Top

Published in:

2014 | OriginalPaper | Chapter

Moving Target Defense for Cloud Infrastructures: Lessons from Botnets

Authors : Wei Peng, Feng Li, Xukai Zou

Published in: High Performance Cloud Auditing and Applications

Publisher: Springer New York

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

While providing elasticity to clients through on-demand service and cost-effectiveness to service providers through efficient resource allocation, current cloud infrastructures are largely homogeneously and statically configured for ease of administration. This leaves ample opportunities for attackers to reconnoiter and penetrate the security perimeter of cloud services. This chapter (1) explores the evolution in botnet technologies from the early static architectures to the recent dynamic and resilient architectures that employ various moving target defense (MTD) techniques to circumvent crackdowns, and (2) draws lessons from botnets in identifying cloud security challenges and proposed solutions to MTD for cloud infrastructures, in which the cloud infrastructure configuration constantly evolves to confuse attackers without significantly degrading the quality of service. Proposed solutions may increase the cost for potential attackers by complicating the attack process and limiting the exposure of network vulnerability in order to make the network more resilient against novel and persistent attacks.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter An Overview of Issues and Recent Developments in Cloud Computing and Storage Security

next chapter Secure Mobile Cloud Computing and Security Issues

Abu Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC’06, New York, pp. 41–52. ACM, New York (2006). doi:10.1145/ 1177080.1177086

abuse.ch, ZeuS gets more sophisticated using P2P techniques. http://goo.gl/ugThA (2011)

Antonakakis, M., Demar, J., Elisan, C., Jerrim, J.: damballa.com, DGAs and cyber-criminals: a case study. http://goo.gl/yDG2C (2012)

Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of dga-based malware. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security’12, Bellevue, pp. 24–24. USENIX Association, Berkeley (2012)

Aviv, A.J., Haeberlen, A.: Challenges in experimenting with botnet detection systems. In: Proceedings of the 4th Conference on Cyber Security Experimentation and Test, CSET’11, San Francisco, pp. 6–6. USENIX Association, Berkeley (2011)

Baset, S.A., Schulzrinne, H.: An analysis of the skype peer-to-peer internet telephony protocol. In: Proceedings the 25th IEEE International Conference on Computer Communications, INFOCOM’06, Barcelona, pp. 134–146. IEEE, Washington, DC (2006).doi:10.1109/INFOCOM.2006.312

Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Inf. Syst. Secur. 14(1), 2:1–2:28 (2011). doi:10.1145/1952982.1952984

Bayoglu, B., Sogukpinar, I.: Polymorphic worm detection using token-pair signatures. In: Proceedings of the 4th International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, SecPerU’08, Sorrento, pp. 7–12. ACM, New York (2008). doi:10.1145/ 1387329.1387331

Beitollahi, H., Deconinck, G.: Review: analyzing well-known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012). doi:10.1016/j.comcom.2012.04.008CrossRef

10.

Bhattacharya, J., Vashistha, S.: Utility computing-based framework for e-governance. In: Proceedings of the 2nd International Conference on Theory and Practice of Electronic Governance, ICEGOV’08, Cairo, pp. 303–309. ACM, New York (2008). doi:10.1145/1509096.1509160

11.

Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the Zeus botnet crimeware toolkit. In: Proceedings of 8th Annual International Conference on Privacy Security and Trust, PST’10, Ottawa (2010). doi:10.1109/PST. 2010.5593240

12.

Boshmaf, Y., Muslukhov, I., Beznosov, K., Ripeanu, M.: The socialbot network: when bots socialize for fame and money. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC’11, Orlando, pp. 93–102. ACM, New York (2011). doi:10.1145/2076732. 2076746

13.

Boyd, S., Keromytis, A.: SQLrand: preventing SQL injection attacks. In: Proceedings of the 2nd Applied Cryptography and Network Security, ACNS’04, Yellow Mountain, pp. 292–302 (2004)

14.

businesswire.com, Amazon Web Services launches “Elastic IPs” – static IPs for dynamic cloud computing

15.

