Method of detecting attacks in a cloud computing architecture
US10659475B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 21, 2015 |
| Grant date | May 19, 2020 |
| Priority date | — |
| Expiry date | Jan 21, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2009/45587
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method and a detection entity for detecting attacks in a system including at least two host servers. Each host server hosts a set of virtual machines. The detection entity performs acts of: detecting that a number of migrations of virtual machines from one server to another during a current time period is greater than a threshold value; partitioning the virtual machines of the system into a first subset having a stable profile of consumption of at least one resource, and into a second subset having a fluctuating profile; calculating, for the pairs of virtual machines of the second subset, a value of temporal correlation between the two profiles of the pair; and identifying in the second subset the virtual machines for which the correlation value is greater than or equal to a threshold correlation value, the machines being identified as constituting the origin of the attack.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.