Fraudulent Resource Consumption (FRC) attacks can be synthesized by subtly consuming metered resources of the cloud servers over a sustained period of time. The objective of the attacker in such attacks is to exploit the utility pricing model by fraudulently consuming cloud resources. This skillful over-consumption of resources results in a considerable financial burden to the client. These attacks are characterized by low-intensity HTTP requests per hour, akin to requests by legitimate users. Hence, the attack requests differ in intent but not in content, which makes FRC attacks hard to detect. In this paper, we propose P-estimation detection scheme to effectively detect these attacks. This is accomplished by training several deep learning LSTM models based on the web server logs. An estimate of attack percentage is calculated and then used to deploy the appropriate detection model. This technique takes into account the dynamic nature of websites where the popularity of web pages can change with time, by retraining and updating the detection models periodically. To the best of the authors’ knowledge, this technique outperforms all the existing FRC detection techniques with a False Negative Rate (FNR) and False Positive Rate (FPR) of 0.0059% and 0.0% respectively. The proposed technique is able to detect attacks as low as 2% intensity. In addition to the detection scheme, this paper also delivers a mitigation and attribution technique to identify such attackers and block them.

欺诈性资源消耗（FRC）攻击可以通过在持续的一段时间内巧妙地消耗云服务器的计量资源来进行合成。攻击者在此类攻击中的目的是通过欺诈性地消耗云资源来利用公用事业定价模型。这种熟练的资源过度消耗给客户带来了可观的财务负担。这些攻击的特点是每小时的HTTP请求强度较低，类似于合法用户的请求。因此，攻击请求的意图不同，但内容不同，这使得FRC攻击难以检测。在本文中，我们提出P估计检测方案可以有效地检测这些攻击。这是通过基于Web服务器日志训练几个深度学习LSTM模型来完成的。计算攻击百分比的估计值，然后将其用于部署适当的检测模型。该技术考虑了网站的动态性质，其中，通过定期重新训练和更新检测模型，网页的受欢迎程度会随着时间而改变。据作者所知，该技术的误报率（FNR）和误报率（FPR）分别为0.0059％和0.0％，优于所有现有的FRC检测技术。所提出的技术能够检测低至2％强度的攻击。除了检测方案之外，本文还提供了缓解和归因技术来识别并阻止此类攻击者。