Caracas, A., Altmann, J.: A pricing information service for grid computing. In: Proceedings of the 8th ACM/IFIP/USENIX International Middleware Conference: 5th International Workshop on Middleware for Grid Computing, MGC’07, Newport Beach, pp. 4:1–4:6. ACM, New York (2007). doi:10.1145/1376849.1376853

16.

Cepe, J.: trendmicro.com, The plot thickens for ZeuS-LICAT. http://goo.gl/roa3j (2010)

17.

Cheng, Y., Agrawal, D.: An improved key distribution mechanism for large-scale hierarchical wireless sensor networks. Ad Hoc Netw. 5(1), 35–48 (2007)CrossRef

18.

Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: Proceedings of the 7th IEEE International Conference on Computer and Information Technology, CIT’07, Fukushima, University of Aizu, pp. 715–720. IEEE Computer Society, Washington, DC (2007)

19.

Comazzetto, A.: sophos.com, Botnets: the dark side of cloud computing. http://goo.gl/AOaoB

20.

computerweekly.com, Reports of Gumblar’s death greatly exaggerated. http://goo.gl/n41HQ (2009)

21.

confickerworkinggroup.org, Conficker Working Group: lessons learned. http://goo.gl/bfsPZ (2011)

22.

Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: Proceedings of the 19th International Conference on World Wide Web, WWW’10, Raleigh, pp. 281–290. ACM, New York (2010). doi:10.1145/ 1772690.1772720

23.

Dagon, D., Zou, C., Lee, W.: Modeling botnet propagation using time zones. In: Proceedings of the 13th Network and Distributed System Security, NDSS’06, San Diego. USENIX Association, Berkeley (2006)

24.

Dainotti, A., King, A., Claffy, K., Papale, F., Pescapè, A.: Analysis of a “/0” stealth scan from a botnet. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, Boston, pp. 1–14. ACM, New York (2012). doi:10.1145/2398776.2398778

25.

damballa.com, ZeuS gets more sophisticated using P2P techniques. http://goo.gl/MseB7 (2011)

26.

damballa.com, DGAs in the hands of cyber-criminals. http://goo.gl/MseB7 (2012)

27.

Danchev, D.: zdnet.com, Facebook phishing campaign serving Zeus crimeware. http://goo.gl/dn4cb (2010)

28.

Davis, C., Fernandez, J., Neville, S., McHugh, J.: Sybil attacks as a mitigation strategy against the storm botnet. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software, MALWARE’08, Fairfax. IEEE Computer Society, Washington, DC (2008). doi:10.1109/MALWARE.2008.4690855

29.

De Couto, D.S.J., Aguayo, D., Bicket, J., Morris, R.: A high-throughput path metric for multi-hop wireless routing. Wirel. Netw. 11(4), 419–434 (2005). doi:10.1007/s11276-005-1766-zCrossRef

30.

dhs.gov, U.S. Homeland Security Cyber Security R&D Center: Moving Target Defense (MTD) program. http://goo.gl/XuIUx (2012)

31.

Dittrich, D., Dietrich, S.: P2P as botnet command and control: a deeper insight. In: Proceedings of the 3rd International Conference On Malicious and Unwanted Software, MALWARE’08, Fairfax, pp. 46–63. IEEE, Piscataway (2008)

32.

Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. 8(4), 35:1–35:21 (2012). doi:10.1145/2086696.2086714

33.

Dong, Y., Chen, Y., Pan, Z., Dai, J., Jiang, Y.: ReNIC: architectural extension to SR-IOV I/O virtualization for efficient replication. ACM Trans. Archit. Code Optim. 8(4), 40:1–40:22 (2012). doi:10.1145/ 2086696.2086719

34.

Falliere, N.: symantec.com, Sality: story of a peer-to-peer viral network. http://goo.gl/kCfm5 (2011)

35.

fbi.gov, Operation: bot roast. http://goo.gl/FnHZK (2007)

36.

Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Proceedings of the 3rd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE’09, Athens, pp. 268–273. IEEE Computer Society, Washington, DC (2009). doi:10.1109/SECURWARE.2009.48

37.

