A PROJECT REPORT

ON
A Study of Cloud Computing and its Security
submitted in partial fulfillment of the requirements
for the aard of the degree of
!aster of Technology
in
Computer Science " Engineering
by
#i$e% Arya
Enroll& No& '()((*'+*('
,nder the Super$ision of
-!r& !unish .umar/
Centre for 0e$elopment of Ad$anced Computing1 Noida
Affiliated to
2uru2obindSingh3ndraprastha,ni$ersity
0ar%a1 Sector (4C1 Ne 0elhi
1
CAN030ATE5S 0EC6ARAT3ON
I hereby declare that the work presented in this dissertation entitled 7A Study of Cloud
Computing and its Security8, in partial fulfillment of the requirement for the award of the degree of Master
of Technology in Computer Science & Engineering. submitted to !uru !obind Singh Indraprastha
"ni#ersity $elhi is an authentic record of my own work carried out during the period from %&/01/2011 to
'(/01/2011 under the guidance of )Munish *umar +ro,ect !uide- C$.C /0I$..
The work reported in this dissertation has not been submitted by me for award of any other degree or
diploma.
$ate 1
+lace1 /oida 2i#ek .rya
Enroll./o1 ('3''4(54'(
2
CERT393CATE
This is to certify that the dissertation report )IT6789%- entitled :. Study of Cloud Computing and its
Security; done by Mr. 2i#ek .rya Enrollment /o ('3''4(54'( is an authentic work carried out by him at
C$.C /oida under my guidance. The matter embodied in this pro,ect work has not been submitted earlier
for the award of any degree or diploma to the best of my knowledge and belief.
$ate 1 <<<<<<<<<<<<<<<<<<
) -
)Munish *umar-
3
AC.NO:6E02E!ENT
I e=press my sincere gratitude to !r& !unish .umar for his inspiring guidance support
constructi#e criticisms and constant encouragement throughout the pro,ect duration. >ithout his guidance
& support it would not ha#e been possible to complete the pro,ect report. I take this opportunity to e=press
my profound sense of gratitude and respect to all those who helped me throughout the making this pro,ect
report. ?inally I would like to e=tend my profound thanks to all my esteemed friends.
0ate ;<
2i#ek .rya
)('3''4(54'(-
M7Tech CSE )%ndSem-
#i#ekarya'9@gmail.com
4
A=STRACT
Cloud Computing a rapidly de#eloping information technology has aroused the concern of the whole
world. Cloud computing is Internet7based computing whereby shared resources software and information
are pro#ided to computers and de#ices on demand. Cloud computing is the product of the fusion of
traditional computing technology and network technology like grid computing distributed computing
parallel computing and so on. It aims to construct a perfect system with powerful computing capability
through a large number of relati#ely low7cost computing entity and using the ad#anced business models
like SaaS )Software .s . Ser#ice- +aaS )+latform .s . Ser#ice- IaaS )Infrastructure .s . Ser#ice- to
distribute the powerful computing capacity to end users.
$espite all the hype surrounding the cloud enterprise customers are still reluctant to deploy their
business in the cloud. Security is one of the ma,or issues which reduces the growth of cloud computing and
complications with data pri#acy and data protection continue to plague the market. Most of the security and
pri#acy issues in cloud computing are caused by users lack of control o#er the physical infrastructure.
Many Cloud Ser#ice +ro#iders )CS+- offer access to scalable reliable computing resources following a
pay7as7you7go model. 6esearch into the security of the Cloud focuses mainly on protecting legitimate users
of Cloud Ser#ices from attacks by e=ternal malicious users. Aittle attention is being gi#en to prohibit
malicious users from using the Cloud to launch attacks such as those currently done by botnets. These
attacks include launching a $$oS attack sending spam and perpetrating click fraud.
>ithin this report we discuss1
Cloud $eployment Models and the comple=ity of security in the cloud en#ironment.
. study of botnets and the current de#elopment of Cloud7based botnets or botclouds.
