VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms

UZhi-jun W; UIYi C; UEMeng Y

doi:10.11959/j.issn.1000-436x.2015004

您当前的位置：

首页 >

文章列表页 >

VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms

Academic paper | 更新时间：2024-06-05

- VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms
- Journal on Communications Vol. 36, Issue 1, Pages: 30-37(2015)
- 作者机构：
  
  中国民航大学天津市智能信号处理重点实验室，天津 300300
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61170328);The National Natural Science Foundation of China(U1333116);The Natural Science Foundation of Tian-jin(12JCZDJC20900);Civil Aviation Science and Technology Innovation Fund(MHRD20130217);Research Laboratory Construction Funds of Civil Aviation University of China;Fundamental Research Funds for the Central Universities(3122013P007);Fundamental Research Funds for the Central Universities(3122013D007);Fundamental Research Funds for the Central Universities(3122013D003)
- DOI：10.11959/j.issn.1000-436x.2015004
  CLC： TP393.08
- Online First：2015-01，
  
  Published：25 January 2015
- 稿件说明：
移动端阅览
UZhi-jun W, UIYi C, UEMeng Y. VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms[J]. Journal on Communications, 2015, 36(1): 30-37.
DOI：

UZhi-jun W, UIYi C, UEMeng Y. VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms[J]. Journal on Communications, 2015, 36(1): 30-37. DOI： 10.11959/j.issn.1000-436x.2015004.

摘要

防御分布式拒绝服务DDoS（distributed denial of service）攻击是云计算平台安全保护中的一个关键问题。在研究大规模网络防御DDoS攻击的安全覆盖服务SOS（security overlay service）方法的基础上，揭示了SOS在节点被攻击时退出机制存在的安全漏洞，根据云计算路由策略改进了一致性散列算法 Chord，提出了适用于云计算路由平台3层架构的虚拟散列安全访问路径VHSAP（virtualization hash security access path），在安全访问路径中引入了心跳机制，利用虚拟机技术实现弹性的虚拟节点，完成在云平台中被攻击节点之间的无缝切换，保证用户对云计算平台的安全访问。针对VHSAP防御DDoS的性能进行了仿真实验，重点研究了在散列安全访问路径HSAP中被攻击节点数和切换时延等参数，并将实验结果与SOS方法进行了比较。实验结果表明在DDoS攻击下，VHSAP具有较高的数据通过率，可以提高云计算平台的安全性。

Abstract

Based on the analysis of security overlay service (SOS) approach of defending against DDoS attacks in large scale network

the vulnerability in the exit mechanism of being attacked nodes in SOS approach is explored.The vulnerability is solved by improving the Chord algorithm according to the routing strategy in cloud computing.Hence

the virtualization hash security access path (VHSAP) in three-layer structure is proposed to protect the cloud computing platform.In VHSAP

the heartbeat mechanism is applied to realize virtual nodes by using the virtual technology.Therefore

the virtual nodes have the ability of resilience

which can complete the seamless switching between being attacked nodes in cloud computing platform

and guarantee the legitimate user's authority of accessing to the resource in cloud computing platform.Experiments of VHSAP defending against DDoS attacks are carried out in simulation network environment.The parameters

such as the number of being attacked nodes in hash secure access path (HSAP)

and the switching time and the handoff delay between nodes

are focused in experiments.The result shows that VHSAP achieves a higher data pass rate than that of SOS approach

and enhances the security of cloud computing platform.

关键词

Keywords

references

孙长华，刘斌．分布式拒绝服务攻击研究新进展综述 [J ] ．电子学报， 2009 , 37 ( 7 ): 1563 - 1568 .

SUN C H , LIU B . Survey on new solutions against distributed denial of service attacks [J ] . ACTA Electronica Sinica , 2009 , 37 ( 7 ): 1563 - 1568 .

冯登国，张敏，张妍等．云计算安全研究 [J ] ．软件学报， 2012 , 22 ( 1 ): 72 - 81 .

