云计算中基于SAPA的DoS攻击防御方法

岳猛; 李坤; 吴志军

doi:10.11959/j.issn.1000-436x.2017079

您当前的位置：

首页 >

文章列表页 >

云计算中基于SAPA的DoS攻击防御方法

学术论文 | 更新时间：2024-06-05

- 云计算中基于SAPA的DoS攻击防御方法
- SAPA-based approach for defending DoS attacks in cloud computing
- 通信学报 2017年38卷第4期页码：129-139
- 作者机构：
  
  中国民航大学电子信息与自动化学院，天津 300300
- 作者简介：
  
  [ "岳猛（1984-），男，河北沧州人，天津大学博士生，中国民航大学讲师，主要研究方向为网络安全、云计算。" ]
  [ "李坤（1989-），男，新疆奎屯人，中国民航大学硕士生，主要研究方向为网络与信息安全。" ]
  [ "吴志军（1965-），男，河南固始人，博士，中国民航大学教授、博士生导师，主要研究方向为网络与信息安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61601467);国家自然科学基金资助项目(U1533107);国家自然科学基金资助项目(U1433105);中央高校基本科研业务费基金资助项目(3122016D005)
- DOI：10.11959/j.issn.1000-436x.2017079
  中图分类号： TP393.08
- 网络出版日期：2017-04，
  
  纸质出版日期：2017-04-25
- 稿件说明：
移动端阅览
岳猛, 李坤, 吴志军. 云计算中基于SAPA的DoS攻击防御方法[J]. 通信学报, 2017,38(4):129-139.

Meng YUE, Kun LI, Zhi-jun WU. SAPA-based approach for defending DoS attacks in cloud computing[J]. Journal on communications, 2017, 38(4): 129-139.
岳猛, 李坤, 吴志军. 云计算中基于SAPA的DoS攻击防御方法[J]. 通信学报, 2017,38(4):129-139. DOI： 10.11959/j.issn.1000-436x.2017079.

Meng YUE, Kun LI, Zhi-jun WU. SAPA-based approach for defending DoS attacks in cloud computing[J]. Journal on communications, 2017, 38(4): 129-139. DOI： 10.11959/j.issn.1000-436x.2017079.

摘要

拒绝服务（DoS

denial of service）攻击是云计算平台面临的主要安全威胁之一。安全访问路径算法（SAPA

security access path algorithm）通过节点路由表（NRT

node route table）合成安全路径，简化了传统安全覆盖网服务（SOS

secure overlay services）的角色节点，并采用周期性更新角色节点以及缓存安全访问路径的策略。SAPA更适用于云计算平台防御DoS攻击。基于云计算泛联路由架构，建立SAPA的数学模型并对其性能进行理论分析。通过OMNeT++实验平台测试SAPA的性能，并将实验场景扩展到Test-bed平台来评估SAPA对DoS攻击的防御效果。实验结果表明，相较于SOS方法，SAPA能够更有效地降低DoS攻击对通信成功率的影响，并保证足够小的访问延时。

Abstract

Denial of service (DoS) attack was one of the major threats to cloud computing.Security access path algorithm (SAPA) used node route table (NRT) to compose security access path.It simplified role nodes of traditional secure overlay services (SOS)

and periodically updated role nodes

and cached security access paths.Therefore

SAPA was more appropriate for cloud computing to defend DoS attacks.Based on the turn routing architecture of cloud computing

the mathematical model of SAPA was built and its performance was analyzed in theory.The performance of SAPA was tested in OMNeT++ experimental platform.Also

the Test-bed experiments were performed to evaluate the effectiveness of SAPA for defending DoS attack.Experimental results show that comparing with SOS

SAPA can degrade the impact of communication success rate caused by DoS attack effectively

and guarantees the access delay small enough.

关键词

Keywords

references

CHANG R K C . Defending against flooding-based distributed denial-of-service attacks:a tutorial [J ] . IEEE Communications Magazine , 2002 , 40 ( 10 ): 42 - 51 .

CHONKA A , XIANG Y , ZHOU W L , et al . Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks [J ] . Journal of Network and Computer Applications , 2011 , 34 ( 4 ): 1097 - 1107 .

YU S , TIAN Y H , GUO S , et al . Can we beat DDoS attacks in clouds? [J ] . IEEE Transactions on Parallel and Distributed Systems , 2014 , 25 ( 9 ): 2245 - 2254 .