5
TA=6E O9 CONTENTS
CandidateBs $eclaration.............................................................................................................................. %
Certificate ........................................................................................................................................ 9
.cknowledgement...................................................................................................................................... 5
.bstract ........................................................................................................................................ C
Aist of ?igures ........................................................................................................................................ 4
Chapter (&3ntroduction&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& )
'.' Cloud Computing............................................................................................................ 3
'.% Cloud .rchitecture.......................................................................................................... '(
'.9 Cloud Ser#ice Models.................................................................................................... '(
'.5. Cloud $eployment Models............................................................................................. ''
'.C. . Comparison between Traditional In7Douse Computing !rid and Cloud computing. . . '%
Chapter >& Security 3ssues and Challenges&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& (+
%.' Security Issues in Ser#ice Models.................................................................................. '5
%.% Security Issues in Software as a Ser#ice....................................................................... '5
%.9 Security Issues in +latform as a Ser#ice........................................................................ 'C
%.5 Security Issues in Infrastructure as a Ser#ice................................................................ 'C
Chapter ?& A Study of =otnets and their Threats to 3nternet Community&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& (4
9.' Eots and Eot/ets................................................................................................................... '8
9.%C&C Infrastructure................................................................................................................... '&
9.9Eot/et Creation....................................................................................................................... '4
9.5 Security Threats from Eot/et................................................................................................. '3
Chapter +& =otClouds ; Cloud =ased =otnets &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& >(
5.'.Cloud 2iew............................................................................................................................. %'
5.%. Eot Clouds............................................................................................................................. %'
5.9.Eot Cloud .ttacks................................................................................................................... %%
6
5.5. Eot Cloud $etection Techniques........................................................................................... %%
Proposed :or%&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& >?
References &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& >+
7
63ST O9 932,RES
Page
No&
9igure ( Cloud Computing .rchitecture '(
9igure > $eployment Models ''
9igure ? . Centralised Eotnet .rchitecture '&
9igure + +eer To +eer Eotnet .rchitecture '4
9igure @ Aife Cycle of a Typical Eotnet Infection '3
8
Chapter (
3NTRO0,CT3ON
(&( Cloud Computing
The /IST )/ational Institute of Standards and Technolgy- definition of cloud computing states that1
Cloud Computing is a model for enabling ubiquitous con#enient on7demand network access to a
shared pool of configurable computing resources )e.g. networks ser#ers storage applications and
ser#ices- that can be rapidly pro#isioned and released with minimal management effort or ser#ice
pro#ider interaction. This cloud model promotes a#ailability and is composed of fi#e essential
characteristics three ser#ice models and four deployment models.
Essential Characteristics;
On-Demand Self-Service: . consumer can unilaterally pro#ision computing capabilities
such as ser#er time and network storage as needed automatically without requiring
human interaction with each ser#iceBs pro#ider.
Broad Network Access : Capabilities are a#ailable o#er the networks and accessed
through mechanisms that promote use by heterogenous thin or thick client platforms
)e.g. mobile phones laptops and +$.s-.
Resource oolin! : The pro#iderBs computing resources are pooled to ser#e multiple
consumers using a multi7tenant model with different physical and #irtual resources
dynamically assigned and reassigned according to consumer demand. There is a
sense of location independence in that the customer generally has no control or
knowledge o#er the e=act location of the pro#ided resources but may be able to specify
location at a higher le#el of abstraction )e.g. country state or datacenter-. E=amples of
resources include storage processing memory network bandwidth and #irtual
machines.
Ra"id #lasticit$: Capabilities can be rapidly and elastically pro#isioned in some cases
automatically to quickly scale out and rapidly released to quickly scale in. To the
consumer the capabilities a#ailable for pro#isioning often appear to be unlimited and
can be purchased in any quantity at any time.
9
%easured Service: Cloud Systems automatically control and optimiFe resource use by
le#eraging a metering capability at some le#el of abstraction appropriate to the type of
ser#ice)e.g. storage processing bandwidth and acti#e user accounts-. 6esource
usage can be monitored controlled and reported pro#iding transparency for both the
pro#ider and consumer utiliFed ser#ice.
(&> Cloud Architecture
Cloud .rchitecture the systems architecture of the software systems in#ol#ed in the deli#ery of cloud
computing typically in#ol#es multiple cloud components communicating with each other o#er
application programming interfaces usually web ser#ices.
9ig (& Cloud Computing Architecture
(&? Cloud Ser$ice !odels
The ser#ice models categoriFe #endors and the ser#ices pro#ided according to Cloud Computing
.rchitecture types. These cloud models form the core of the cloud and they e=hibit characteristics
depicted in the abo#e layer. There are precisely three defined ser#ice models for the cloud platform.
