An empirical investigation of botnet as a service for cyberattacks.

During the last years, cloud computing has emerged and imposed itself as a cost‐effective solution for providing high quality Information Technology services. However, beyond a legitimate usage, the benefits of cloud computing are being exploited by attackers in nefarious ways and botnets are among the greatest beneficiaries of this malicious use. This botnet trend is a major issue because it strongly increases the power of massive distributed attacks when leveraging the capabilities of cloud service providers that do not have appropriate detection approaches in place to detect botnets exploiting cloud resources (also referred to as botclouds). We developed a free experimental intra–Cloud Service Provider (CSP) botnet that exploits CSPs' trial versions. We used this intra‐CSP botnet to execute numerous TCP SYN flood and UDP flood attacks during one week. Our empirical results demonstrate that, contrary to what CSPs claim, all the CSPs (with the exception of one) we have tested still cannot detect or issued no warnings when malicious activities were launched from their cloud computing platforms. Besides, CSP's trial versions can easily be exploited to perpetrate large scale cyberattacks. We argue that efficient, cost‐effective, scalable detection approaches that can detect botclouds need to be developed in the future to address this challenge. We demonstrate through empirical tests how it is easy to build a botnet using cloud services and to demonstrate the inability of CSPs in detecting malicious usage of their resources which will motivate researchers to explore novel security solutions to address this important issue. This study conducted a large‐scale experimentation during which we used various trial versions offered by CSPs in order to build an intra‐CSP botnet. We used the latter to launch DDoS attacks against a controlled target server. [ABSTRACT FROM AUTHOR]