| 摘要 |
The invention relates to a method of detecting attacks in a system (10) comprising at least two host servers, a host server being intended to host a set of virtual machines, the method comprising the following steps, implemented by a detection entity (VMdet) of the system: detection (E0) that a number of migrations of virtual machines from one server of the system to another during a current time period (Tc), is greater than a threshold value (Vs), partitioning (E13) of the set of virtual machines of the system into a first subset of virtual machines, said to have a stable profile in terms of consumption of at least one resource, and into a second subset, said to have a fluctuating profile, the partitioning being dependent on a fluctuation index representative for a machine of the set of a variation of the consumption of the resource over a time window (F), the machines of the first subset having a smaller fluctuation index than the machines of the second subset, calculation (E2), for the pairs of virtual machines of the second subset, of a value of temporal correlation between the two profiles of the pair, identification (E3) in the second subset of the virtual machines for which the correlation value is greater than or equal to a threshold correlation value, said machines being identified as constituting the origin of the attack. |