Ferguson, R.: trendmicro.eu, The history of the botnet—Part I. http://goo.gl/nfDHl (2010)

38.

Francia, R.: blorge.com, Storm worm network shrinks to about one-tenth of its former size. http://goo.gl/Jw8j7 (2007)

39.

Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., Zhao, B.Y.: Detecting and characterizing social spam campaigns. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC’10, Melbourne, pp. 35–47. ACM, New York (2010). doi:10.1145/1879141.1879147

40.

Gaudin, S.: informationweek.com, Storm worm botnet attacks anti-spam firms. http://goo.gl/0PtVa (2007)

41.

Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B., Dagon, D.: Peer-to-peer botnets: overview and case study. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets, HotBots’07, Cambridge, pp. 1–1. USENIX Association, Berkeley (2007)

42.

Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium, SS’08, San Jose, pp. 139–154. USENIX Association, Berkeley (2008)

43.

Gutmann, P.: The commercial malware industry. In: Proceedings of the 2007 DEFCON Conference, DEFCON’07, Las Vegas (2007)

44.

Hachem, N., Mustapha, Y.B., Granadillo, G.G., Debar, H.: Botnets: lifecycle and taxonomy. In: Proceedings of the 2011 Conference on Network and Information Systems Security, SAR-SSI’11, La Rochelle, pp. 1–8. IEEE Computer Society, Washington, DC (2011). doi:10.1109/ SAR-SSI.2011.5931395

45.

Higgins, K.J.: darkreading.com, New fast-flux botnet unmasked. http://goo.gl/5CpCu (2011)

46.

Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET’08, San Francisco, pp. 9:1–9:9. USENIX Association, Berkeley (2008)

47.

honeynet.org, Honeywall. http://goo.gl/TU4vi

48.

Howard, A., Hu, Y.: An approach for detecting malicious keyloggers. In: Proceedings of the 2012 Information Security Curriculum Development Conference, InfoSecCD’12, Kennesaw, pp. 53–56. ACM, New York (2012). doi:10.1145/2390317.2390326

49.

Huang, S.Y., Mao, C.H., Lee, H.M.: Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 101–111. ACM, New York (2010). doi:10.1145/1755688.1755702

50.

Huebscher, M.C., McCann, J.A.: A survey of autonomic computing: degrees, models, and applications. ACM Comput. Surv. 40(3), 7:1–7:28 (2008). doi:10.1145/1380584.1380585

51.

hyphenet.com, Fake Verizon Wireless bill notification emails lead to malware. http://goo.gl/PrkaX (2012)

52.

Jabrooth, A.U., Parvathavarthini, B.: Polymorphic worms detection using extended PolyTree. In: Proceedings of the 2nd International Conference on Computational Science, Engineering and Information Technology, CCSEIT’12, Coimbatore, pp. 532–538. ACM, New York (2012). doi:10.1145/2393216.2393305

53.

Jackson, D.: secureworks.com, Untorpig. http://goo.gl/RCfvl (2008)

54.

Jain, P., Sardana, A.: Defending against internet worms using honeyfarm. In: Proceedings of the CUBE International Information Technology Conference, CUBE’12, Pune, pp. 795–800. ACM, New York (2012). doi:10.1145/2381716.2381867

55.

Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54. Springer, New York (2011). doi:10.1007/978-1-4614-0977-9

56.

Jajodia, S., Ghosh, A.K., Subrahmanian, V.S., Swarup, V., Wang, C., Wang, X.S. (eds.): Moving Target Defense II: Application of Game Theory and Adversarial Modeling. Advances in Information Security, vol. 100. Springer, New York (2012)

57.

Kang, B.B., Chan-Tin, E., Lee, C.P., Tyra, J., Kang, H.J., Nunnery, C., Wadler, Z., Sinclair, G., Hopper, N., Dagon, D., Kim, Y.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS’09, Sydney, pp. 23–34. ACM, New York (2009). doi:10.1145/1533057.1533064

58.

