基于熵变的多租户云内DDoS检测方法研究

王淼; 王利明; 徐震; 马多贺

doi:10.11959/j.issn.1000-436x.2016268

您当前的位置：

首页 >

文章列表页 >

基于熵变的多租户云内DDoS检测方法研究

学术通信 | 更新时间：2024-06-05

- 基于熵变的多租户云内DDoS检测方法研究
- Research on DDoS detection in multi-tenant cloud based on entropy change
- 通信学报 2016年37卷第Z1期页码：204-210
- 作者机构：
- 作者简介：
  
  [ "王淼（1991-），女，河北廊坊人，中国科学院信息工程研究所硕士生，主要研究方向为云安全、网络与系统安全。" ]
  [ "王利明（1978-），男，内蒙古赤峰人，博士，中国科学院信息工程研究所副研究员，主要研究方向为网络与系统安全、云安全、通信安全等。" ]
  [ "徐震（1976-），男，山西大同人，博士，中国科学院信息工程研究所正高级工程师、博士生导师，主要研究方向为数据库安全、网络与系统安全、智能设备安全、云安全等。" ]
  [ "马多贺（1982-），男，安徽六安人，博士，中国科学院信息工程研究所信息安全国家重点实验室助理研究员，主要研究方向为网络安全、云安全、拟态安全、移动目标防御等。" ]
- 基金信息：
  
  国家高技术研究发展计划（“863”计划）基金资助项目(2015AA016106);中国科学院先导专项基金资助项目(XDA06010701);中国科学院先导专项基金资助项目(XDA06010306)
- DOI：10.11959/j.issn.1000-436x.2016268
  中图分类号： TP302
- 网络出版日期：2016-10，
  
  纸质出版日期：2016-10-25
- 稿件说明：
移动端阅览
王淼, 王利明, 徐震, 等. 基于熵变的多租户云内DDoS检测方法研究[J]. 通信学报, 2016,37(Z1):204-210.

Miao WANG, Li-ming WANG, Zhen XU, et al. Research on DDoS detection in multi-tenant cloud based on entropy change[J]. Journal on communications, 2016, 37(Z1): 204-210.
王淼, 王利明, 徐震, 等. 基于熵变的多租户云内DDoS检测方法研究[J]. 通信学报, 2016,37(Z1):204-210. DOI： 10.11959/j.issn.1000-436x.2016268.

Miao WANG, Li-ming WANG, Zhen XU, et al. Research on DDoS detection in multi-tenant cloud based on entropy change[J]. Journal on communications, 2016, 37(Z1): 204-210. DOI： 10.11959/j.issn.1000-436x.2016268.

摘要

分布式拒绝服务（DDoS）是攻击者通过入侵云内虚拟机组成攻击网络，以威胁多租户云系统安全的攻击。多租户云系统DDoS攻击检测难点在于如何确定攻击源虚拟机和攻击目标，尤其当攻击目标为云内主机时。提出一种基于熵度量的DDoS攻击检测方法，根据云环境特点在优先定位攻击源基础上再确定攻击目标，检测多租户云系统内发起的DDoS攻击。提出分布式检测架构，利用检测代理发现潜在攻击源端的可疑攻击流量，检测服务器识别DDoS攻击的真正攻击流。理论和实验分析验证了提出方法的可行性和有效性。

Abstract

An attacker compromised a number of VMs in the cloud to form his own network to launch a powerful distrib-uted denial of service (DDoS) attack.DDoS attack is a serious threat to multi-tenant cloud.It is difficult to detect which VM in the cloud are compromised and what is the attack target

especially when the VM in the cloud is the victim.A DDoS detection method was presented suitable for multi-tenant cloud environment by identifying the malicious VM at-tack sources first and then the victims.A distributed detection framework was proposed.The distributed agent detects the suspicious VM which generate the potential DDoS attack traffic flows on the source side.A central server confirms the real attack flows.The feasibility and effectiveness of the proposed detection method are verified by experiments in the multi-tenant cloud environment.

关键词

Keywords

references

Amazon Inc . Amazon elastic compute cloud (Amazon EC2) [EB/OL ] . http://aws.amazon.com/ec2/ http://aws.amazon.com/ec2/ , 2011 .

CHOWDHURY N M M K , BOUTABA R . A survey of network virtu-alization [J ] . Computer Networks , 2010 , 54 ( 5 ): 862 - 876 .

HASHIZUME K , ROSADO D G , FERNÁNDEZ-MEDINA E , et al . An analysis of security issues for cloud computing [J ] . Journal of Inter-net Services and Applications , 2013 , 4 ( 1 ): 1 .

JASTI A , SHAH P , NAGARAJ R , et al . Security in multi-tenancy cloud[C]//2010 IEEE International Carnahan Conference on Security Technology (ICCST) . 2010 : 35 - 41 .

MIRKOVIC J , REIHER P . A taxonomy of DDoS attack and DDoS defense mechanisms [J ] . ACM SIGCOMM Computer Communication Review , 2004 , 34 ( 2 ): 39 - 53 .

PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems [J ] . ACM Computing Surveys (CSUR) , 2007 , 39 ( 1 ): 3 .

BHUYAN M H , KASHYAP H J , BHATTACHARYYA D K , et al . Detecting distributed denial of service attacks:methods,tools and fu-ture directions [J ] . Computer Journal , 2013 , 57 ( 4 ): 537 - 556 .

FEINSTEIN L , SCHNACKENBERG D , BALUPARI R , et al . Statis-tical approaches to DDoS attack detection and response[C]//DARPA Information Survivability Conference and Exposition . 2003 : 303 - 314 .

YI F , YU S , ZHOU W , et al . Source-based filtering scheme against DDOS attacks [J ] . International Journal of Database Theory and Ap-plication , 2008 , 1 ( 1 ): 9 - 20 .

CHOUHAN V , PEDDOJU S K . Packet monitoring approach to pre-vent DDoS attack in cloud computing [J ] . International Journal of Computer Science and Electrical Engineering (IJCSEE) ISSN . 2013 : 2315 - 4209 .

GAVASKAR S , SURENDIRAN R , RAMARAJ D E . Three counter defense mechanism for TCP SYN flooding attacks [J ] . International Journal of Computer Applications , 2010 , 6 ( 6 ): 0975 - 8887 .

RAI M K , MISHRA V S . Detection of UDP and HTTP anomalies on real time traffic based on NIDS using OURMON tool [J ] . 2015 .

SHANNON C E . A mathematical theory of communication [J ] . ACM SIGMOBILE Mobile Computing and Communications Review , 2001 , 5 ( 1 ): 3 - 55 .

KUMAR K , JOSHI R C , SINGH K . A distributed approach using entropy to detect DDoS attacks in ISP domain[C]//2007 International Conference on Signal Processing,Communications and Networking.IEEE , 2007 : 331 - 337 .

DAVID J , THOMAS C . DDoS attack detection using fast entropy approach on flow-based network traffic [J ] . Procedia Computer Science , 2015 , 50 : 30 - 36 .

XIANG Y , LI K , ZHOU W . Low-rate DDoS attacks detection and traceback by using new information metrics [J ] . IEEE Transactions on Information Forensics and Security , 2011 , 6 ( 2 ): 426 - 437 .

BHUYAN M H , BHATTACHARYYA D K , KALITA J K . An empiri-cal evaluation of information metrics for low-rate and high-rate DDoS attack detection [J ] . Pattern Recognition Letters , 2015 , 51 : 1 - 7 .

TAO Y , YU S . DDoS attack detection at local area networks using information theoretical metrics[C]//2013 12th IEEE International Conference on Trust,Security and Privacy in Computing and Commu-nications.IEEE , 2013 : 233 - 240 .

AIN A , BHUYAN M H , BHATTACHARYYA D K , et al . Rank corre-lation for low-rate DDoS attack detection:an empirical evaluation [J ] . International Journal of Network Security , 2016 , 18 ( 3 ): 474 - 480 .

浏览量

531

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于超算环境的面向多租户的轻量级虚拟HPC集群的设计与实现

基于信任度和确定度的证据加权组合方法

基于业务流程的ERP信息安全进化熵的风险评估

云应用引擎的资源监控和计费机制研究

信息系统的模糊风险评估模型