FENG D G , ZHANG M , ZHANG Y , et al . Study on cloud computing security [J ] . Journal of Software , 2012 , 22 ( 1 ): 72 - 81 .

KEROMYTIS A D , MISRA V , RUBENSTEIN D . SOS:an architecture for mitigating DDoS attacks [J ] . IEEE Journal on Selected Areas in Communications , 2004 , 22 ( 1 ): 176 - 187 .

STAVROU A , KEROMYTIS A D . Countering DoS attacks with stateless multipath overlays [A ] . Proceedings of the 12th ACM Conference on Computer and Communications Security CCS '05 , Alexandria,Virginia,USA , 2005 . 249 - 259 .

XUAN D , CHELLAPPAN S , WANG X , et al . Analyzing the secure overlay services architecture under intelligent DDoS attacks [A ] . Proceedings of the 24th International Conference on Distributed Computing Systems , Tokyo Japan , 2004 . 408 - 417 .

WANG X , CHELLAPPAN S , BOYER P , et al . On the effectiveness of secure overlay forwarding systems under intelligent distributed DoS attacks [J ] . IEEE Transactions on Parallel and Distributed Systems , Tokyo Japan , 2006 , 17 ( 7 ): 619 - 632 .

IN C H , HONG C S , WEI J , et al . An enhanced SOS architecture for DDoS attack defense using active network technology [A ] . Proceedings of Advanced Industrial Conference on Telecommunications/ Service Assurance with Partial and Intermittent Resources Conference/ELearning on Telecommunications Workshop [C ] . Lisbon,Portugal , 2005 . 90 - 95 .

KAUR R , SANGA A L , KUMAR K . Secure overlay services (SOS):a critical analysis [A ] . 2012 2nd IEEE International Conference on Parallel,Distributed and Grid Computing [C ] . Ottawa,Canada , 2012 . 457 - 462 .

卢国强．云计算泛联路由平台 [J ] ．信息安全与技术， 2010 ,( 8 ): 106 - 108 .

LU G Q . Tum routing platform in cloud computing [J ] . Information Security and Technology , 2010 ,( 8 ): 106 - 108 .

DING S L , ZHAO X H . Analysis and improvement on Chord protocol for structured P2P [A ] . IEEE 3rd International Conference on Communication Software and Networks , 2011 . 214 - 218 .

THIRUVATHUKAL G K , HINSEN K , LÄUFER K , et al . Virtualization for computational scientists [J ] . Computing in Science ＆ Engineering , 2010 , 12 ( 4 ): 52 - 60 .

邓谦．基于Hadoop的云计算安全机制研究 [D ] ．南京：南京邮电大学， 2013 .

DENG Q . Research on Security Mechanism of Cloud Computing Based on Hadoop [D ] . Nanjing : Nanjing University , 2013 .

ZHU H , CHEN H P . Adaptive failure detection VIA heartbeat under hadoop [A ] . 2011 IEEE Asia-Pacific Services Computing Conference [C ] . Jeju,Korea , 2011 . 231 - 238 .

赵永利，张杰． OMNeT++与网络仿真 [M ] ．北京：人民邮电出版社， 2012 .

ZHAO Y L , ZHANG J . OMNeT++and Network Simulation [M ] . Beijing : Posts ＆Telecom Press 2012 .

Views

1611

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Cryptographic service optimization scheduling algorithm for collaborative jobs in cloud environment

M-RSF: a multilevel feedback queue task scheduling mechanism for Unikernel

Scheduling framework based on reinforcement learning in online-offline colocated cloud environment

Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing

Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud

Related Author

CAO Xiaogang

LI Fenghua

GENG Kui

LI Zifu

KOU Wenlong

DONG Bonan

YANG Qiusong

LI Mingshu

Related Institution

Institute of Information Engineering, Chinese Academy of Sciences

School of Cyber Security, University of Chinese Academy of Sciences

Key Laboratory of Cyberspace Security Defense

University of Chinese Academy of Sciences

National Engineering Research Center for Fundamental Software, Institute of Software Chinese Academy of Sciences

AI问答

⁰