基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法

吴志军; 崔奕; 岳猛

doi:10.11959/j.issn.1000-436x.2015004

您当前的位置：

首页 >

文章列表页 >

基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法

学术论文 | 更新时间：2024-06-05

- 基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法
- VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms
- 通信学报 2015年36卷第1期页码：30-37
- 作者机构：
  
  中国民航大学天津市智能信号处理重点实验室，天津 300300
- 作者简介：
  
  [ "吴志军（1965-），男，河南固始人，博士，中国民航大学教授、博士生导师，主要研究方向为网络与信息安全。" ]
  [ "崔奕（1989-），男，福建龙岩人，中国民航大学硕士生，主要研究方向为网络与信息安全。" ]
  [ "岳猛（1984-），男，河北沧州人，中国民航大学博士生、讲师，主要研究方向为网络与信息安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61170328);国家自然科学基金资助项目(U1333116);天津市应用基础与前沿技术研究计划基金资助项目(12JCZDJC20900);2013年民航科技引导基金资助项目(MHRD20130217);中国民航大学科研平台建设基金资助项目;中央高校基本科研业务费基金资助项目(3122013P007);中央高校基本科研业务费基金资助项目(3122013D007);中央高校基本科研业务费基金资助项目(3122013D003)
- DOI：10.11959/j.issn.1000-436x.2015004
  中图分类号： TP393.08
- 网络出版日期：2015-01，
  
  纸质出版日期：2015-01-25
- 稿件说明：
移动端阅览
吴志军, 崔奕, 岳猛. 基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法[J]. 通信学报, 2015,36(1):30-37.

UZhi-jun W, UIYi C, UEMeng Y. VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms[J]. Journal on communications, 2015, 36(1): 30-37.
吴志军, 崔奕, 岳猛. 基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法[J]. 通信学报, 2015,36(1):30-37. DOI： 10.11959/j.issn.1000-436x.2015004.

UZhi-jun W, UIYi C, UEMeng Y. VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms[J]. Journal on communications, 2015, 36(1): 30-37. DOI： 10.11959/j.issn.1000-436x.2015004.

摘要

防御分布式拒绝服务DDoS（distributed denial of service）攻击是云计算平台安全保护中的一个关键问题。在研究大规模网络防御DDoS攻击的安全覆盖服务SOS（security overlay service）方法的基础上，揭示了SOS在节点被攻击时退出机制存在的安全漏洞，根据云计算路由策略改进了一致性散列算法 Chord，提出了适用于云计算路由平台3层架构的虚拟散列安全访问路径VHSAP（virtualization hash security access path），在安全访问路径中引入了心跳机制，利用虚拟机技术实现弹性的虚拟节点，完成在云平台中被攻击节点之间的无缝切换，保证用户对云计算平台的安全访问。针对VHSAP防御DDoS的性能进行了仿真实验，重点研究了在散列安全访问路径HSAP中被攻击节点数和切换时延等参数，并将实验结果与SOS方法进行了比较。实验结果表明在DDoS攻击下，VHSAP具有较高的数据通过率，可以提高云计算平台的安全性。

Abstract

Based on the analysis of security overlay service (SOS) approach of defending against DDoS attacks in large scale network

the vulnerability in the exit mechanism of being attacked nodes in SOS approach is explored.The vulnerability is solved by improving the Chord algorithm according to the routing strategy in cloud computing.Hence

the virtualization hash security access path (VHSAP) in three-layer structure is proposed to protect the cloud computing platform.In VHSAP

the heartbeat mechanism is applied to realize virtual nodes by using the virtual technology.Therefore

the virtual nodes have the ability of resilience

which can complete the seamless switching between being attacked nodes in cloud computing platform

and guarantee the legitimate user's authority of accessing to the resource in cloud computing platform.Experiments of VHSAP defending against DDoS attacks are carried out in simulation network environment.The parameters

such as the number of being attacked nodes in hash secure access path (HSAP)

and the switching time and the handoff delay between nodes

are focused in experiments.The result shows that VHSAP achieves a higher data pass rate than that of SOS approach

and enhances the security of cloud computing platform.

关键词

Keywords

references

孙长华，刘斌．分布式拒绝服务攻击研究新进展综述 [J ] ．电子学报， 2009 , 37 ( 7 ): 1563 - 1568 .

SUN C H , LIU B . Survey on new solutions against distributed denial of service attacks [J ] . ACTA Electronica Sinica , 2009 , 37 ( 7 ): 1563 - 1568 .

冯登国，张敏，张妍等．云计算安全研究 [J ] ．软件学报， 2012 , 22 ( 1 ): 72 - 81 .

FENG D G , ZHANG M , ZHANG Y , et al . Study on cloud computing security [J ] . Journal of Software , 2012 , 22 ( 1 ): 72 - 81 .

KEROMYTIS A D , MISRA V , RUBENSTEIN D . SOS:an architecture for mitigating DDoS attacks [J ] . IEEE Journal on Selected Areas in Communications , 2004 , 22 ( 1 ): 176 - 187 .

STAVROU A , KEROMYTIS A D . Countering DoS attacks with stateless multipath overlays [A ] . Proceedings of the 12th ACM Conference on Computer and Communications Security CCS '05 , Alexandria,Virginia,USA , 2005 . 249 - 259 .

XUAN D , CHELLAPPAN S , WANG X , et al . Analyzing the secure overlay services architecture under intelligent DDoS attacks [A ] . Proceedings of the 24th International Conference on Distributed Computing Systems , Tokyo Japan , 2004 . 408 - 417 .

WANG X , CHELLAPPAN S , BOYER P , et al . On the effectiveness of secure overlay forwarding systems under intelligent distributed DoS attacks [J ] . IEEE Transactions on Parallel and Distributed Systems , Tokyo Japan , 2006 , 17 ( 7 ): 619 - 632 .

IN C H , HONG C S , WEI J , et al . An enhanced SOS architecture for DDoS attack defense using active network technology [A ] . Proceedings of Advanced Industrial Conference on Telecommunications/ Service Assurance with Partial and Intermittent Resources Conference/ELearning on Telecommunications Workshop [C ] . Lisbon,Portugal , 2005 . 90 - 95 .

KAUR R , SANGA A L , KUMAR K . Secure overlay services (SOS):a critical analysis [A ] . 2012 2nd IEEE International Conference on Parallel,Distributed and Grid Computing [C ] . Ottawa,Canada , 2012 . 457 - 462 .

卢国强．云计算泛联路由平台 [J ] ．信息安全与技术， 2010 ,( 8 ): 106 - 108 .

LU G Q . Tum routing platform in cloud computing [J ] . Information Security and Technology , 2010 ,( 8 ): 106 - 108 .

DING S L , ZHAO X H . Analysis and improvement on Chord protocol for structured P2P [A ] . IEEE 3rd International Conference on Communication Software and Networks , 2011 . 214 - 218 .

THIRUVATHUKAL G K , HINSEN K , LÄUFER K , et al . Virtualization for computational scientists [J ] . Computing in Science ＆ Engineering , 2010 , 12 ( 4 ): 52 - 60 .

邓谦．基于Hadoop的云计算安全机制研究 [D ] ．南京：南京邮电大学， 2013 .

DENG Q . Research on Security Mechanism of Cloud Computing Based on Hadoop [D ] . Nanjing : Nanjing University , 2013 .

ZHU H , CHEN H P . Adaptive failure detection VIA heartbeat under hadoop [A ] . 2011 IEEE Asia-Pacific Services Computing Conference [C ] . Jeju,Korea , 2011 . 231 - 238 .

赵永利，张杰． OMNeT++与网络仿真 [M ] ．北京：人民邮电出版社， 2012 .

ZHAO Y L , ZHANG J . OMNeT++and Network Simulation [M ] . Beijing : Posts ＆Telecom Press 2012 .

浏览量

704

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

云环境下协同作业的密码服务优化调度算法

M-RSF：面向Unikernel的一种多级反馈队列任务调度机制

基于强化学习的在线离线混部云环境下的调度框架

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案

公有云中身份基多源IoT终端数据PDP方案