Cloud computing is the use of computing resources (hardware and software) which are available in a remote location and accessible over a network, such as the Internet. Users are able to buy these computing resources (including storage and computing power) as a utility on demand. Cloud computing entrusts remote services with a user's data, software and computation. Use of virtual computing resources can provide a number of advantages including cost advantages and/or ability to adapt rapidly to changing computing resource needs.
Network security is important in a cloud environment, particularly the ability to effectively protect and maintain stable computers and systems. If certain types of malicious software can infect a host computer, it may also be able to perform any number of hostile actions, such as sending out malicious emails from the host computer, stealing sensitive data, and assisting with distributed denial of service attacks. One particular form of malicious software is known as botnets.
Botnets are illicit networks built from a large number of compromised servers and/or personal computers. Botnets can include thousands of so-called zombie computers, which are computers infected by malware and which carry out commands on behalf of the botnet operator. These compromised computers can bombard web servers with denial-of-service attacks and participate in other online cracking activities, such as password cracking.
E-criminals use command-and-control software to coordinate zombie attack execution. Command-and-control frequently operates from compromised servers, without the server owner's knowledge. A botnet's originator (known as a “bot herder” or “bot master”) can control the group remotely and often for criminal purposes. This server is known as the command-and-control (C&C) server. The e-criminals demand a constant stream of freshly compromised servers to keep botnets running. If a botnet is able to place command-and-control software on a virtual machine that later is duplicated through cloning, the botnet capacity will automatically grow. For stakeholders in cloud hosting environments, the implication is a higher expectation of being targeted for server takeovers and botnet command-and-control insertions.
Thus, there is a need for tools that combat tactics that allow malicious operators to exploit networked computers.