A comprehensive measurement of cloud service abuse

Naoki Fukushi, Daiki Chiba, Mitsuaki Akiyama, Masato Uchida

研究成果: Article査読

抄録

Cloud services are maliciously used as an infrastructure for cyber-attacks. In a cloud service, the assigned Internet Protocol (IP) address for a server is owned by the cloud service provider. When the server is shut down, the assigned IP address is freed for reuse and assigned to another server in the same cloud service. Cyber-attackers abusing cloud services in this way therefore pose a serious risk since legitimate service providers, developers, and end users may be mistakenly blacklisted which lowers the image and hurts the reputation of the service. In this study, we conducted a large-scale measurement of cloud service abuse by using blacklisted IP addresses. Our analysis of four cloud services over 154 days using 39 blacklists revealed that a total of 61,060 IP addresses from these cloud service providers were blacklisted, approximately 14,000 IP addresses continue to be blacklisted, and approximately 5% are replaced daily. Moreover, our study revealed trends in attacks that abuse cloud services with respect to attack type, region, duration, and anti-abuse countermeasures. Finally, we discuss recommendations for cloud service users, cloud service providers, and blacklist providers.

本文言語English
ページ(範囲)93-102
ページ数10
ジャーナルJournal of information processing
29
DOI
出版ステータスPublished - 2021

ASJC Scopus subject areas

  • コンピュータ サイエンス(全般)

フィンガープリント

「A comprehensive measurement of cloud service abuse」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル