A proactive defense method for the stealthy EDoS attacks in a cloud environment

Cloud computing technology provides flexibility to Cloud Service Provider (CSP) for providing the cloud resources based on the users' requirements. In on‐demand pricing model, the attackers exploit this feature and cause unwanted scaling‐up of the cloud resources without any intent to pay for them. The associated cost for the unpaid malicious usage burdens the CSP, and over a long period, economic losses occur at the CSP end. Thus, the resources and services offered by the CSP become unsustainable, and the attack is termed as Economic Denial‐of‐Sustainability (EDoS) attack. The existing defense approaches for EDoS attacks are reactive. Thus, the associated attack detection/mitigation cost is high; consequently, the approaches are not suitable for the Small and Medium Enterprises (SMEs). The aim of this paper is to detect and mitigate, internal and external, stealthy EDoS attacks proactively. The attack is detected using average CPU utilization threshold and utility function (in terms of cost for the utilized cloud computing resources) and mitigated using virtual firewalls. Amazon Elastic Compute Cloud (Amazon EC2) is used to evaluate the performance of the proposed approach. The proposed approach accurately detects the EDoS attack and mitigates its effect as well with reduced cost. It is observed that the approach provides competitive response time, victim service downtime, and attack reporting time. Thus, the overall performance is improved.     

Error Rate Analysis of Uplink MC-CDMA Systems using Complementary Codes in Rayleigh Fading Channels

Cloud computing is a global technology for data storage and retrieving. Many organizations are switching their companies to cloud technology, so that they can lease cloud services for use on a membership or pay as you go basis rather than creating their own systems. Cloud service provider and the Cloud service accessibility are the two major problems in cloud computing. The Economic Denial of Sustainability (EDoS) attack is an important attack towards the cloud service providers. The attackers may send continuous requests to the cloud in a particular second. Hence the legitimate user cannot access the data due to heavy cloud traffic. Hence the paid user cannot access the data. However, this problem makes an economical issue to the users. So this paper presented a new technique as, ADS-PAYG (Attack Defense Shell- Pay As You Go) approach using Trust Factor method against the EDoS attack is proposed to improve more number of authenticated users by fixing a threshold value. The algorithm produced an effective result based on response time, accuracy and CPU utilization. The ADS-PAYG solution is applied using MATLAB, which outperforms other Trust factor estimation methods and effectively distinguishes attackers from legitimate users. The detection accuracy is 83.43% for the given dataset and it is high when compared to the existing algorithms.

     

云应用程序编程接口安全研究综述:威胁与防护

云时代,云应用程序编程接口(API)是服务交付、能力复制和数据输出的最佳载体。然而,云API在开放服务和数据的同时,增加了暴露面和攻击面,攻击者通过数据劫持和流量分析等技术获取目标云API的关键资源,能够识别用户的身份和行为,甚至直接造成背后系统的瘫痪。当前,针对云API的攻击类型繁多,威胁与防护方法各异,缺乏对现有攻击和防护方法的系统总结。该文梳理了云API安全研究中云API面临的威胁和防护方法,分析了云API的演化历程和类别划分;讨论了云API的脆弱性以及云API安全研究的重要性;提出了云API安全研究框架,涵盖身份验证、云API分布式拒绝服务(DDoS)攻击防护、重放攻击防护、中间人(MITM)攻击防护、注入攻击防护和敏感数据防护6个方面相关研究工作综述。在此基础上,探讨了增加人工智能(AI)防护的必要性。最后给出了云API防护的未来挑战和发展趋势。     

基于DDoS的TCP SYN攻击与防范

分布式拒绝服务攻击(DDoS)是出现在这几年的一种具有很强攻击力而又缺乏有效防御手段的Internet攻击手段,是目前网络安全界研究的热点.TCP SYN洪流攻击是最常见的DDoS攻击手段之一.文中在对DDoS攻击进行深入研究的基础上,着重对TCP SYN洪流攻击及其防范措施进行了深入研究,提出了一种新的综合攻击检测技术,较好地解决了对此类攻击的防范问题.     

