DDoS attack protection in the era of cloud computing and Software-Defined Networking
TL;DR: A DDoS attack mitigation architecture that integrates a highly programmable network monitoring to enable attack detection and a flexible control structure to allow fast and specific attack reaction and a graphic model based attack detection system that can deal with the dataset shift problem are proposed.
About: This article is published in Computer Networks.The article was published on 2015-04-22. It has received 272 citations till now. The article focuses on the topics: Application layer DDoS attack & DDoS mitigation.
Citations
More filters
TL;DR: This survey presents a comprehensive overview of the security issues for different factors affecting cloud computing, and encompasses the requirements for better security management and suggests 3-tier security architecture.
340 citations
TL;DR: This paper presents various security threats that are resolved by SDN and new threats that arise as a result of SDN implementation, and the main ongoing research efforts, challenges, and research trends in this area are discussed.
Abstract: Software-defined networking (SDN) is an emerging paradigm, which breaks the vertical integration in traditional networks to provide the flexibility to program the network through (logical) centralized network control. SDN has the capability to adapt its network parameters on the fly based on its operating environment. The decoupled structure of SDN serves as a solution for managing the network with more flexibility and ease. In SDN, the centralized cost effective architecture provides network visibility which helps to achieve efficient resource utilization and high performance. Due to the increasingly pervasive existence of smart programmable devices in the network, SDN provides security, energy efficiency, and network virtualization for enhancing the overall network performance. We present various security threats that are resolved by SDN and new threats that arise as a result of SDN implementation. The recent security attacks and countermeasures in SDN are also summarized in the form of tables. We also provide a survey on the different strategies that are implemented to achieve energy efficiency and network security through SDN implementation. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts, challenges, and research trends in this area. With this paper, readers can have a more thorough understanding of SDN architecture, different security attacks and countermeasures, and energy efficiency.
270 citations
TL;DR: This paper reviews 96 publications on DDoS attack and defense approaches in cloud computing published between January 2009 and December 2015, and discusses existing research trends.
253 citations
TL;DR: Various Decision Engine (DE) approaches are described, including new ensemble learning and deep learning approaches, and cyber kill chain models and cyber-attacks that compromise network systems are explained.
206 citations
TL;DR: A systematic analysis of distributed denial-of-service attacks including motivations and evolution, analysis of different attacks so far, protection techniques and mitigation techniques, and possible limitations and challenges of existing research are provided.
Abstract: Distributed denial-of-service is one kind of the most highlighted and most important attacks of today’s cyberworld. With simple but extremely powerful attack mechanisms, it introduces an immense th...
199 citations
References
More filters
31 Mar 2008
TL;DR: This whitepaper proposes OpenFlow: a way for researchers to run experimental protocols in the networks they use every day, based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries.
Abstract: This whitepaper proposes OpenFlow: a way for researchers to run experimental protocols in the networks they use every day. OpenFlow is based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries. Our goal is to encourage networking vendors to add OpenFlow to their switch products for deployment in college campus backbones and wiring closets. We believe that OpenFlow is a pragmatic compromise: on one hand, it allows researchers to run experiments on heterogeneous switches in a uniform way at line-rate and with high port-density; while on the other hand, vendors do not need to expose the internal workings of their switches. In addition to allowing researchers to evaluate their ideas in real-world traffic settings, OpenFlow could serve as a useful campus component in proposed large-scale testbeds like GENI. Two buildings at Stanford University will soon run OpenFlow networks, using commercial Ethernet switches and routers. We will work to encourage deployment at other schools; and We encourage you to consider deploying OpenFlow in your university network too
9,138 citations
"DDoS attack protection in the era o..." refers background in this paper
...The network controller is in charge of the entire network through a vendor-independent interface such as OpenFlow [12], which defines the low-level packet forwarding behaviors in the data plane....
[...]
Book•
24 Aug 2012
TL;DR: This textbook offers a comprehensive and self-contained introduction to the field of machine learning, based on a unified, probabilistic approach, and is suitable for upper-level undergraduates with an introductory-level college math background and beginning graduate students.
Abstract: Today's Web-enabled deluge of electronic data calls for automated methods of data analysis. Machine learning provides these, developing methods that can automatically detect patterns in data and then use the uncovered patterns to predict future data. This textbook offers a comprehensive and self-contained introduction to the field of machine learning, based on a unified, probabilistic approach. The coverage combines breadth and depth, offering necessary background material on such topics as probability, optimization, and linear algebra as well as discussion of recent developments in the field, including conditional random fields, L1 regularization, and deep learning. The book is written in an informal, accessible style, complete with pseudo-code for the most important algorithms. All topics are copiously illustrated with color images and worked examples drawn from such application domains as biology, text processing, computer vision, and robotics. Rather than providing a cookbook of different heuristic methods, the book stresses a principled model-based approach, often using the language of graphical models to specify models in a concise and intuitive way. Almost all the models described have been implemented in a MATLAB software package--PMTK (probabilistic modeling toolkit)--that is freely available online. The book is suitable for upper-level undergraduates with an introductory-level college math background and beginning graduate students.
8,059 citations
"DDoS attack protection in the era o..." refers background in this paper
...Considering the fact that network traffic is usually low dimension data (the number of cases is far greater than the number of features), the Chow–Liu algorithm [14] is a good choice because it surpasses other algorithms when learning from low dimension data [15]....
[...]
Book•
31 Jul 2009TL;DR: The framework of probabilistic graphical models, presented in this book, provides a general approach for causal reasoning and decision making under uncertainty, allowing interpretable models to be constructed and then manipulated by reasoning algorithms.
Abstract: Most tasks require a person or an automated system to reason -- to reach conclusions based on available information The framework of probabilistic graphical models, presented in this book, provides a general approach for this task The approach is model-based, allowing interpretable models to be constructed and then manipulated by reasoning algorithms These models can also be learned automatically from data, allowing the approach to be used in cases where manually constructing a model is difficult or even impossible Because uncertainty is an inescapable aspect of most real-world applications, the book focuses on probabilistic models, which make the uncertainty explicit and provide models that are more faithful to reality Probabilistic Graphical Models discusses a variety of models, spanning Bayesian networks, undirected Markov networks, discrete and continuous models, and extensions to deal with dynamical systems and relational data For each class of models, the text describes the three fundamental cornerstones: representation, inference, and learning, presenting both basic concepts and advanced techniques Finally, the book considers the use of the proposed framework for causal reasoning and decision making under uncertainty The main text in each chapter provides the detailed technical development of the key ideas Most chapters also include boxes with additional material: skill boxes, which describe techniques; case study boxes, which discuss empirical cases related to the approach described in the text, including applications in computer vision, robotics, natural language understanding, and computational biology; and concept boxes, which present significant concepts drawn from the material in the chapter Instructors (and readers) can group chapters in various combinations, from core topics to more technically advanced material, to suit their particular needs
6,597 citations
"DDoS attack protection in the era o..." refers methods in this paper
...We exercise feature selection [13] on a large feature set....
[...]
02 May 2005
TL;DR: The design options for migrating OSes running services with liveness constraints are considered, the concept of writable working set is introduced, and the design, implementation and evaluation of high-performance OS migration built on top of the Xen VMM are presented.
Abstract: Migrating operating system instances across distinct physical hosts is a useful tool for administrators of data centers and clusters: It allows a clean separation between hard-ware and software, and facilitates fault management, load balancing, and low-level system maintenance.By carrying out the majority of migration while OSes continue to run, we achieve impressive performance with minimal service downtimes; we demonstrate the migration of entire OS instances on a commodity cluster, recording service downtimes as low as 60ms. We show that that our performance is sufficient to make live migration a practical tool even for servers running interactive loads.In this paper we consider the design options for migrating OSes running services with liveness constraints, focusing on data center and cluster environments. We introduce and analyze the concept of writable working set, and present the design, implementation and evaluation of high-performance OS migration built on top of the Xen VMM.
3,186 citations
IBM1
TL;DR: It is shown that the procedure derived in this paper yields an approximation of a minimum difference in information when applied to empirical observations from an unknown distribution of tree dependence, and the procedure is the maximum-likelihood estimate of the distribution.
Abstract: A method is presented to approximate optimally an n -dimensional discrete probability distribution by a product of second-order distributions, or the distribution of the first-order tree dependence. The problem is to find an optimum set of n - 1 first order dependence relationship among the n variables. It is shown that the procedure derived in this paper yields an approximation of a minimum difference in information. It is further shown that when this procedure is applied to empirical observations from an unknown distribution of tree dependence, the procedure is the maximum-likelihood estimate of the distribution.
2,854 citations
"DDoS attack protection in the era o..." refers background in this paper
...Considering the fact that network traffic is usually low dimension data (the number of cases is far greater than the number of features), the Chow–Liu algorithm [14] is a good choice because it surpasses other algorithms when learning from low dimension data [15]....
[...]