Katz, J., Shin, J.S.: Modeling insider attacks on group key-exchange protocols. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS’05, Alexandria, pp. 180–189. ACM, New York (2005). doi:10.1145/1102120.1102146

59.

Kephart, J.O.: Autonomic computing: the first decade. In: Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC’11, Huddersfield, pp. 1–2. ACM, New York (2011). doi:10.1145/ 1998582.1998584

60.

Lee, S., Kim, J.: Fluxing botnet command and control channels with URL shortening services. Comput. Commun. 36(3), 320–332 (2013). doi:10.1016/j.comcom.2012.10.003CrossRef

61.

Lemos, R.: eweek.com, ‘Gameover’ financial botnet compromises nearly 700,000 victims. http://goo.gl/izm6t (2012)

62.

Li, Z., Mohapatra, P.: QoS-aware multicasting in DiffServ domains. Comput. Commun. Rev. 34(5), 47–57 (2004). doi:10.1145/1039111. 1039112CrossRef

63.

Li, Z., Goyal, A., Chen, Y., Paxson, V.: Automating analysis of large-scale botnet probing events. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS’09, Sydney, pp. 11–22. ACM, New York (2009). doi:10.1145/1533057.1533063

64.

Liang, Z., Sekar, R.: Fast and automated generation of attack signatures: a basis for building self-protecting servers. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, CCS’05, Alexandria, pp. 213–222. ACM, New York (2005). doi:10.1145/ 1102120.1102150

65.

Liu, P., Yang, Z., Song, X., Zhou, Y., Chen, H., Zang, B.: Heterogeneous live migration of virtual machines. In: Proceedings of the International Workshop on Virtualization Technology (IWVT), Beijing (2008)

66.

Liu, C., Lu, W., Zhang, Z., Liao, P., Cui, X.: A recoverable hybrid C&C botnet. In: Proceedings of the 6th International Conference on Malicious and Unwanted Software, MALWARE’11, Fajardo, pp. 110–118. IEEE Computer Society, Washington, DC (2011). doi:10.1109/MALWARE. 2011.6112334

67.

Maggio, M., Hoffmann, H., Santambrogio, M.D., Agarwal, A., Leva, A.: Decision making in autonomic computing systems: comparison of approaches and techniques. In: Proceedings of the 8th ACM International Conference on Autonomic Computing, ICAC’11, Karlsruhe, pp. 201–204. ACM, New York (2011). doi:10.1145/1998582. 1998629

68.

Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance. O’Reilly Media, Sebastopol (2009)

69.

Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system/ based on the xor metric. In: Proceedings of the 1st International Workshop on Peer-to-Peer Systems, Cambridge, pp. 53–65 (2002)

70.

mcafee.com, W32/Akbot. http://goo.gl/cbrRC (2006)

71.

McCarty, B.: Botnets: big and bigger. IEEE Secur. Privacy 1(4), 87–90 (2003). doi:10.1109/MSECP.2003.1219079CrossRef

72.

Mendonça, L., Santos, H.: Botnets: a heuristic-based detection framework. In: Proceedings of the Fifth International Conference on Security of Information and Networks, SIN’12, Jaipur, pp. 33–40. ACM, New York (2012). doi:10.1145/2388576.2388580

73.

Mercuri, R.T.: Scoping identity theft. Commun. ACM 49(5), 17–21 (2006). doi:10.1145/1125944.1125961CrossRef

74.

microsoft.com, Microsoft Security Bulletin MS04-011. http://goo.gl/DP4QB (2004)

75.

microsoft.com, How Does Botnets Work? http://goo.gl/UYGQ1 (2009)

76.

Misra, R., Mandal, C.: Rotation of cds via connected domatic partition in Ad Hoc sensor networks. IEEE Trans. Mob. Comput. 8(4), 488–499 (2009). doi:10.1109/TMC.2008.128CrossRef

77.

Moscaritolo, A.: scmagazine.com, Zeus spreading through drive-by download. http://goo.gl/KJ4y8 (2009)

78.