&loud Software as a Service 'SaaS( :The capability pro#ided to the consumer is to use the
pro#iderBs application running on cloud infrastructure. The applications are accessible from
10
#arious client de#ices through a thin client interface such as a web browser )e.g. web
based email-. The consumer does not manage or control the underlying cloud
infrastructure including network ser#ers operating systems storage or e#en indi#idual
application capabilities with the possible e=ception of limited user7specific application
configuration settings.
&loud latform as a Service 'aaS( :The capability pro#ided to the consumer is to deploy
onto the cloud infrastructure consumer created or acquired applications created using
programming languages and tools supported by the pro#ider. The consumer does not
manage or control the underlying cloud infrastructure including network ser#ers operating
systems or storage but has control o#er the deployed applications and possibly
application hosting en#ironment configurations.
&loud )nfrastructure as a Service ')aaS(: The capability pro#ided to the consumer is to
pro#ision processing storage networks and other fundamental computing resources
where the consumer is able to deploy and run arbitrary software which can include
operating systems and applications. The consumer does not manage or control the
underlying cloud infrastructure but has control o#er operating systems storage deployed
applications and possibly limited control of select networking components)e.g. host
firewalls-.
(&+ Cloud 0eployment !odels
?our types of deployment models e=ist for a cloud computing platform.
9ig >& 0eployment !odels
11
rivate &loud :The cloud infrastructure is operated solely for an organiFation. It may be
managed by the organiFation or a third party and may e=ist on premise or off premise.
&ommunit$ &loud:The cloud infrastructure is shared by se#eral organiFations and supports
a specific community that has shared concerns )e.g. mission security requirements
policy and compliance considerations-. It may be managed by the organiFations or a third
party and may e=ist on premise or off premise.
u*lic &loud :The cloud infrastructure is made a#ailable to the general public or a large
industry group and is owned by an organiFation selling cloud ser#ices.
+$*rid &loud :The cloud infrastructure is a composition of two or more clouds )pri#ate
community or public- that remain unique entities but are bound together by standardiFed
or proprietary technology that enables data and applications portability )e.g cloud bursting
for load balancing between clouds-.
(&@ A Comparison =eteen Traditional 3n<Aouse Computing1 2rid And Cloud
Computing
)n-+ouse &om"utin!1Traditional In7house computing is the concept of locally housing and
maintaining the resources by the users themsel#es. "ntil the emergence and the recent popularity of
cloud computing in7house computing was the only means of utiliFing resources. ?or e=ample a
company who takes the in7house computing approach may buy install and maintain necessary
hardware including the networking components such as ser#ers. .lso they will install necessary
system and application software in each computer. They will usually ha#e dedicated administrators or
IT staff for the maintenance of the whole computing en#ironment
Difference *etween )n-+ouse and &loud &om"utin!,
Cloud computing has many ad#antages o#er in7house computing.
Cloud computing is cheaper compared to in7house computing because there is minimum
initial setup fees.
Maintenance costs for in7house computing facilities can increase o#er its lifetime
compared to the fi=ed costs of cloud computing ser#ices.
Cloud computing facilities are highly scalable compared to in7house.
It is #ery difficult and costly to maintain a supporting crew for the in7house computing
facilities cloud computing facilities always include the support of a set of systems
applications and database e=perts.
12
It is easier to support a geographically dispersed and mobile workforce with clouds
compared to in7house computing.
.midst all these ad#antages of using cloud computing one reason of concern is its
security. Cloud computing security is still an ongoing research area and cloud security
and cloud access security ha#e become highly acti#e areas of discussion recently.
-rid &om"utin!1 Sharing of tasks o#er number of computers is known as !rid computing. The
tasks can simply be data storage or it can be comple= calculations. The distribution of tasks can be
o#er large distances. The computers in a grid can act as a part of grid while they are not in use. In
order to complete pro,ects the grid search for unutiliFed cycles on different computers to access them.
0ne of the popular grid computing pro,ects is SETI@home. There are many organiFations that rely on
different #olunteers who offer their computers to be added on the grid.. #irtual supercomputer is
created after these computers are ,oined together. The principles of grid computing pro#ide the way
for modern supercomputers with many small computers attached to each other to form a
supercomputer.
