A Profile-Based Novel Framework for Detecting EDoS Attacks in the Cloud Environment

The future of information technology mainly depends upon cloud computing. Hence security in cloud computing is highly essential for the consumers as well as the service providers of the particular cloud environment. There are many security threats are challenging the current cloud environment. One of the important security threat ever in cloud environment is considered to be the Distributed Denial of Service (DDoS) attack. Where cloud is of greater benefit in terms of providing on-demand services, a certain kind of attack named as Economic Denial of Sustainability (EDoS) occurs in pay per use payment model. Due to the occurrence of this attack the consumers are forced to pay additional amount for the services offered. EDoS attacks are similar to that of DDoS attacks Which is classified as-attacks associated with bandwidth consuming, application targeted attacks and the exhaustion of the connection layer. The main objective of the proposed work is to design a profile-based novel framework for maximizing the detection of various types of EDoS attacks. During this process, the proposed framework consisting Feature Classification (FC) algorithm ensures that false positives and negatives along with bandwidth and memory consumption are highly minimized. The proposed algorithm allows only the limited resources for allocation to the available virtual machines which increases the chances of the detecting the attack and preventing the misuse propagation of resources. The accuracy and efficiency of this approach is proven to be higher with lesser computational complexity when compare to the existing approaches.

     

Error Rate Analysis of Uplink MC-CDMA Systems using Complementary Codes in Rayleigh Fading Channels

Cloud computing is a global technology for data storage and retrieving. Many organizations are switching their companies to cloud technology, so that they can lease cloud services for use on a membership or pay as you go basis rather than creating their own systems. Cloud service provider and the Cloud service accessibility are the two major problems in cloud computing. The Economic Denial of Sustainability (EDoS) attack is an important attack towards the cloud service providers. The attackers may send continuous requests to the cloud in a particular second. Hence the legitimate user cannot access the data due to heavy cloud traffic. Hence the paid user cannot access the data. However, this problem makes an economical issue to the users. So this paper presented a new technique as, ADS-PAYG (Attack Defense Shell- Pay As You Go) approach using Trust Factor method against the EDoS attack is proposed to improve more number of authenticated users by fixing a threshold value. The algorithm produced an effective result based on response time, accuracy and CPU utilization. The ADS-PAYG solution is applied using MATLAB, which outperforms other Trust factor estimation methods and effectively distinguishes attackers from legitimate users. The detection accuracy is 83.43% for the given dataset and it is high when compared to the existing algorithms.

     

Integration of firefly optimization and Pearson service correlation for efficient cloud resource utilization

Cloud Computing (CC) environment presents a simplified, centralized platform or resources to usage while necessitated at minimum cost. In CC, the main processes in is the allocation of resources of web applications. However, with the increasing demands of Cloud User (CU), an efficient resource allocation technique for web applications is required. According to the request made by the user and response obtained, the cost of resources has also to be optimized. To overcome such limitations, Pearson service correlation‐based firefly resource cost optimization (PSC‐FRCO) technique is designed. Pearson service correlation‐based firefly resource cost optimization technique not only improves the performance of cost aware resource allocation but also achieves higher efficiency while rendering services in cloud computing environment for web applications. Pearson service correlation‐based firefly resource cost optimization technique initially uses Pearson service correlation in which the user‐required service is identified by correlating the available services provided by cloud owner. This helps in improving the Response Time (RT) of cloud service provisioning. Next, firefly resource cost optimization algorithm is applied to identify and allocate the cost‐optimized cloud resources to users to afford required service from the cloud server. Thus, PSC‐FRCO technique improves the Resource Utilization Efficiency (RUE) of web applications with minimal computational cost. This technique conducts experimental works on parameters such as RT, Bandwidth Utilization Rate (BUR) computational cost, Energy Consumption (EC), and RUE. Experimental analysis reveals that PSC‐FRCO technique enhances enhances RUE and lessens RT as compared to state‐of‐the‐art works.     