Mrozek, T.: justice.gov, Wyoming man charged with infecting thousands of computers with ‘trojan’ that he used to commit fraud. http://goo.gl/G6wtW (2008)

79.

Mushtaq, A.: fireeye.com, Killing the beast – part 5. http://goo.gl/mtDH7 (2012)

80.

Nazario, J.: arbornetworks.com, Nugache: TCP port 8 bot. http://goo.gl/FqF6D (2006)

81.

Nunnery, C., Sinclair, G., Kang, B.B.: Tumbling down the rabbit hole: exploring the idiosyncrasies of botmaster systems in a multi-tier botnet infrastructure. In: Proceedings of the 3rd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET’10, San Jose, pp. 1–1. USENIX Association, Berkeley (2010)

82.

Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of the 2008 Blackhat Conference, BLACKHAT’08, Las Vegas (2008)

83.

Palmieri, F., Fiore, U.: Enhanced security strategies for MPLS signaling. J. Netw. 2(5), 1–13 (2007). doi:10.4304/jnw.2.5.1-13

84.

Pang, W.L., Chieng, D., Ahmad, N.N.: A practical layer 3 admission control and adaptive scheduling (l3-acas) for cots wlans. Wirel. Pers. Commun. 63(3), 655–674 (2012). doi:10.1007/s11277-010-0157-7CrossRef

85.

Park, Y., Reeves, D.S.: Identification of bot commands by run-time execution monitoring. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC’09, Honolulu, pp. 321–330. IEEE Computer Society, Washington, DC (2009). doi:10.1109/ACSAC. 2009.37

86.

Pathak, A., Qian, F., Hu, Y.C., Mao, Z.M., Ranjan, S.: Botnet spam campaigns can be long lasting: evidence, implications, and analysis. In: Proceedings of the 11th International Joint Conference on Measurement and Modeling of Computer Systems, SIGMETRICS’09, Seattle, pp.13–24. ACM, New York (2009). doi:10.1145/1555349. 1555352

87.

Paul, R.: arstechnica.com, Researchers track Ron Paul spam back to Reactor botnet. http://goo.gl/Qgk5Q (2007)

88.

Pitsillidis, A., Kanich, C., Voelker, G.M., Levchenko, K., Savage, S.: Taster’s choice: a comparative analysis of spam feeds. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC’12, Boston, pp. 427–440. ACM, New York (2012). doi:10.1145/ 2398776.2398821

89.

Porras, P., Saïdi, H., Yegneswaran, V.: A foray into Conficker’s logic and rendezvous points. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, LEET’09, Boston, pp. 7–7. USENIX Association, Berkeley (2009)

90.

Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley, Boston (2007)

91.

Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iFRAMEs point to us. In: Proceedings of the 17th Conference on Security Symposium, SS’08, San Jose, pp. 1–15. USENIX Association, Berkeley (2008)

92.

Provos, N., Rajab, M.A., Mavrommatis, P.: Cybercrime 2.0: when the cloud turns dark. Queue 7(2), 46–47 (2009). doi:10.1145/1515964. 1517412

93.

Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In: Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets, HotBots’07, Cambridge, pp. 5–5. USENIX Association, Berkeley (2007)

94.

Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. ACM SIGCOMM Comput. Commun. Rev. 36(4), 291–302 (2006). doi:10.1145/1151659.1159947CrossRef

95.

Rekhter, Y., Karrenberg, D., Groot, G., Moskowitz, B.: ietf.org, RFC 1918: address allocation for private internets. http://goo.gl/qTuQN (1996)

96.

Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 199–212. ACM, New York (2009). doi:10.1145/1653662.1653687

97.

Rouiller, S.: askapache.com, Virtual LAN security: weaknesses and countermeasures. http://goo.gl/wrCZf (2006)

98.

Sanchez, F., Duan, Z.: Region-based BGP announcement filtering for improved BGP security. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 89–100. ACM, New York (2010). doi:10.1145/1755688. 1755701

99.