GIRMA A , GARUBA M , LI J , et al . Analysis of DDoS attacks and an introduction of a hybrid statistical model to detect ddos attacks on cloud computing environment [C ] // 12th International Conference on Information Technology-New Generations . 2015 : 212 - 217 .

OSANAIYE O A , DLODLO M . TCP/IP header classification for detecting spoofed DDoS attack in Cloud environment [C ] // EUROCON 2015 International Conference on Computer as a Tool . 2015 : 1 - 6 .

LIU Z G , YIN X C , LEE H J . A new network flow grouping method for preventing periodic shrew DDoS attacks in cloud computing [C ] // 2016 18th International Conference on Advanced Communication Technology (ICACT) . 2016 : 66 - 69 .

韩志杰 , 段晓阳 . 基于云计算平台的防御拒绝服务攻击方法 [J ] . 信息化研究 , 2011 , 37 ( 5 ): 67 - 69 .

HAN Z J , DUAN X Y . Defense strategy of denial of service attacks based on cloud computing platform [J ] . Informatization Research , 2011 , 37 ( 5 ): 67 - 69 .

韩伟 . 基于 Hadoop 云计算平台下 DDoS 攻击防御研究 [D ] . 太原:太原科技大学 , 2011 .

HAN W . DDoS attack defense research based on Hadoop cloud computing platform [D ] . Taiyuan:Taiyuan University of Science and Technology , 2011 .

吴志军 , 崔奕 , 岳猛 . 基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法 [J ] . 通信学报 , 2015 , 36 ( 1 ): 1 - 8 .

WU Z J , CUI Y , YUE M . VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms [J ] . Journal on Communications , 2015 , 36 ( 1 ): 1 - 8 .

KEROMYTIS A D , MISRA V , RUBENSTEIN D . SOS:secure overlay services [C ] // The 2002 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications . 2002 .

KEROMYTIS A D , MISRA V , RUBENSTEIN D . SOS:an architecture for mitigating DDoS attacks [J ] . IEEE Journal on Selected Areas in Communications , 2004 , 22 ( 1 ): 176 - 187 .

卢国强 . 云计算环境下的泛联路由平台 [J ] . 信息安全与技术 , 2010 ( 8 ): 106 - 108 .

LU G Q . Tum routing platform in cloud computing [J ] . Information Security and Technology , 2010 ( 8 ): 106 - 108 .

STOICA I , MORRIS R,LIBEN-NOWELL D , et al . Chord:a scalable peer-to-peer lookup protocol for internet applications [J ] . IEEE/ACM Transactions on Networking , 2003 , 11 ( 1 ): 17 - 32 .

刘孟 . 云环境下 DDoS 攻击攻防体系及其关键技术研究 [D ] . 南京:南京大学 , 2016 .

LIU M . Architecture of DDoS attacks defense in cloud environment and its key technology [D ] . Nanjing:Nanjing University , 2016 .

ZOLTAN F , PETER F , STEFAN L , et al . Performance analysis of IPsec in mobile IPv6 scenarios [C ] // The 16th IST Mobile and Wireless Communication Summit . 2007 : 1 - 5 .

KHALED S , KHALID E , RAOUF B . Performance modeling and analysis of network firewalls [J ] . IEEE Transactions on Network and Service Management , 2012 , 9 ( 1 ): 12 - 21 .

LIU M , DOU W C , YU S , et al . A decentralized cloud firewall framework with resources provisioning cost optimization [J ] . IEEE Transactions on Parallel and Distributed Systems , 2015 , 26 ( 3 ): 621 - 631 .

MOREIN W G , STAVROU A , COOK D L , et al . Using graphic turning tests to counter automated DDoS attacks against Web servers [C ] // The 10th ACM Conference on Computer and Communications Security . 2003 : 8 - 19 .

ANGELOS S , DEBRA L C , WILLIAM G M , et al . WebSOS:an overlay-based system for protecting Web servers from denial of service attacks [J ] . Journal of Computer Networks , 2005 , 48 ( 5 ): 781 - 807 .

浏览量

1115

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

云环境下协同作业的密码服务优化调度算法

M-RSF：面向Unikernel的一种多级反馈队列任务调度机制

基于强化学习的在线离线混部云环境下的调度框架

基于对比学习的图神经网络后门攻击防御方法

云计算中基于时间和隐私保护的可撤销可追踪的数据共享方案