Malicious virtual machines detection through a clustering approach

Cloud computing aims to provide enormous resources and services, parallel processing and reliable access for users on the networks. The flexible resources of clouds could be used by malicious actors to attack other infrastructures. Cloud can be used as a platform to perform these attacks, a virtual machine(VM) in the Cloud can play the role of a malicious VM belonging to a Botnet and sends a heavy traffic to the victim. For cloud service providers, preventing their infrastructure from being turned into an attack platform is very challenging since it requires detecting attacks at the source, in a highly dynamic and heterogeneous environment. In this paper, an approach to detect these malicious behaviors in the Cloud based on the analysis of network parameters is proposed. This approach is a source-based attack detection, which applies both Entropy and clustering methods on network parameters. The environment of Cloud is simulated on Cloudsim. The data clustering allows achieving high performance, with a high percentage of correctly clustered VMs.