An autonomic risk‐ and penalty‐aware resource allocation with probabilistic resource scaling mechanism for multilayer cloud resource provisioning

Cloud computing environment allows presenting different services on the Internet in exchange for cost payment. Cloud providers can minimize their operational costs by auto‐scaling of the computational resources based on demand received from users. However, the time and cost required to increase and decrease the number of active computational resources are among the biggest limitations of scalability. Thus, auto‐scaling is considered as one of the most important challenges in the field of cloud computing. The present study aimed to present a new solution to automatic scalability of resources for multilayered cloud applications under the Monitor‐Analysis‐Plan‐Execute‐Knowledge loop. In addition, the Google penalty payment model was used to model the penalty costs in the problem and to accurately evaluate the earned profit. A hybrid resource load prediction algorithm was proposed to evaluate the future of resources in each cloud layer. Further, we used statistical solution to determine the statuses of VMs in addition to presenting a risk‐aware algorithm to allocate the user requests to active resources. The experimental results by Cloudsim indicated the improvement of the proposed approach in terms of operational costs, the number of used resources, and the amount of profit.     

Continuous leakage–resilient IBE in cloud computing

Cloud computing is an efficient tool in which cloud storage shares plenty of encrypted data with other data owners. In existing cloud computing scenarios, it may suffer from some new attacks like side channel attacks. Therefore, we are eager to introduce a new cryptographic scheme that can resist these new attacks. In this work, we exploit a new technique to build leakage‐resilient identity‐based encryption and use the stronger existing partial leakage model, such as continual leakage model. More specifically, our proposal is based on the underlying decisional bilinear Diffie‐Hellman assumption, but proven adaptively secure against adaptive chosen ciphertext attack in the standard model. Above all, a continuous leakage–resilient IBE scheme with adaptive security meets cloud computing with stronger security.     

Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN

Cloud computing affords lot of resources and computing facilities through Internet. Cloud systems attract many users with its desirable features. In spite of them, Cloud systems may experience severe security issues. Thus, it is essential to create an Intrusion Detection System (IDS) to detect both insider and outsider attacks with high detection accuracy in cloud environment. This work proposes an anomaly detection system at the hypervisor layer named Hypervisor Detector that uses a hybrid algorithm which is a mixture of Fuzzy C-Means clustering algorithm and Artificial Neural Network (FCM-ANN) to improve the accuracy of the detection system. The proposed system is implemented and compared with Naïve Bayes classifier and Classic ANN algorithm. The DARPA’s KDD cup dataset 1999 is used for experiments. Based on extensive theoretical and performance analysis, it is evident that the proposed system is able to detect the anomalies with high detection accuracy and low false alarm rate even for low frequent attacks thereby outperforming Naïve Bayes classifier and Classic ANN.     

Fog‐SDN: A light mitigation scheme for DDoS attack in fog computing framework

Cloud computing is one of the most tempting technologies in today's computing scenario as it provides a cost‐efficient solutions by reducing the large upfront cost for buying hardware infrastructures and computing power. Fog computing is an added support to cloud environment by leveraging with doing some of the less compute intensive task to be done at the edge devices, which reduces the response time for end user computing. But the vulnerabilities to these systems are still a big concern. Among several security needs, availability is one that makes the demanded services available to the targeted customers all the time. Availability is often challenged by external attacks like Denial of service (DoS) and distributed denial of service (DDoS). This paper demonstrates a novel source‐based DDoS mitigating schemes that could be employed in both fog and cloud computing scenarios to eliminate these attacks. It deploys the DDoS defender module which works on a machine learning–based light detection method, present at the SDN controller. This scheme uses the network traffic data to analyze, predict, and filter incoming data, so that it can send the filtered legitimate packets to the server and blocking the rest.     