Difference *etween -rid &om"utin! and &loud &om"utin!
Cloud computing in#ol#es the use of ser#ices on the internet rather than local computers
while grid computing in#ol#es sharing of tasks o#er multiple computers.
6esources of multiple computers are shared in grid computing which greatly helps in
impro#ing the fle=ibility and power of the network whereas this not the case with cloud
computing.
.pplications like spreadsheets presentations email and word processors are part of
cloud computing whereas in grid computing data storage or comple= calculations are
done.
13
14
Chapter >
SEC,R3TB 3SS,ES AN0 CAA66EN2ES
>&( Security 3ssues in Ser$ice !odels
Cloud Computing utiliFes three deli#ery models by which different types of ser#ices are deli#ered to
the end user. The three deli#ery models are the SaaS +aaS IaaS which pro#ide infrastructure
resources application platform and software as ser#ices to the consumer. These ser#ice models also
place a different le#el of security requirement in the cloud en#ironment.
IaaS is the foundation of all cloud ser#ices with +aaS built upon it and SaaS in turn built upon it.
Gust as capabilities are inherited so are the information security issues and risks. There are significant
trade7offs to each model in the terms of integrated features comple=ity #s e=tensibility and security.
>&> Security 3ssues in Softare as a Ser$ice
SaaS is a software deployment model where applications are remotely hosted by the application
ser#ice pro#ider and made a#ailable to the customers on demand o#er the Internet. The SaaS model
offers the customers with significant benefits such as impro#ed operational efficiency and reduced
costs. SaaS is rapidly emerging as the dominant deli#ery model for meeting the needs of enterprise IT
ser#ices.
Dowe#er most enterprises are still uncomfortable with the SaaS model due to lack of #isibility about
the way their data is stored and secured. In SaaS the client has to depend on the pro#ider for proper
security measures. The pro#ider must do the work to pre#ent multiple users form seeing each otherBs
data.The different security issues of SaaS are discussed as follows1
Data Securit$: In traditional on7premise application deployment model the sensiti#e data of
each enterprise continues to reside within the enterprise boundary. Dowe#er in SaaS model
the enterprise data is stored outside the enterprise boundary at the SaaS #endor end.
Consequently the SaaS #endor must adopt additional security checks to ensure data
security and pre#ent breaches due to security #ulnerabilities in the application or through
malicious employees.
Network Securit$: In a SaaS deployment model sensiti#e data is obtained from the
enterprises processed by the SaaS application and stored at the SaaS #endor end. .ll data
flow o#er the network needs to be secured in order to pre#ent leakage of sensiti#e
information. This in#ol#es the use of strong network traffic encryption techniques such as
Secure Socket Aayer)SSA- and the Transport Aayer Security)TAS- for security.
15
Data Se!re!ation: Multi7tenancy is one of the ma,or characteristics of cloud computing. .s a
result of multi7tenancy multiple users can store their data using the applications pro#ided by
the SaaS. In such a situation data of #arious users will reside at the same location. Intrusion
of data of one user by the another becomes possible in this en#ironment. This intrusion can
be done by hacking thorugh the loop holes in the application.
.e* A""lication Securit$: $eals with #ulnerabilities in the applications deployed within a
cloud.
/ulnera*ilit$ in /irtuali0ation: 2irtualiFation is one of the main components of the cloud. Eut
this poses a ma,or security risk. Ensuring that different instances running on the same
physical machine are isolated from each other is a ma,or task of #irtualiFation which is not
met completely in todayBs scenario.
>&? Security 3ssues in Platform as a Ser$ice
+latform as a Ser#ice offers an integrated set of de#eloper en#ironment that a de#eloper can
tap to build their applications without ha#ing any clue about what is going underneath the ser#ice. It
offers de#elopers a ser#ice that pro#ides a complete software de#elopment lifecycle management from
planning to design to building applications to deployment to testing the maintenance. E#erything else is
abstracted away from the #iew of the de#elopers. The dark side of +aaS is that these ad#antages itself
can be helpful for a hacker to le#erage the +aaS cloud infrastructure for : malare command and
control8 and to go behind IaaS applications.