基于流媒体服务DDoS攻击防范研究

分布式拒绝服务（Distributed Deny of Service,DDoS）攻击是目前最难解决的网络安全问题之一。在研究RTSP（Real-Time Streaming Protocol）协议漏洞基础上,提出一种有效防御流媒体服务DDoS攻击防御方案。该方案基于时间方差图法（Variance-TimePlots,VTP）,计算自相似参数Hurst值,利用正常网络流量符合自相似模型的特性来进行DDoS攻击检测,并综合采用黑白名单技术对流量进行处理。最后通过MATLAB仿真工具进行了模拟实验,并对结果进行了分析,在协议分析基础上能合理控制流量,使得DDoS攻击检测准确率、实时性高,目标流媒体服务器带宽和资源得到了有效保护。     

Fog‐SDN: A light mitigation scheme for DDoS attack in fog computing framework

Cloud computing is one of the most tempting technologies in today's computing scenario as it provides a cost‐efficient solutions by reducing the large upfront cost for buying hardware infrastructures and computing power. Fog computing is an added support to cloud environment by leveraging with doing some of the less compute intensive task to be done at the edge devices, which reduces the response time for end user computing. But the vulnerabilities to these systems are still a big concern. Among several security needs, availability is one that makes the demanded services available to the targeted customers all the time. Availability is often challenged by external attacks like Denial of service (DoS) and distributed denial of service (DDoS). This paper demonstrates a novel source‐based DDoS mitigating schemes that could be employed in both fog and cloud computing scenarios to eliminate these attacks. It deploys the DDoS defender module which works on a machine learning–based light detection method, present at the SDN controller. This scheme uses the network traffic data to analyze, predict, and filter incoming data, so that it can send the filtered legitimate packets to the server and blocking the rest.     

基于SNMP和神经网络的DDoS攻击检测

DDoS（Distributed Denial of Service）已经严重威胁计算机网络安全。对DDoS攻击检测的关键是找到能反映攻击流和正常流区别的特征,设计简单高效的算法,实时检测。通过对攻击特点的分析,总结出15个基于SNMP（Simple Network Management Protocol）的检测特征。利用BP神经网络高效的计算性能,设计了基于SNMP和神经网络的DDoS攻击检测模型,提高了检测实时性和准确性。实验表明：该检测模型对多种DDoS攻击都具有很好的检测效果。     

SAPA-based approach for defending DoS attacks in cloud computing

Denial of service (DoS) attack was one of the major threats to cloud computing.Security access path algorithm (SAPA) used node route table (NRT) to compose security access path.It simplified role nodes of traditional secure overlay services (SOS),and periodically updated role nodes,and cached security access paths.Therefore,SAPA was more appropriate for cloud computing to defend DoS attacks.Based on the turn routing architecture of cloud computing,the mathematical model of SAPA was built and its performance was analyzed in theory.The performance of SAPA was tested in OMNeT++ experimental platform.Also,the Test-bed experiments were performed to evaluate the effectiveness of SAPA for defending DoS attack.Experimental results show that comparing with SOS,SAPA can degrade the impact of communication success rate caused by DoS attack effectively,and guarantees the access delay small enough.     

Research on low-rate DDoS attack of SDN network in cloud environment

Aiming at the problems of low-rate DDoS attack detection accuracy in cloud SDN network and the lack of unified framework for data plane and control plane low-rate DDoS attack detection and defense,a unified framework for low-rate DDoS attack detection was proposed.First of all,the validity of the data plane DDoS attacks in low rate was analyzed,on the basis of combining with low-rate of DDoS attacks in the aspect of communications,frequency characteristics,extract the mean value,maximum value,deviation degree and average deviation,survival time of ten dimensions characteristics of five aspects,to achieve the low-rate of DDoS attack detection based on bayesian networks,issued by the controller after the relevant strategies to block the attack flow.Finally,in OpenStack cloud environment,the detection rate of low-rate DDoS attack reaches 99.3% and the CPU occupation rate is 9.04%.It can effectively detect and defend low-rate DDoS attacks.     

基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法

防御分布式拒绝服务DDoS（distributed denial of service）攻击是云计算平台安全保护中的一个关键问题。在研究大规模网络防御DDoS攻击的安全覆盖服务SOS（security overlay service）方法的基础上,揭示了SOS在节点被攻击时的退出机制存在的安全漏洞,根据云计算路由策略改进了一致性散列算法Chord,提出了适用于云计算路由平台三层架构的虚拟散列安全访问路径VHSAP（virtualization hash security access path）,在安全访问路径中引入了心跳机制,利用虚拟机技术实现弹性的虚拟节点,完成在云平台中被攻击节点之间的无缝切换,保证用户对云计算平台的安全访问。针对VHSAP防御DDoS的性能进行了仿真实验,重点研究了在散列安全访问路径HSAP中被攻击节点数和切换时延等参数,并将实验结果与SOS方法进行了比较。实验结果表明在DDoS攻击下,VHSAP具有较高的数据通过率,可以提高云计算平台的安全性。     

云安全研究进展综述

 随着云计算在学术界和工业界的兴起,云计算也不可避免的带来了一些安全问题.本文对云计算的安全需求进行了总结,指出云计算不仅在机密性、数据完整性、访问控制和身份认证等传统安全性上存在需求,而且在可信性、配置安全性、虚拟机安全性等方面具有新的安全需求.我们对云计算的两个典型产品Amazon Web Services和Windows Azure的安全状况进行了总结,并阐述了针对云计算的拒绝服务攻击和旁通道攻击.基于云计算的安全需求和面临的攻击,对现有安全机制进行了优缺点分析,系统的总结了现有的安全机制.     