Schneider, D.: Fresh phish. IEEE Spectr. 45(10), 34–38 (2008). doi:10. 1109/MSPEC.2008.4635052

100.

securelist.com,TDL4: top bot. http://goo.gl/23BaA (2011)

101.

Sheldon, F.T., Vishik, C.: Moving toward trustworthy systems: R&d essentials. Computer 43(9), 31–40 (2010). doi:10.1109/MC.2010.261CrossRef

102.

Sinclair, G., Nunnery, C., Kang, B.: The Waledac protocol: the how and why. In: Proceedings of the 4th International Conference on Malicious and Unwanted Software, MALWARE’09, Montreal, pp. 69–77. IEEE Computer Society, Washington, DC (2009). doi:10.1109/MALWARE. 2009.5403015

103.

Song, C., Zhuge, J., Han, X., Ye, Z.: Preventing drive-by download via inter-module communication monitoring. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, pp. 124–134. ACM, New York (2010). doi:10.1145/1755688.1755705

104.

Srinivasan, K., Yuuw, S., Adelmeyer, T.J.: Dynamic VM migration: assessing its risks & rewards using a benchmark. ACM SIGSOFT Softw. Eng. Notes 36(5), 317–322 (2011). doi:10.1145/1958746.1958791CrossRef

105.

Srivatsa, M., Iyengar, A., Yin, J., Liu, L.: Mitigating application-level denial of service attacks on web servers: a client-transparent approach. ACM Trans. Web 2(3), 15:1–15:49 (2008). doi:10.1145/1377488.1377489

106.

Stone, B.: nytimes.com, Pakistan cuts access to YouTube worldwide. http://goo.gl/qG0Hn (2008)

107.

Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS’09, Chicago, pp. 635–647. ACM, New York (2009). doi:10.1145/1653662. 1653738

108.

Stone-Gross, B., Holz, T., Stringhini, G., Vigna, G.: The underground economy of spam: a botmaster’s perspective of coordinating large-scale spam campaigns. In: Proceedings of the 4th USENIX Conference on Large-Scale Exploits and Emergent Threats, LEET’11, Boston, pp. 4–4. USENIX Association, Berkeley (2011)

109.

Stover, S., Dittrich, D., Hernandez, J., Dietrich, S.: Analysis of the storm and nugache trojans: P2p is here. Login Issue 32(6), 18–27 (2007)

110.

symantec.com, W32.Stration. http://goo.gl/RZl3e (2007)

111.

symantec.com, Trojan.Srizbi. http://goo.gl/nOExB (2007)

112.

symantec.com, Gumblar. http://goo.gl/GV3m0 (2009)

113.

symantec.com, Backdoor.Tidserv. http://goo.gl/Z4B1Z (2012)

114.

Thonnard, O., Dacier, M.: A strategic analysis of spam botnets operations. In: Proceedings of the 8th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, CEAS’11, Perth, pp. 162–171. ACM, New York (2011). doi:10.1145/2030376.2030395

115.

Tung, L.: zdnet.co.uk, Storm worm: more powerful than Blue Gene. http://goo.gl/4zNr9 (2007)

116.

Van Gundy, M., Balzarotti, D., Vigna, G.: Catch me, if you can: evading network signatures with web-based polymorphic worms. In: Proceedings of the 1st USENIX Workshop on Offensive Technologies, WOOT’07, Boston, pp. 7:1–7:9. USENIX Association, Berkeley (2007)

117.

Vijayan, J.: computerworld.com, U.K. Web hoster, customers scramble after attack deletes 100,000 sites. http://goo.gl/fMfye (2009)

118.

Wählisch, M., Maennel, O., Schmidt, T.C.: Towards detecting bgp route hijacking using the rpki. In: Proceedings of the 2012 ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM’12, Helsinki, pp. 103–104. ACM, New York (2012). doi:10.1145/2342356.2342381

119.

Wang, L., Li, Z., Chen, Y., Fu, Z., Li, X.: Thwarting zero-day polymorphic worms with network-level length-based signature generation. IEEE/ACM Trans. Netw. 18(1), 53–66 (2010). doi:10.1109/ TNET.2009.2020431CrossRef

120.