>&+ Security 3ssues in 3nfrastructure as a Ser$ice
Iaas has completely changed the way de#elopers deploy their applications. Instead of spending big
with their own data centers or managed hosting companies they can ,ust go to .maFon >eb Ser#ices or
one of the other IaaS pro#iders get a #irtual ser#er running in minutes and pay only for resources they
use. IaaS completely abstracted hardware beneath it and allowed users to consume infrastructure as a
ser#ice without bothering anything about the underlying comple=ities. IaaS pro#ides only limited
security)firewalls etc- and applications mo#ing into the cloud need higher le#els of security. The security
concerns in IaaS are how to protect data in transit and in storage and also how to ensure that the
resources are protected from the ser#ice pro#iders.
16
Chapter ?
A Study of =otnets and Their Threats to 3nternet Community
.mong all media of communications Internet is most #ulnerable to attacks owing to its public nature
and #irtually without centraliFed control.
?&( =ots and =otNets
The term *ot deri#e from :ro7bot; in its generic form is used to describe a script or a set of scripts or a
program designed to perform predefined functions repeatedly and automatically after being triggered
intentionally or through a system infection. .lthough bots originated as a useful feature for carrying out
repetiti#e and time consuming operations but they are being e=ploited for malicious intent. Eots can be
classified according to intent1
Eots that carry out legitimate acti#ities in an automated manner are called bene#olent bots.
Eene#olent bots are used by search engines to spider online website content and by online games
to pro#ide #irtual opponent.
Eots that are meant for malicious intent are called malicious bots.
. defining characteristic of bots is that they connect back to a central ser#er or other infected machines
after successfully compromising the host system thus forming a network. The network is a so called
BotNet. The Eots pro#ide a range of implemented features to a corresponding controlling entity. This entity
is commonly called the *otmasters or *ot1erders who relay commands through this ser#er. . typical
function that bots pro#ide to their masters includes the automated e=traction of a #ictimBs credentials the
organiFed distribution of spam the ability to participate in denial of ser#ice of attacks or the e=tension of
botnets by recruiting new bots.
The most important part of a botnet is the so called :command7and7control: infrastructure. This
infrastructure consists of the bots and a control entity that can be either centraliFed or distributed. The C&C
infrastructure typically ser#es as the only way to control bots within the botnet. The bots are required to
maintain a stable connection within this infrastructure in order to operate efficiently. Therefore the
architecture of the C&C infrastructure determines robustness stability and reaction time.
17
?&> C"C 3nfrastructure
The C&C infrastructure can be distinguished on the basis of the centraliFed and decentraliFed approach.
&entrali0ed &2& Arc1itecture
In a centraliFed C&C infrastructure all bots establish their communication channel with one or a few
single connection points. These are usually command and control ser#ers under the control of a
botmaster. Eecause all bots connect to these ser#ers botmasters are able to communicate with the bots
simultaneously and can issue commands to all the bots that are both online and connected to the botnet.
This offers them low reaction times and a good means of coordination.
9ig ?& A Centralised =otnet Architecture
The idea of botnets originated from the Internet 6elay Chat )I6C- a te=t based chat7system that
organiFes the communication in channels. The I6C protocol still ser#es as an important technology for
botnet command and control and uses a centraliFed communication model. 0ne important property of this
protocol is that the number of potential participants within one such channel is technically not limited. This
allows the collection of many bots in one such channel and the ability to command them in parallel.
. well known standard used throughout the Internet is the DyperTe=t Transfer +rotocol)DTT+-. DTT+ is
the protocol most commonly used for the deli#ery of data o#er the internet. Dttp is a#ailable in nearly e#ery
network connected to the internet and is rarely filtered. This is specially interesting for botnet operators
because it makes the protocol #iable as a command7and7control protocol.
18
Decentrali0ed &2& Arc1itecture
In decentraliFed command7and7control architecture loosely coupled links between the bots enable
communication within the botnet and pro#ide the basis for its orgranisation. . common terms for this class
of botnets is called "eer to "eer *otnets,
9ig +& Peer to Peer =otnet Architecture
The knowledge about participating peers is distributed throughout the botnet itself. Consequently
information about the whole botnet cannot be obtained directly and commands ha#e to be in,ected into one
peer of the botnet. +eer to peer botnets ha#e the ma,or ad#antage that no central ser#er can be attacked to
mitigate them directly.
