Name: João Henrique Gonçalves Medeiros Corrêa
Type: PhD thesis
Publication date: 29/10/2021

Namesort descending Role
Rodolfo da Silva Villaca Advisor *

Examining board:

Namesort descending Role
Anilton Salles Garcia External Examiner *
Jugurta Rosa Montalvão Filho External Examiner *
Magnos Martinello Internal Examiner *
Rafael Silva Guimarães External Examiner *
Rodolfo da Silva Villaca Advisor *

Summary: Attacks, whether denial-of-service or intrusion, are a permanent challenge in computer networks, with a
further escalation due to migration of services to cloud computing environments. This new computing
paradigm, in which services share the same infrastructure, potentializes the problems generated by these
attacks, leading to disastrous consequences for users, enterprises, and corporations.
In the literature, network middleboxes such as Deep Packet Inspectors are usually required to perform the
task of detecting these attacks. These systems end up being dependent on attack signatures and specific
protocols. Moreover, there is a great difficulty in locating the collection of traffic within the data center.
Also, the insertion of these systems leads to an increase in service time, affecting metrics related to
Quality-of-Service (QoS) and Experience (QoE). If traffic is being used in conjunction with encryption
algorithms, the operation of these systems is impaired.
Several cloud infrastructures have powerful native telemetry systems, commonly used for resource
monitoring and billing. Our thesis here is that machine learning algorithms help deepen the analysis of the
massive volumes of data extracted from the native data collection service of the cloud infrastructure,
which provides monitoring of a multitude of metrics from both physical and virtual hosts.
Thus, we use machine learning algorithms to process datasets collected from the service of native
telemetry of the cloud infrastructure to perform the detection and identification. These datasets contain
information from the victim virtual machine hosted in the cloud environment. After performing the
detection and identification, mechanism of the cloud environment itself are used to mitigate attacks, as
exemplified by autoscaling. To perform a proof-of-concept, we used an experimental environment, with
the OpenStack cloud platform, with both DDoS and intrusion attacks. Telemetry data was used as input to
machine learning algorithms to classify the presence of an attack. Results showed good accuracy and a
good relationship between false positives and true positives to detect and identify attacks. Finally, the
mitigation mechanism offered greater availability for clients during denial-of-service attacks.

Access to document

Acesso à informação
Transparência Pública

© 2013 Universidade Federal do Espírito Santo. Todos os direitos reservados.
Av. Fernando Ferrari, 514 - Goiabeiras, Vitória - ES | CEP 29075-910