nach oben

Cluster Computing

Erschienen in:

02.01.2020

An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments

verfasst von: Sasha Mahdavi Hezavehi, Rouhollah Rahmani

Erschienen in: Cluster Computing | Ausgabe 4/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Today, the providers of cloud computing services are among the most prominent service suppliers worldwide. Availability of cloud services is one of the most important concerns of cloud service providers (CSPs) and cloud users (CUs). Distributed Denial of Service (DDoS) attacks are common types of security issues which affect cloud services and consequently, can lead to unavailability of the services. Therefore, reducing the effects of DDoS attacks helps CSPs to provide high quality services to CUs. In this paper, first, we propose an anomaly-based DDoS attack detection framework in cloud environment using a third party auditor (TPA). Second, we provide multiple basic assumptions and configurations of cloud environments for establishing simulation tests to evaluate our proposed framework. Then, we provide results of simulation tests to analyze the feasibility of our approach. Simulation results demonstrate that our method for detecting DDoS attacks in CSPs has following advantages: efficiency, because of the low overhead of computations on CSPs for attack detection; rapid, due to informing a CSP about an attack in a short course of time regarding the maximum valid response time which is defined in a service level agreement (SLA); and precision, through no false positive detection as well as a low rate of false negative detection which is < 2% of all scenarios of the simulation tests. Finally, we present a table to compare characteristics of our framework with other ones in the literature.

Vorheriger Artikel A server-side accelerator framework for multi-core CPUs and Intel Xeon Phi co-processor systems

Nächster Artikel Efficient VM migrations using forecasting techniques in cloud computing: a comprehensive review

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Popović, K., Hocenski, Ž.: Cloud computing security issues and challenges. In: 2010 MIPRO Proceedings of the 33rd International Convention. pp 344–349

Hutchings, A., Smith, R.G., James, L.: Cloud computing for small business: criminal and security threats and prevention measures. Trends Issues Crime Crim Justice (456), 1 (2013)

Maghrabi, L.A.: The threats of data security over the Cloud as perceived by experts and university students. In: 2014 World Symposium on Computer Application and Research (WSCAR), pp. 1–6

Velev, D., Zlateva, P.: (2011) Cloud infrastructure security. In: Camenisch, J., Dubovitskaya, M. (eds.) Open Research Problems in Network Security, pp 140–148. Springer, Berlin, 2011CrossRef

Fernandes, D.A.B., Soares, L.F.B., Gomes, J.V., Freire, M.M., Inácio, P.R.M.: Security issues in cloud environments: a survey. Int. J. Inf. Secur. 13, 113–170 (2014)CrossRef

Zlomislić, V., Fertalj, K., Sruk, V.: Denial of service attacks, defences and research challenges. Cluster Comput. 20, 661–671 (2017)CrossRef

Khaldi, A., Karoui, K., Tanabene, N., Ben, G.H.: (2014) A secure cloud computing architecture design. In: 2014 2nd IEEE International Conference Mobile Cloud Computing, Services, and Engineering (MobileCloud), pp 289–294

MacDermott, A., Shi, Q., Merabti, M., Kifiyat, K.: Considering an elastic scaling model for cloud security. In: 2013 8th International Conference on Internet Technology and Secured Transactions, pp 150–155

Darwish, M., Ouda, A., Capretz, L.F.: Cloud-based DDoS attacks and defenses. In: 2013 International conference Information Society (i-Society), pp 67–71

10.

Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for DDoS attack defense in cloud environment. Future Gener. Comput. Syst. 29, 1838–1850 (2013)CrossRef

11.

Navaz, A.S., Sangeetha, V., Prabhadevi, C.: Entropy based anomaly detection system to prevent DDoS attacks in cloud. arXiv Prepr. arXiv1308.6745 (2013)

12.

Wang, Q., Wang, C., Li, J., Ren, K., Lou, W.: Enabling public verifiability and data dynamics for storage security in cloud computing. In: 2009 European Symposium on Research in Computer Security, pp. 355–370

13.

Security guidance for critical areas of focus in cloud computing. (2009). https://www.cloudsecurityalliance.org

14.

Wang, C., Chow, S.S.M., Wang, Q., Ren, K., Lou, W.: Privacy-preserving public auditing for secure cloud storage. Comput. IEEE Trans. 62, 362–375 (2013)MathSciNetCrossRef

15.

Ismail, M.N., Aborujilah, A., Musa, S., Shahzad, A.: Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach. In: 2013 7th International Conference on Ubiquitous Information Management and Communication, p. 36

16.

Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015)CrossRef

17.

Choi, J., Choi, C., Ko, B., Choi, D., Kim, P.: Detecting web based DDoS attack using MapReduce operations in cloud computing environment. J. Internet Serv. Inf. Secur. 3, 28–37 (2013)

18.

Lonea, A.M., Popescu, D.E., Tianfield, H.: Detecting DDoS attacks in cloud computing environment. Int. J. Comput. Commun. Control 8, 70–78 (2013)CrossRef

19.

Negi, P., Mishra, A., Gupta, B.B.: Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv Prepr. arXiv1304.7073 (2013)

20.

Contractor, D., Patel, D.: Trust management framework for attenuation of application layer ddos attack in cloud computing. Trust Manag. VI, 201–208. (2012)

21.

Karnwal, T., Sivakumar, T., Aghila, G.: A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In: 2012 IEEE Students’ Conference on Electrical, Electronics and Computer Science, pp. 1–5

22.

Chonka, A., Xiang, Y., Zhou, W., Bonti, A.: Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J. Netw. Comput. Appl. 34, 1097–1107 (2011)CrossRef

23.

Yu, S., Tian, Y., Guo, S., Wu, D.O.: Can we beat DDoS attacks in clouds? IEEE Trans. Parallel Distrib Syst. 25, 2245–2254 (2014)CrossRef

24.

Rajendran, R., Kumar, S.V.N.S., Palanichamy, Y., Arputharaj, K.: Detection of DoS attacks in cloud networks using intelligent rule based classification system. Cluster Comput. 22, 423–434 (2019)CrossRef

25.

Osanaiye, O., Cai, H., Choo, K.-K.R., Dehghantanha, A., Xu, Z., Dlodlo, M.: Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw. (2016). https://doi.org/10.1186/s13638-016-0623-3CrossRef

26.

Yang, C.: Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput. 22, 8309–8317 (2018)CrossRef

27.

Wahab, O.A., Bentahar, J., Otrok, H., Mourad, A.: Optimal load distribution for the detection of VM-based DDoS attacks in the cloud. IEEE Trans. Serv. Comput. (2017). https://doi.org/10.1109/TSC.2017.2694426CrossRef

28.

Velliangiri, S., Premalatha, J.: Intrusion detection of distributed denial of service attack in cloud. Cluster Comput. 22, 10615–10623 (2017)CrossRef

29.

Salman, T., Bhamare, D., Erbad, A., Jain, R., Samaka, M.: Machine learning for anomaly detection and categorization in multi-cloud environments. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud, pp. 97–103

30.

Abbasi, H., Ezzati-Jivan, N., Bellaiche, M., Talhi, C., Dagenais, M.R.: Machine learning-based EDoS attack detection technique using execution trace analysis. J. Hardw. Syst. Secur. 3, 164–176 (2019)CrossRef

31.

Ficco, M., Palmieri, F.: Introducing fraudulent energy consumption in cloud infrastructures: a new generation of denial-of-service attacks. IEEE Syst. J. 11, 460–470 (2017)CrossRef

32.

Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput. Appl. 28, 3655–3682 (2017)CrossRef

33.

Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)CrossRef

34.

Tari, Z., Yi, X., Premarathne, U.S., Bertok, P., Khalil, I.: Security and privacy in cloud computing: vision, trends, and challenges. IEEE Cloud Comput 2, 30–38 (2015)CrossRef

35.

Calheiros, R.N., Ranjan, R., Beloglazov, A., De Rose, C.A.F., Buyya, R.: CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms. Softw. Pract. Exp. 41, 23–50 (2011)CrossRef

36.

Anagnostopoulos, M., Kambourakis, G., Gritzalis, S.: New facets of mobile botnet: architecture and evaluation. Int. J. Inf. Secur. 15, 455–473 (2016)CrossRef

37.

Ross, S.A., Halderman, J.A., Finkelstein, A. Sketcha: a captcha based on line drawings of 3d models. In: 2010 Proceedings of the 19th International Conference on World Wide Web, pp. 821–830

38.

Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34, 39–53 (2004)CrossRef

Titel: An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments
verfasst von: Sasha Mahdavi Hezavehi
Rouhollah Rahmani
Publikationsdatum: 02.01.2020
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 4/2020
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-019-03031-y

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2020

Bio-inspired virtual machine placement schemes in cloud computing environment: taxonomy, review, and future research directions

An efficient load balancing system using adaptive dragonfly algorithm in cloud computing

Security aware index based quasi–identifier approach for privacy preservation of data sets for cloud applications

Improved water cycle algorithm with probabilistic neural network to solve classification problems

A novel deep neural networks based path prediction

An energy-efficient algorithm for virtual machine placement optimization in cloud data centers

Premium Partner