A based on blinded CP‐ABE searchable encryption cloud storage service scheme

Cloud computing has great economical advantages and wide application, more and more data owners store their data in the cloud storage server (CSS) to avoid tedious local data management and insufficient storage resources. But the privacy of data owners faces enormous challenges. The most recent searchable encryption technology adopts the ciphertext‐policy attribute‐based encryption (CP‐ABE), which is one good method to deal with this security issue. However, the access attributes of the users are transmitted and assigned in plaintext form. In this paper, we propose a based on blinded CP‐ABE searchable encryption cloud storage service (BCP‐ABE‐SECSS) scheme, which can blind the access attributes of the users in order to prevent the collusion attacks of the CSS and the users. Data encryption and keyword index generation are performed by the data owners; meanwhile, we construct that CSS not only executes the access control policy of the data but also performs the pre‐decryption operation about the encrypted data to solve higher time cost of decryption calculation to the data users. Security proof results show that this scheme has access attribute security, data confidentiality, indistinguishable security against chosen keyword attack, and resisting the collusion attack between the data user and the CSS. Performance analysis and the experimental results show that this scheme can effectively reduce the computation time cost of the data owners and the data users.     

Detection of Low-Rate Cloud DDoS Attacks in Frequency Domain Using Fast Hartley Transform

Distributed Denial-of-Service (DDoS) attack has been a serious threat to the availability feature of cloud computing. As traditional DDoS attacks are implemented using a huge volume of malicious traffic, the detection of such attacks becomes a naive task. To evade this detection, attackers are moving towards the Low-Rate DDoS (LRDDoS) attacks. The stealthy behavior of LRDDoS attack makes it difficult to get detected due to its low volume traffic. The existing frequency-domain approaches for LRDDoS detection are not feasible in terms of computational and storage requirements. This paper aims to propose a lightweight, accurate, and adaptive approach for the detection of LRDDoS attacks in frequency-domain. In this paper, the LRDDoS attack is detected by analyzing the power spectral distribution. The novelty of the proposed approach is to calculate the power spectral density using Fast Hartley Transform (FHT). The FHT processes real-valued input data, and has low computational and storage complexities. The approach is implemented on OpenStack cloud platform, and the aggregate network traffic (external and internal) is captured and analyzed. Experimental results show that the computational and storage complexities involved in FHT are lower than other transformation algorithms’ complexities. Thus, the approach provides faster response with an average detection time of 60.16 s. The average true negative and true positive rates obtained by the proposed approach are 99.83% and 99.46% respectively, which are competitive.

     

Multiobjective virtual machine placement mechanisms using nature‐inspired metaheuristic algorithms in cloud environments: A comprehensive review

Cloud computing introduced a new paradigm in IT industry by providing on‐demand, elastic, ubiquitous computing resources for users. In a virtualized cloud data center, there are a large number of physical machines (PMs) hosting different types of virtual machines (VMs). Unfortunately, the cloud data centers do not fully utilize their computing resources and cause a considerable amount of energy waste that has a great operational cost and dramatic impact on the environment. Server consolidation is one of the techniques that provide efficient use of physical resources by reducing the number of active servers. Since VM placement plays an important role in server consolidation, one of the main challenges in cloud data centers is an efficient mapping of VMs to PMs. Multiobjective VM placement is generating considerable interest among researchers and academia. This paper aims to represent a detailed review of the recent state‐of‐the‐art multiobjective VM placement mechanisms using nature‐inspired metaheuristic algorithms in cloud environments. Also, it gives special attention to the parameters and approaches used for placing VMs into PMs. In the end, we will discuss and explore further works that can be done in this area of research.     

云安全研究进展综述

 随着云计算在学术界和工业界的兴起,云计算也不可避免的带来了一些安全问题.本文对云计算的安全需求进行了总结,指出云计算不仅在机密性、数据完整性、访问控制和身份认证等传统安全性上存在需求,而且在可信性、配置安全性、虚拟机安全性等方面具有新的安全需求.我们对云计算的两个典型产品Amazon Web Services和Windows Azure的安全状况进行了总结,并阐述了针对云计算的拒绝服务攻击和旁通道攻击.基于云计算的安全需求和面临的攻击,对现有安全机制进行了优缺点分析,系统的总结了现有的安全机制.     

