucial threat to mobile devices. In this study we propose a static approach towards mobile botnet detection. This technique combines MD5, permissions, broadcast receivers as well as background services and uses machine learning algorithm to detect those applications that have capabilities for mobile botnets. In this technique, the given features are extracted from android applications in order to build a machine learning classifier for detection of mobile botnet attacks. Initial experiments conducted on a known and recently updated dataset: UNB ISCX Android botnet dataset, having the combination of 14 different malware families, shows the efficiency of our approach. The given research is in progress

Response Option for Attacks Detected by Intrusion Detection System

In past decades, we have seen that the increasing speed of the network attacks compromising computer system functionality and degrading network performance. The security of these systems has attracted a lot of research in the field of intrusion detection and response system to reduce the effect of these attacks. Response is a major part of intrusion detection system. Intrusion detection system without a timely response is not considered good even they detect threat and generate alarms. Optimum response is based on the selection of proper response option. In this paper, we categorize the attacks and propose some response option to thwart these attacks

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies

Cloud-Based Intrusion Detection and Response System: Open Research Issues, and Solutions

Mobile cloud computing (MCC) allows smart mobile devices (SMD) to access the cloud resources in order to offload data from smartphones and to acquire computational services for application processing. A distinctive factor in accessing cloud resources is the communication link. However, the communication links between SMD and cloud resources are weak, which allows intruders to perform malicious activities by exploiting their vulnerabilities. This makes security a key challenge in the MCC environment. Several intrusion detection and response systems (IDRSs) are adapted to address the exploitation of vulnerabilities that affect smartphones, communication links between cloud resources and smartphones, as well as cloud resources. In this article, we discuss the cloud-based IDRS in the context of SMD and cloud resources in the MCC infrastructure. The stringent security requirements are provided as open issues along with possible solutions. The article aims at providing motivations for researchers, academicians, security administrators, and cloud service providers to discover mechanisms, frameworks, standards, and protocols to address the challenges faced by cloud-based IDRS for SMD

Intrusion Response Systems: Foundations, Design, and Challenges

In the last few decades, various network attacks have emerged. This phenomenon requires serious consideration to address its extensive consequences. To overcome the effects of network attacks, an appropriate intrusion detection system and a real-time intrusion response system are required. In this paper, we present an IRS taxonomy based on design parameters to classify existing schemes. Furthermore, we investigate the essential response design parameters for IRS to mitigate attacks in real time and obtain a robust output. The majority of existing schemes disregard the importance of semantic coherence and dynamic response parameters in the response selection process. Therefore, most existing schemes produce inaccurate results by generating false alarms. These design parameters are comprehensively discussed in this paper. We have qualitatively analyzed existing IRS schemes on the basis of the response design parameters. Open research challenges are identified to highlight key research areas in this research domain

Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A Survey

The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. Although CC provides numerous benefits to the cloud computing tenant. However, features namely resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as Side Channel (SC) attacks. In particular, the physical co-residency feature allows attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. Unlike encryption, which protects information from being decoded by unauthorized persons, SC attacks aim to exploit the encryption systems and to hide the occurrence of communication. SC attacks were initially identified as the main threat on multi-level secure systems i.e. OS, database, and networks. More recently, the focus of the researchers has shifted toward SC attacks in CC. Since the last level cache (L2 or L3) is always shared between VM, is the most targeting device for these attacks. Therefore, the aim of this article is to explore cross-VM SC attacks involving the CPU cache and their countermeasures in CC and to compare with the traditional SC attacks and countermeasures. We categorized the SC attacks according to the hardware medium they target and exploit, the ways they access the module and the method they use to extract confidential information. We identified that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We also proposed countermeasures for the prevention of these attacks in order to improve security in CC