Optimal solution for malicious node detection and prevention using hybrid chaotic particle dragonfly swarm algorithm in VANETs

Vehicular ad hoc networks (VANETs) have the ability to make changes in travelling and driving mode of people and so on, in which vehicle can broadcast and forward the message related to emergency or present road condition. The safety and efficiency of modern transportation system is highly improved using VANETs. However, the vehicular communication performance is weakened with the sudden emergence of distributed denial of service (DDoS) attacks. Among other attacks, DDoS attack is the fastest attack degrading the VANETs performance due to its node mobility nature. Also, the attackers (cyber terrorists, politicians, etc.) have now considered the DDoS attack as a network service degradation weapon. In current trend, there is a quick need for mitigation and prevention of DDoS attacks in the exploration field. To resolve the conflict of privacy preservation, we propose a fast and secure HCPDS based framework for DDoS attack detection and prevention in VANETs. The Road Side Units (RSUs) have used HCPDS algorithm to evaluate the fitness values of all vehicles. This evaluation process is done for effective detection of spoofing and misbehaving nodes by comparing the obtained fitness value with the statistical information (packet factors, RSU zone, and vehicle dynamics) gathered from the vehicles. The credentials of all worst nodes are cancelled to avoid further communication with other vehicles. In HCPDS algorithm, the PSO updation strategy is added to Dragon fly algorithm to improve the search space. In addition, Chaos theory is applied to tune the parameters of proposed HCPDS algorithm. From the experimental results, it proved that the HCPDS based proposed approach can efficiently meet the requirements of security and privacy in VANETs.

     

基于PROBE的DDOS攻击检测分析

分布式拒绝服务(DDOS)攻击是目前严重威胁网络安全和影响网站服务质量的一种攻击手段DDOS攻击就是利用多个分布式攻击源向攻击对象发送超出攻击目标处理能力的海量数据包,来消耗可用系统和带宽资源,从而导致网络服务瘫痪的一种攻击.目前有很多方法检测和防御DDOS攻击,传统的检测和防范措施是基于特征匹配的检测往往要求有一定的先验知识难以区分突发正常流量与DDOS攻击.本文通过介绍PROBE技术来检测应对DDOS攻击,并探究了PROBE在DDOS攻击检测中的应用策略.     

Detection of Low-Rate Cloud DDoS Attacks in Frequency Domain Using Fast Hartley Transform

Distributed Denial-of-Service (DDoS) attack has been a serious threat to the availability feature of cloud computing. As traditional DDoS attacks are implemented using a huge volume of malicious traffic, the detection of such attacks becomes a naive task. To evade this detection, attackers are moving towards the Low-Rate DDoS (LRDDoS) attacks. The stealthy behavior of LRDDoS attack makes it difficult to get detected due to its low volume traffic. The existing frequency-domain approaches for LRDDoS detection are not feasible in terms of computational and storage requirements. This paper aims to propose a lightweight, accurate, and adaptive approach for the detection of LRDDoS attacks in frequency-domain. In this paper, the LRDDoS attack is detected by analyzing the power spectral distribution. The novelty of the proposed approach is to calculate the power spectral density using Fast Hartley Transform (FHT). The FHT processes real-valued input data, and has low computational and storage complexities. The approach is implemented on OpenStack cloud platform, and the aggregate network traffic (external and internal) is captured and analyzed. Experimental results show that the computational and storage complexities involved in FHT are lower than other transformation algorithms’ complexities. Thus, the approach provides faster response with an average detection time of 60.16 s. The average true negative and true positive rates obtained by the proposed approach are 99.83% and 99.46% respectively, which are competitive.

     

Research on DDoS detection in multi-tenant cloud based on entropy change

An attacker compromised a number of VMs in the cloud to form his own network to launch a powerful distrib-uted denial of service (DDoS) attack.DDoS attack is a serious threat to multi-tenant cloud.It is difficult to detect which VM in the cloud are compromised and what is the attack target,especially when the VM in the cloud is the victim.A DDoS detection method was presented suitable for multi-tenant cloud environment by identifying the malicious VM at-tack sources first and then the victims.A distributed detection framework was proposed.The distributed agent detects the suspicious VM which generate the potential DDoS attack traffic flows on the source side.A central server confirms the real attack flows.The feasibility and effectiveness of the proposed detection method are verified by experiments in the multi-tenant cloud environment.     