Proficient selection of gateway and base station by adroit algorithm in cloud‐VMesh network

Cloud computing is alluring for the vehicular mesh (VMesh) network. Cloud computing stipulates the computing resources and services on demand using the Internet. The VMesh network is a type of networking where each vehicle must not only capture and disseminate its own data but also serve as a gateway for another vehicle. The cloud‐VMesh network is a convergent technology encompassed of three key technologies, namely, vehicular mesh network, cloud computing, and networking. In this paper, we propose a new routing algorithm for cloud‐VMesh network, dubbed as adroit algorithm. The proposed adroit algorithm addresses the choosing of an optimal gateway and base station in the network layer from and to the service requesters and cloud server. The simulation study shows that the adroit algorithm augments the routing issues such as delay, packet loss, congestion and deployment cost in the cloud‐VMesh network, and it is justified based on the packet delivery ratio, average response time, routing overhead ratio, and packet collision ratio. The simulation results demonstrate that the adroit algorithm outperforms the existing protocols. Copyright © 2016 John Wiley & Sons, Ltd.     

云计算中云主机的“经济性”分析

云计算在发展初始就有专家指出其具有“经济性”的特点。云主机是云计算在基础设施即服务（1aaS）层面的典型产品,现今已经可以通过网络订购云主机的服务。通过考察一个IT项目的例子,利用亚马逊公司的云主机服务（EC2）报价作为参考,将客户自购物理服务器及使用的成本与采用云主机服务的成本进行分析和对比,使用5％的贴现率来计算该IT项目的净现值（NPV）,评估自购设备和使用云主机服务的经济效果,得出在当前使用云主机服务的经济效益。     

Efficient Resource Management for Cloud-enabled Video Surveillance over Next Generation Network

The next generation video surveillance systems are expected to face challenges in providing computation support for an unprecedented amount of video streams from multiple video cameras in a timely and scalable fashion. Cloud computing offers huge computation resources for large-scale storage and processing on demand, which are deemed suitable for video surveillance tasks. Cloud also provides quality of service guaranteed hardware and software solutions with the virtual machine (VM) technology using a utility-like service costing model. In cloud-based video surveillance context, the resource requests to handle video surveillance tasks are translated in the form of VM resource requests, which in turn are mapped to VM resource allocation referring to physical server resources hosting the VMs. Due to the nature of video surveillance tasks, these requests are highly time-constrained, heterogeneous and dynamic in nature. Hence, it is very challenging to actually manage the cloud resources from the perspective of VM resource allocation given the stringent requirements of video surveillance tasks. This paper proposes a computation model to efficiently manage cloud resources for surveillance tasks allocation. The proposed model works on optimizing the trade-off between average service waiting time and long-term service cost, and shows that long-term service cost is inversely proportional to high and balanced utilization of cloud resources. Experiments show that our approach provides a near-optimal solution for cloud resource management when handling the heterogeneous and unpredictable video surveillance tasks dynamically over next generation network.     

Efficient revocable ID‐based encryption with cloud revocation server

The capability to efficiently revoke compromised/misbehaving users is important in identity‐based encryption (IBE) applications, as it is not a matter of if but of when that one or more users are compromised. Existing solutions generally require a trusted third party to update the private keys of nonrevoked users periodically, which impact on scalability and result in high computation and communication overheads at the key generation center. Li et al proposed a revocable IBE scheme, which outsources most of the computation and communication overheads to a Key Update Cloud Service Provider (KU‐CSP). However, their scheme is lack of scalability since the KU‐CSP must maintain a secret value for each user. Tseng et al proposed another revocable IBE scheme with a cloud revocation authority, seeking to provide scalability and improve both performance and security level. In this paper, we present a new revocable IBE scheme with a cloud revocation server (CRS). The CRS holds only one secret time update key for all users, which provides the capability to scale our scheme. We demonstrate that our scheme is secure against adaptive‐ID and chosen ciphertext attacks under the k‐CAA assumption and outperforms both schemes mentioned above, in terms of having lower computation and communication overheads.     