Wang, P., Aslam, B., Zou, C.C.: Peer-to-peer botnets, Chap. 18. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security, pp. 335–350. Springer, Heidelberg (2010)CrossRef

121.

Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113–127 (2010). doi:10.1109/TDSC.2008.35CrossRef

122.

Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. SIGCOMM Comput. Commun. Rev. 38(4), 171–182 (2008). doi:10.1145/1402946.1402979CrossRef

123.

Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC’10, Melbourne, pp. 48–61. ACM, New York (2010). doi:10.1145/ 1879141.1879148

124.

Yan, G., Chen, G., Eidenbenz, S., Li, N.: Malware propagation in online social networks: nature, dynamics, and defense implications. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS’11, Hong Kong, pp. 196–206. ACM, New York (2011). doi:10.1145/1966913.1966939

125.

Yang, S., Wu, J.: Efficient broadcasting using network coding and directional antennas in MANETs. IEEE Trans. Parallel Distrib. Syst. 21(2), 148–161 (2010). doi:10.1109/TPDS.2009.44CrossRef

126.

Ye, K., Jiang, X., Ma, R., Yan, F.: Vc-migration: live migration of virtual clusters in the cloud. In: Proceedings of the 2012 ACM/IEEE 13th International Conference on Grid Computing, GRID’12, Beijing, pp. 209–218. IEEE Computer Society, Washington, DC (2012). doi:10. 1109/Grid.2012.27

127.

Yu, J., Wang, N., Wang, G., Yu, D.: Review: connected dominating sets in wireless ad hoc and sensor networks – a comprehensive survey. Comput. Commun. 36(2), 121–134 (2013). doi:10.1016/j.comcom.2012. 10.005CrossRef

128.

Zhang, Z., Zhang, Y., Hu, Y.C., Mao, Z.M.: Practical defenses against BGP prefix hijacking. In: Proceedings of the 2007 ACM CoNEXT Conference, CoNEXT’07, New York, pp. 3:1–3:12. ACM, New York (2007). doi:10.1145/1364654.1364658

129.

Zhang, L., Yu, S., Wu, D., Watters, P.: A survey on latest botnet attack and defense. In: Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TRUSTCOM’11, Changsha, pp. 53–60. IEEE Computer Society, Washington, DC (2011). doi:10.1109/TrustCom.2011.11

130.

Zhang, Z., Lu, B., Liao, P., Liu, C., Cui, X.: A hierarchical hybrid structure for botnet control and command. In: Proceedings of the 2011 IEEE International Conference on Computer Science and Automation Engineering, CSAE’11, Shanghai, pp. 483–489. IEEE Computer Society Press, Washington, DC (2011). doi:10.1109/CSAE.2011.5953266

131.

Zhang, R., Huang, S., Qi, Z., Guan, H.: Static program analysis assisted dynamic taint tracking for software vulnerability discovery. Comput. Math. Appl. 63(2), 469–480 (2012). doi:10.1016/j.camwa.2011.08.001CrossRef

132.

Zhu, Z., Lu, G., Chen, Y., Fu, Z.J., Roberts, P., Han, K.: Botnet research survey. In: Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference, COMPSAC’08, Turku, pp. 967–972. IEEE Computer Society, Washington, DC (2008). doi:10.1109/COMPSAC.2008.205

133.

Zhuge, J., Holz, T., Han, X., Guo, J., Zou, W.: Characterizing the IRC-based botnet phenomenon. Technical report, Universität Mannheim/Institut für Informatik (2007)

Title: Moving Target Defense for Cloud Infrastructures: Lessons from Botnets
Authors: Wei Peng
Feng Li
Xukai Zou
Publisher: Springer New York
Book: High Performance Cloud Auditing and Applications
Print ISBN: 978-1-4614-3295-1

Electronic ISBN: 978-1-4614-3296-8

Copyright Year: 2014
DOI: https://doi.org/10.1007/978-1-4614-3296-8_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner