Credit Based Methodology to Detect and Discriminate DDOS Attack From Flash Crowd in A Cloud Computing Environment
TL;DR: A new reputation-based framework for mitigating the DDoS in cloud by classifying the users into three categories as well- reputed, reputed and ill-reputed based on credits is proposed, expected to take the edge off DDoS off in a cloud environment and ensures full security to cloud resources.
Abstract: The latest trend in the field of computing is the migration of organizations and offloading the tasks to cloud. The security concerns hinder the widespread acceptance of cloud. Of various, the DDoS in cloud is found to be the most dangerous. Various approaches are there to defend DDoS in cloud, but have lots of pitfalls. This paper proposes a new reputation-based framework for mitigating the DDoS in cloud by classifying the users into three categories as well-reputed, reputed and ill-reputed based on credits. The fact that attack is fired by malicious programs installed by the attackers in the compromised systems and they exhibit similar characteristics used for discriminating the DDoS traffic from flash crowds. Credits of clients who show signs of similarity are decremented. This reduces the computational and storage overhead. This proposed method is expected to take the edge off DDoS in a cloud environment and ensures full security to cloud resources. CloudSim simulation results also proved that the deployment of this approach improved the resource utilization with reduced cost.
Citations
More filters
Journal Article•
TL;DR: It is shown how reflection attacks are a potential threat to the cloud which is one of the most popular and highly evolving arenas in the Internet.
Abstract: In this paper we make a comparable study of the various types of Reflector Denial of Service attacks popularly known as DRDoS attacks. We discuss their cause, effects, defense mechanisms proposed so far, the effectiveness of these defense mechanisms and their future relevance. We have also shown how reflection attacks are a potential threat to the cloud which is one of the most popular and highly evolving arenas in the Internet.
29 citations
Cites background from "Credit Based Methodology to Detect ..."
...In one of the approaches for discriminating between flash crowd and DDoS attack traffic in cloud environment[2]a credit based approach is employed where users are assorted into three classes which are well reputed, reputed and ill reputed based on credit....
[...]
...Several such surveys as ours have been produced in the past [1,2,4,6]....
[...]
Patent•
30 Jun 2015TL;DR: In this article, an abuse prevention and remediation platform is proposed to optimize cloud computing infrastructures functionality based on a tenant profile with a tenant confidence score, which is an indicator of the reputation of the tenant usage of cloud computing resources.
Abstract: Various embodiments described herein are directed to optimizing cloud computing infrastructures functionality based on an abuse prevention and remediation platform. A tenant profile may have a tenant confidence score for a tenant, the tenant confidence score being an indicator of the reputation of the tenant usage of cloud computing resources. Based on the confidence score of the tenant, one or more policies for the tenant may be identified limiting access to cloud computing resources. If the virtual internet protocol address (VIP) of the tenant is determined to be tainted, the VIP may be quarantined in a tainted VIP pool, the quarantining excluding the VIP from being selected for use until the VIP is clean. A cleanup routine may be executed, the cleanup routine communicating remedial actions for the tainted VIP. Upon completion of the cleanup routine, the VIP may be restored to a clean VIP pool.
11 citations
References
More filters
TL;DR: A discrimination algorithm using the flow correlation coefficient as a similarity metric among suspicious flows is proposed using the size and organization of current botnets and demonstrated the effectiveness of the proposed method in practice.
Abstract: Distributed Denial of Service (DDoS) attack is a critical threat to the Internet, and botnets are usually the engines behind them. Sophisticated botmasters attempt to disable detectors by mimicking the traffic patterns of flash crowds. This poses a critical challenge to those who defend against DDoS attacks. In our deep study of the size and organization of current botnets, we found that the current attack flows are usually more similar to each other compared to the flows of flash crowds. Based on this, we proposed a discrimination algorithm using the flow correlation coefficient as a similarity metric among suspicious flows. We formulated the problem, and presented theoretical proofs for the feasibility of the proposed discrimination method in theory. Our extensive experiments confirmed the theoretical analysis and demonstrated the effectiveness of the proposed method in practice.
221 citations
Additional excerpts
...Cloud, DDoS attack, Flash crowds, Reputation-based, credits....
[...]
10 Apr 2011
TL;DR: A behavior based detection that can discriminate DDoS attack traffic from traffic generated by real users is proposed and it is affirm that the proposed method can differentiate traffic of an attack source from legitimate traffic with a quick response.
Abstract: Current DDoS attacks are carried out by attack tools, worms and botnets using different packet-transmission strategies and various forms of attack packets to beat defense systems. These problems lead to defense systems requiring various detection methods in order to identify attacks. Moreover, DDoS attacks can mix their traffics during flash crowds. By doing this, the complex defense system cannot detect the attack traffic in time. In this paper, we propose a behavior based detection that can discriminate DDoS attack traffic from traffic generated by real users. By using Pearson's correlation coefficient, our comparable detection methods can extract the repeatable features of the packet arrivals. The extensive simulations were tested for the accuracy of detection. We then performed experiments with several datasets and our results affirm that the proposed method can differentiate traffic of an attack source from legitimate traffic with a quick response. We also discuss approaches to improve our proposed methods at the conclusion of this paper.
84 citations
Additional excerpts
...Cloud, DDoS attack, Flash crowds, Reputation-based, credits....
[...]
19 Oct 2009
TL;DR: This paper aims to differentiate DDoS attack flows from flash crowds, and uses abstract distance metrics, the Jeffrey distance, the Sibson distance, and the Hellinger distance to measure the similarity among flows to achieve this goal.
Abstract: Discriminating DDoS flooding attacks from flash crowds poses a tough challenge for the network security community Because of the vulnerability of the original design of the Internet, attackers can easily mimic the patterns of legitimate network traffic to fly under the radar The existing fingerprint or feature based algorithms are incapable to detect new attack strategies In this paper, we aim to differentiate DDoS attack flows from flash crowds We are motivated by the following fact: the attack flows are generated by the same prebuilt program (attack tools), however, flash crowds come from randomly distributed users all over the Internet Therefore, the flow similarity among DDoS attack flows is much stronger than that among flash crowds We employ abstract distance metrics, the Jeffrey distance, the Sibson distance, and the Hellinger distance to measure the similarity among flows to achieve our goal We compared the three metrics and found that the Sibson distance is the most suitable one for our purpose We apply our algorithm to the real datasets and the results indicate that the proposed algorithm can differentiate them with an accuracy around 65%
75 citations
Additional excerpts
...Cloud, DDoS attack, Flash crowds, Reputation-based, credits....
[...]
12 Dec 2011
TL;DR: The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.
Abstract: Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected at non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet at attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.
73 citations
02 Sep 2010
TL;DR: Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy and introduced some trust-based security mechanisms.
Abstract: Security and interoperability is the biggest challenge to promote cloud computing currently. Trust has proved to be one of the most important and effective alternative means to construct security in distributed systems. In order to efficiently and safely construct entities' trust relationship in cloud and cross-clouds environment, this paper proposed a novel cloud trust model and a new cloud security framework. The propose trust model is domain-based. It divides one cloud provider's resource nodes into the same trust domain. It designs different trust strategies for different roles. Trust recommendation is treated as one type of cloud services just like computation or storage. Based on the proposed trust model, it introduced a novel cloud security framework with an independent trust management module. Using the proposed security model, it introduced some trust-based security mechanisms. Results of simulation experiments show that the proposed security model can achieve high transaction success rate with high trust accuracy.
57 citations