Back
 JIS  Vol.7 No.3 , April 2016
Generation of Labelled Datasets to Quantify the Impact of Security Threats to Cloud Data Centers
Abstract: Anomaly based approaches in network intrusion detection suffer from evaluation, comparison and deployment which originate from the scarcity of adequate publicly available network trace datasets. Also, publicly available datasets are either outdated or generated in a controlled environment. Due to the ubiquity of cloud computing environments in commercial and government internet services, there is a need to assess the impacts of network attacks in cloud data centers. To the best of our knowledge, there is no publicly available dataset which captures the normal and anomalous network traces in the interactions between cloud users and cloud data centers. In this paper, we present an experimental platform designed to represent a practical interaction between cloud users and cloud services and collect network traces resulting from this interaction to conduct anomaly detection. We use Amazon web services (AWS) platform for conducting our experiments.
Cite this paper: Mukkavilli, S. , Shetty, S. and Hong, L. (2016) Generation of Labelled Datasets to Quantify the Impact of Security Threats to Cloud Data Centers. Journal of Information Security, 7, 172-184. doi: 10.4236/jis.2016.73013.
References

[1]   Shiravi, A., Shiravi, H., Tavallaee, M. and Ghorbani, A.A. (2012) Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Computers & Security, 31.3, 357-374.
http://dx.doi.org/10.1016/j.cose.2011.12.012

[2]   Mukkavilli, S.K., Shetty, S. and Hong, L. (2012) Mining Concept Drifting Network Traffic in Cloud Computing Environments. IEEE/ACM CCGRID, Ottawa, 13-16 May 2012, 721-722.

[3]   Shetty, S., Mukkavilli, S.K. and Keel, L.H. (2011) An Integrated Machine Learning and Control Theoretic Model for Mining Concept Drifting Data Streams. IEEE HST, Waltham, 15-17 November 2011, 75-80.
http://dx.doi.org/10.1109/ths.2011.6107850

[4]   University of California-KDD Cup 1999 Data.
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html;2011

[5]   Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A.A. (2009) A Detailed Analysis of the KDD CUP 99 Data Set. IEEE CISDA, Ottawa, 8-10 July 2009, 1-6.

[6]   MIT Lincoln Lab DARPA Data.
http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html;2011

[7]   Sommer, R. and Paxson, V. (2010) Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. IEEE Symposium on Security & Privacy, Oakland, 16-19 May 2010, 305-316.

[8]   McHugh, J. (2000) Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Trans on Information System Security, 3, 264-294.
http://dx.doi.org/10.1145/382912.382923

[9]   Brown, C., Cowperthwaite, A., Hijazi, A. and Somayaji, A. (2009) Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with Netadhict. IEEE International Conference on Computational Intelligence for Security and Defense Applications, Ottawa, 8-10 July 2009, 1-7.

[10]   ISCX Datasets.
http://www.unb.ca/research/iscx/dataset/iscx-IDS-dataset.html

[11]   Cloud vs. Traditional Data Center.
http://www.businessnewsdaily.com/4982-cloud-vs-data-center.html

[12]   Classification of Data Center.
http://www.datacenterknowledge.com/archives/2013/11/01/a-public-private-or-hybrid-cloud-debate-not-really/

[13]   Data Center Types.
http://research.gigaom.com/2012/10/4-types-of-data-centers/

[14]   CAIDA Data Centers.
http://www.caida.org/

[15]   Cloud Platform.
http://mindstormtools.com/2014/02/16/amazon-web-services-aws-and-the-new-google-cloud-platform/

[16]   Cloud Intrusion.
http://www.di.unipi.it/~hkholidy/projects/cidd/

[17]   AWS Data Centers.
http://www.turnkeylinux.org/blog/aws-datacenters

[18]   Amazon AWS Instances.
https://aws.amazon.com/ec2/instance-types/

[19]   Reddy, S., Shetty, S. and Xiong, K. (2013) Security Risk Assessment of Cloud Carrier. 2013 13th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid), Delft, 13-16 May 2013, 442-449.

[20]   PlanetLab Nodes.
http://www.planet-lab.org/status

[21]   LBNL-The Internet Traffic Archive.
http://www.icir.org/enterprise-tracing/download.html

[22]   Specht, S.M. and Lee, R.B. (2004) Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures. Proceedings of 17th International Conference on Parallel and Distributed Computing Systems, San Francisco, 15-17 September 2004, 543-550.

[23]   Distributed Attack.
http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack

[24]   DDOS Attack.
http://www.crn.com/news/security/240158492/ddos-attack-behind-latest-network-solutions-outage.htm

[25]   EC2 Instances.
http://aws.amazon.com/ec2/

[26]   EC2 Security Groups.
http://blog.learningtree.com/understanding-amazon-ec2-security-groups-and-firewalls/

[27]   Load Balancing.
http://www.webopedia.com/TERM/L/load_balancing.html

[28]   Load Balancing Tool.
https://packetstormsecurity.com/files/46871/lbd-0.1.sh.txt.html

[29]   Slowloris Tool.
https://github.com/gkbrk/slowloris

[30]   Wireshark Tool.
https://www.wireshark.org/

[31]   Benson, T., Akella, A. and Maltz, D.A. (2010) Network Traffic Characteristics of Data Centers in the Wild. Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, Melbourne, 1-3 November 2010, 267-280.
http://dx.doi.org/10.1145/1879141.1879175

[32]   Penetration Testing Security.
http://aws.amazon.com/security/penetration-testing/

 
 
Top