Efficient DDoS attack detection and prevention scheme based on SDN in cloud environment

For addressing the problem of two typical types of distributed denial of service (DDoS) attacks in cloud environment,a DDoS attack detection and prevention scheme called SDCC based on software defined network (SDN) architecture was proposed.SDCC used a combination of bandwidth detection and data flow detection,utilized confidence-based filtering (CBF) method to calculate the CBF score of packets,judged the packet of CBF score below the threshold as an attacking packet,added its attribute information to the attack flow feature library,and sent the flow table to intercept it through SDN controller.Simulation results show that SDCC can detect and prevent different types of DDoS attacks effectively,and it has high detection efficiency,reduces the controller’s computation overhead,and achieves a low false positive rate.     

Design and performance analysis of an efficient single flow IP traceback technique in the AS level

Network security is a major challenge for big and small companies. The Internet topology is vulnerable to Distributed Denial of Service (DDoS) attacks as it provides an opportunity to an attacker to send a large volume of traffic to a victim, which can limit its Internet availability. The main problem in the prevention of the DDoS attack, also known as the flooding attack, is how to find the source of traffic flooding. This is because the spoofed source Internet protocol (IP) address of packets is not affected on its routing. As a result, IP traceback techniques are proposed to find the source of attack and in general, to find the source of any packet. Doing so, the IP traceback techniques can help us to prevent the Denial of Service (DoS) and DDoS attacks. In this paper, we propose an efficient Single Flow IP Traceback (SFT) technique in the Autonomous System (AS) level. Furthermore, a path signature generation algorithm is presented for detecting and filtering the spoofed traffic. Our solution assumes a secure Border Gateway Protocol (BGP)‐routing infrastructure for exchanging authenticated messages in order to learn the path signatures, and it uses a marking algorithm in the flow level for transmission of the traceback messages. Because in our technique less bits are required to mark the IP header packet, the required storage space for any unique path to the victim is significantly decreased. Compared with the other existing techniques, the obtained results demonstrate that our technique has the least marking rate, overhead processing on the middle nodes, and destination's computational cost while offering the highest accuracy in tracebacking attack.     

基于IXP 1200平台的DDoS攻击防御研究

分布式拒绝服务攻击（DDoS）已经成为互联网最大的威胁之一.提出了一种基于Intel IXP1200网络处理器平台的DDoS防御系统的设计方案,并实际实现了一个防御系统D-Fighter.提出了解决DDoS攻击的两个关键技术：数据包认证和细微流量控制的原理和方法,并在D-Fighter中设计实现.经过实际网络测试环境的应用测试表明,D-Fighter达到了设计目标,对DDoS攻击的防御有较好的效果.     

基于可延展带宽分配的卫星网络高可用性方案

随着IPTV等网络服务的蓬勃发展,以及地面互联网的接入与融合,针对空间信息网络的资源规划势在必行.同时,为了有效抵抗分布式拒绝服务(DDoS)攻击,可用性设计成为卫星正常运转的重要前提.提出了基于网络带宽资源分配的DDoS攻击防御体系,建立了有效的卫星网络拓扑结构模型,并引入了路由状态数据包的概念,设计了相应的卫星网络路由协议.在此基础上,阐述了具有延展性的网络带宽分配机理及其实现方式.根据安全性分析与实验评估结果,提出方案可在有效防范敌手攻击的同时,保障带宽资源的可延展分配,同时方案具备良好的实现性能.     

基于信号互相关的低速率拒绝服务攻击检测方法

低速率拒绝服务LDoS（Low-rate Denial of Service）攻击是一种基于TCP/IP协议漏洞,采用密集型周期性脉冲的攻击方式.本文针对分布式LDoS攻击脉冲到达目标端的时序关系,提出基于互相关的LDoS攻击检测方法.该方法通过计算构造的检测序列与采样得到的网络流量序列的相关性,得到相关序列,采用基于循环卷积的互相关算法来计算攻击脉冲经过不同传输通道在特定的攻击目标端的精确时间,利用无周期单脉冲预测技术估计LDoS攻击的周期参数,提取LDoS攻击的脉冲持续时间的相关性特征,并设计判决门限规则.实验结果表明基于信号互相关的LDoS攻击检测方法具有较好的检测性能.