Detection and mitigation of fraudulent resource consumption attacks in cloud using deep learning approach

Fraudulent Resource Consumption (FRC) attacks can be synthesized by subtly consuming metered resources of the cloud servers over a sustained period of time. The objective of the attacker in such attacks is to exploit the utility pricing model by fraudulently consuming cloud resources. This skillful over-consumption of resources results in a considerable financial burden to the client. These attacks are characterized by low-intensity HTTP requests per hour, akin to requests by legitimate users. Hence, the attack requests differ in intent but not in content, which makes FRC attacks hard to detect. In this paper, we propose P-estimation detection scheme to effectively detect these attacks. This is accomplished by training several deep learning LSTM models based on the web server logs. An estimate of attack percentage is calculated and then used to deploy the appropriate detection model. This technique takes into account the dynamic nature of websites where the popularity of web pages can change with time, by retraining and updating the detection models periodically. To the best of the authors' knowledge, this technique outperforms all the existing FRC detection techniques with a False Negative Rate (FNR) and False Positive Rate (FPR) of 0.0059% and 0.0% respectively. The proposed technique is able to detect attacks as low as 2% intensity. In addition to the detection scheme, this paper also delivers a mitigation and attribution technique to identify such attackers and block them.