?&? =otNet Creation
. botnet is a group of infected end7hosts under the command of a botmaster. ?igure C. Illustrates the
#arious stages in a typical botnet life7cycle. Eotnets usually commandeer new #ictims by remotely e=ploiting
a #ulnerability of the software running on the #ictim machine. Eotnets borrow infection strategies from
se#eral classes of malware including self replicating worms e7mail #iruses to run some form of malicious
code on their machines)e.g. by e=ecuting an email attachment-.
19
9ig @& 6ife Cycle of a typical botnet infection
0nce infected the #ictim typically e=ecutes a script )known as shellcode- that fetches the image of the
actual bot binary from a specified location. "pon completion of the download the bot binary installs itself to
the target machine so that it starts automatically each time the #ictim is rebooted. "pon initialiFation each
bot attempts to contact the I6C ser#er address gi#en in the e=ecutable. In many cases this step requires
resol#ing the $/S name of the I6C ser#er. 0nce the I+ .ddress of the I6C ser#er is a#ailable the bot
attempts to establish an I6C session with the ser#er and ,oins the command and control channel specified
in the bot binary. 0nce the bot successfully ,oins the specified I6C channel it automatically parses and
e=ecutes the channel topic. The topic contains the default command that e#ery bot should e=ecute.
?&+ Security Threats from =otnet
>ith the growing sophistication of botnets and highly skilled and organiFed botmasters a powerful
threat as that from #iruses Tro,an horses network intrusion worms and other familiar cyber threats
persists to the Internet Security and pri#acy. Eot networks can use the collaborated Fombie army to carry
out #arious nefarious attacks on the intenet community. The notorious attack are described below1
Distri*uted Denial of Service Attack:$enial of Ser#ices attack is an attempt on a computer system
or network to make una#ailable the computational resources to its intended user. . $istributed
$oS )$$oS- attack is a $oS attack which in#ol#es use of multiple compromised systems to cause
a loss of ser#ice to its intended users by depleting the bandwidth and other computational
resources of the target system or network. Eandwidth depletion and resource depletion are two
main #ariants of $$oS attack. Eandwidth depletion in#ol#es flooding a target machine with
unwanted traffic as an attempt to o#erwhelm the processing power of the target machine.
20
6esource depletion also called protocol e=ploitation in#ol#es a target that specifically attempts to
delete resources on the targeted computer or cause it to become unstable and crash.
S"ammin!: Spam is any message or posting regardless of its content that is sent to multiple
recipients who ha#e not specifically requested the message. . person engaged in spamming is
called a spammer.
1is1in! and )dentit$ 31eft: +hishing is used to describe spoof emails and other technical ploys to
trick recipients into gi#ing up their personal or their companyBs credential information such as social
security number financial account credentials and other identity and security information.
+ostin! ille!al material and disseminatin! malicious code: Illegal material such as child
pornographic pictures #ideos and other such material pirated software or code to crack the
licensed software pirated e7books pirated games etc. can be stored as a dynamic repository on a
bot compromised computer. 0ften this illegal material contains malicious code in the form of
malware #iruses Tro,an horses.
21
Chapter +
=OTC6O,0S ; Cloud =ased =otnets
+&( Cloud #ie
Cloud ser#ices refer to the pro#isioning of hardware and software resources across the internet. CS+
)Cloud Ser#ice +ro#iders- typically offer both refined software ser#ices such as databases and raw
compute resources such as storage or processing power. Customers often use these ser#ices following a
pay7as7you7go model. "sing cloud ser#ices companies can choose to in effect rent computer resources
rather than to in#est in them outright also pro#iding elasticity of computing resources.
There are a growing number of CS+s including Microsoft !oogle and .maFon >eb Ser#ices ).>S-.
.>S is currently the largest. .>S offers a web interface for human access as well as scriptable Ga#a
based .pplication +rogramming interface ).+I- for automated access.
6esearch into the security of the Cloud focuses mainly on protecting legitimate users of Cloud Ser#ices
from attacks by e=ternal malicious users. Aittle attention is being gi#en to prohibit malicious users from
using the Cloud to launch attacks such as those currently done by botnets. These attacks include
launching a $$oS attack sending spam and perpetrating click fraud.. new concept arises called as Attack
As A Service. This means an attacker may run a denial of ser#ice spam phishing or anything using a
cloud platform
+&> =ot Clouds
6ather than use a network of infected machines Eotmasters can use Cloud ser#ices to build botnets.
Eotmasters purchase a large group of machines from a CS+ and install a bot on each machine to form a
botnet. Cloud based Eotnets or EotClouds ha#e se#eral ad#antages o#er the traditional botnets.
. Traditional botnet requires substantial time to build whereas a Eotcloud can be online in
minutes.
. Traditional botnet is unreliable due to the constant threat of infected computers being switched
off by their owners while on the other hand a Eotcloud is always online and ready.
. traditional Eot/et cannot fully utilise the processor or bandwidth resources due to the constant
threat of detection or computer use by the owner howe#er a EotCloud can be fully utiliFed with no
fear of interruption,
22
+&? =ot Cloud Attac%s
. $$0S attack can be launched by a EotCloud and can atleast temporarily ha#e the same effect
as a $$oS attack launched by a traditional botnet. This attack can be detected and neutralised by
a CS+ only if the CS+ is monitoring for this kind of acti#ity,
Sending spam from a EotCloud can also be accomplished. . common defense against spam is to
blacklist the range of I+ addresses from which the spam is being sent. Dowe#er blacklisting a large
range of I+ addresses of a CS+ might block access to many legitimate ser#ices such as
customers that are hosting their email ser#ers on the cloud.
Click ?raud can also be carried out by a EotCloud. This attack is more difficult to detect than the
first two,
+&+ =ot Cloud 0etection Techniques
The main methods of botnet detection are honeypots and intrusion detection. +orting these
methods to the clouds is NOT a straightforward approach.
$eploying Doneypots in the cloud requires that a CS+ monitors all acti#ity on all or a subset of the
machines used by CS+ customers. .s customers ha#e paid for these machines there may be a
legal ob,ections to this pri#acy breach.
$eploying Intrusion $etection System on each machine of the cloud indi#idually is similary
comple=.
. new concept arises called as E=trusion $etection which checks network acti#ity in the outbound
direction )ie from cloud to customer-. +roacti#ely monitoring for outbound acti#ity such as $$0S
or spam will alert a CS+ to the presence of malicious users and prompt for the termination of those
users.
23
Proposed :or%
'. $e#elopment of EotCloud.
%. $etection of EotCloud.
9. +re#ention from EotCloud.
24
References
[1]. Jianfeng Yang and Zhibin Chen, Clod Co!"#ing $e%ea&'h and (e'&i#) *%%e%+, *,,,
2010.
[2]. (. (ba%hini and -. .a/i#ha, 0 %&/e) on %e'&i#) i%%e% in %e&/i'e deli/e&) !odel% of
'lod 'o!"#ing+, Jo&nal of 1e#2o&3 and Co!"#e& 0""li'a#ion%, /ol. 34420105 "age% 416
115.
[3]. .a%%id) Cla&3, 7a&#i8n 9a&nie& and :&an'e% 7.;. <&a=ie&, <>;C?>@A( 6 ;he :#&e of
Clod6ba%ed <o#ne#%B+
[4]. Ce#e& 7ell and ;i!o#h) D&a'e, ;he 1*(; Aefini#ion of Clod Co!"#ing 4A&af#5+,
$e'o!!enda#ion% of #he 1a#ional *n%#i##e of (#anda&d% and ;e'hnolog), 7 "age%
4Jana&).20115.
[5]. 7.;a&iE <anda), Ja!eel 0. Fad&i and 1i%a& 0. (hah, (#d) of <o#ne#% and ;hei& ;h&ea#%
#o *n#e&ne# (e'&i#)+, ("&o#% G 9o&3ing Ca"e&% on *nfo&!a#ion ()%#e!%.
[6]. 7oheeb 0b $a8ab, Ja) Za&fo%%, :abian 7on&o%e and 0nd&ea% ;e&=i%, 0 7l#ifa'e#ed
0""&oa'h #o @nde&%#anding #he <o#ne# Cheno!enon+.
h##"HIIen.2i3i"edia.o&gI2i3iIClodJ'o!"#ing
25