FIPA‐based reference architecture for efficient discovery and selection of appropriate cloud service using cloud ontology

Cloud computing is considered the latest emerging computing paradigm and has brought revolutionary changes in computing technology. With the advancement in this field, the number of cloud users and service providers is increasing continuously with more diversified services. Consequently, the selection of appropriate cloud service has become a difficult task for a new cloud customer. In case of inappropriate selection of a cloud services, a cloud customer may face the vendor locked‐in issue and data portability and interoperability problems. These are the major obstacles in the adoption of cloud services. To avoid these complexities, a cloud customer needs to select an appropriate cloud service at the initial stage of the migration to the cloud. Many researches have been proposed to overcome the issues, but problems still exist in intercommunication standards among clouds and vendor locked‐in issues. This research proposed an IEEE multiagent Foundation for Intelligent Physical Agent (FIPA) compliance multiagent reference architecture for cloud discovery and selection using cloud ontology. The proposed approach will mitigate the prevailing vendor locked‐in issue and also alleviate the portability and interoperability problems in cloud computing. To evaluate the proposed reference architecture and compare it with the state‐of‐the‐art approaches, several experiments have been performed by utilizing the commonly used performance measures. Analysis indicates that the proposed approach enables significant improvements in cloud service discovery and selection in terms of search efficiency, execution, and response time.     

云环境数据服务的可信安全模型

针对云服务提供商的可信状态和云环境数据服务的安全需求,提出了云环境数据服务的可信重加密安全模型,即在云环境下的数据安全需要云服务提供商满足一定的可信程度,再结合有效的重加密算法才能得以保证。通过对重加密模型进行安全分析,并用密码算法对重加密模型进行验证,得到实现重加密算法的约束条件,同时提出可信评价模型,对云服务提供商的可信状态进行动态评价,为建立云环境数据服务的可信安全提供理论基础和实现依据。     

Analysis of QoS aware energy-efficient resource provisioning techniques in cloud computing

By incorporating on-demand resources, software and data for collaborative services through the Internet, the conventional Information Technology enterprise has been transformed by cloud computing. Based on the pay-per-use approach, Infrastructure, platform or Software resources and servers located across data centres are among the several types of resources offered to consumers in cloud computing. Data centres handle these resources. These resources are constantly provisioned to users based on their availability, demand, and quality requirements. Cloud computing systems are known as one of the largest utilisers of energy resources all over the world. Also, power consumption has become a crucial aspect as most cloud computing systems work on traditional nonrenewable resources of energy. In order to make data centres environment-friendly, there is a need for optimal approaches to reduce energy consumption and their hazardous effects on the environment. To analyse different available strategies for building and maintaining an energy-efficient cloud is the main objective of this paper. The paper will comprehensively review several energy-efficient resource provisioning methods and provide a graphical comparative study of Quality of Service (QoS) Metrics in cloud computing. Moreover, the present study identifies the areas of study that need to be further improved to increase the energy efficiency of cloud computing systems.     

Game theory approach for detecting vulnerable data centers in cloud computing network

Nowadays, cloud computing has many benefits to accessibility, scalability, and cost‐effectiveness, leading to network security risks and vulnerabilities. Cloud computing is gaining in popularity with the advances and growth of its systems. Therefore, the security of this system and the identification of vulnerable data centers are more complicated than the past. Definitely discovering vulnerable data centers that are vulnerable to attacks can help to strengthen these data centers and provide a safer and more secure network structure. This paper examines the vulnerability of malware data centers in the infrastructure and cloud computing network structure. Based on the analysis of the cloud computing system in the field of game theory, we introduce a developed model for identifying vulnerable data centers in cloud computing. The developed model in this paper is based on the game theory as a mathematical tool. According to the game theory, we introduce a measure of the degree of vulnerability of data centers in the cloud computing network.     

云计算起源探析

探讨了云计算概念的起源和发展过程,展示了云计算从一个拼凑的新单词逐渐成为IT领域最流行的趋势并形成产业链的历程。最早从企业层次提出Cloud Computing的是Dell,但对云计算概念产生较深影响的是IBM-Google并行计算项目和亚马逊EC2产品,随后越来越多的媒体、公司、技术人员开始追逐云计算,甚至将很多IT创新都放入云计算概念中,使得云计算概念和产业得以推动和发展,形成了如今包括IaaS,PaaS,XaaS,以及众多的硬件制造商、基础设施运营商等参与的一个完整产业链。