Research on DDoS detection in multi-tenant cloud based on entropy change

Miao WANG; Li-ming WANG; Zhen XU; Duo-he MA

doi:10.11959/j.issn.1000-436x.2016268

您当前的位置：

首页 >

文章列表页 >

Research on DDoS detection in multi-tenant cloud based on entropy change

Correspondences | 更新时间：2024-06-05

- Research on DDoS detection in multi-tenant cloud based on entropy change
- Journal on Communications Vol. 37, Issue Z1, Pages: 204-210(2016)
- 作者机构：
- 作者简介：
- 基金信息：
  
  The National High Technology Research and Development Program of China (863 Program)(2015AA016106);Strategic Priority Research Program of the Chinese Academy of Sciences(XDA06010701);The Strategic Priority Research Program of the Chinese Academy of Sciences(XDA06010306)
- DOI：10.11959/j.issn.1000-436x.2016268
  CLC： TP302
- Online First：2016-10，
  
  Published：25 October 2016
- 稿件说明：
移动端阅览
Miao WANG, Li-ming WANG, Zhen XU, et al. Research on DDoS detection in multi-tenant cloud based on entropy change[J]. Journal on Communications, 2016, 37(Z1): 204-210.
DOI：

Miao WANG, Li-ming WANG, Zhen XU, et al. Research on DDoS detection in multi-tenant cloud based on entropy change[J]. Journal on Communications, 2016, 37(Z1): 204-210. DOI： 10.11959/j.issn.1000-436x.2016268.

摘要

分布式拒绝服务（DDoS）是攻击者通过入侵云内虚拟机组成攻击网络，以威胁多租户云系统安全的攻击。多租户云系统DDoS攻击检测难点在于如何确定攻击源虚拟机和攻击目标，尤其当攻击目标为云内主机时。提出一种基于熵度量的DDoS攻击检测方法，根据云环境特点在优先定位攻击源基础上再确定攻击目标，检测多租户云系统内发起的DDoS攻击。提出分布式检测架构，利用检测代理发现潜在攻击源端的可疑攻击流量，检测服务器识别DDoS攻击的真正攻击流。理论和实验分析验证了提出方法的可行性和有效性。

Abstract

An attacker compromised a number of VMs in the cloud to form his own network to launch a powerful distrib-uted denial of service (DDoS) attack.DDoS attack is a serious threat to multi-tenant cloud.It is difficult to detect which VM in the cloud are compromised and what is the attack target

especially when the VM in the cloud is the victim.A DDoS detection method was presented suitable for multi-tenant cloud environment by identifying the malicious VM at-tack sources first and then the victims.A distributed detection framework was proposed.The distributed agent detects the suspicious VM which generate the potential DDoS attack traffic flows on the source side.A central server confirms the real attack flows.The feasibility and effectiveness of the proposed detection method are verified by experiments in the multi-tenant cloud environment.

关键词

Keywords

references

Amazon Inc . Amazon elastic compute cloud (Amazon EC2) [EB/OL ] . http://aws.amazon.com/ec2/ http://aws.amazon.com/ec2/ , 2011 .

CHOWDHURY N M M K , BOUTABA R . A survey of network virtu-alization [J ] . Computer Networks , 2010 , 54 ( 5 ): 862 - 876 .

HASHIZUME K , ROSADO D G , FERNÁNDEZ-MEDINA E , et al . An analysis of security issues for cloud computing [J ] . Journal of Inter-net Services and Applications , 2013 , 4 ( 1 ): 1 .

JASTI A , SHAH P , NAGARAJ R , et al . Security in multi-tenancy cloud[C]//2010 IEEE International Carnahan Conference on Security Technology (ICCST) . 2010 : 35 - 41 .

MIRKOVIC J , REIHER P . A taxonomy of DDoS attack and DDoS defense mechanisms [J ] . ACM SIGCOMM Computer Communication Review , 2004 , 34 ( 2 ): 39 - 53 .

PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems [J ] . ACM Computing Surveys (CSUR) , 2007 , 39 ( 1 ): 3 .

BHUYAN M H , KASHYAP H J , BHATTACHARYYA D K , et al . Detecting distributed denial of service attacks:methods,tools and fu-ture directions [J ] . Computer Journal , 2013 , 57 ( 4 ): 537 - 556 .

FEINSTEIN L , SCHNACKENBERG D , BALUPARI R , et al . Statis-tical approaches to DDoS attack detection and response[C]//DARPA Information Survivability Conference and Exposition . 2003 : 303 - 314 .

YI F , YU S , ZHOU W , et al . Source-based filtering scheme against DDOS attacks [J ] . International Journal of Database Theory and Ap-plication , 2008 , 1 ( 1 ): 9 - 20 .

CHOUHAN V , PEDDOJU S K . Packet monitoring approach to pre-vent DDoS attack in cloud computing [J ] . International Journal of Computer Science and Electrical Engineering (IJCSEE) ISSN . 2013 : 2315 - 4209 .

GAVASKAR S , SURENDIRAN R , RAMARAJ D E . Three counter defense mechanism for TCP SYN flooding attacks [J ] . International Journal of Computer Applications , 2010 , 6 ( 6 ): 0975 - 8887 .

RAI M K , MISHRA V S . Detection of UDP and HTTP anomalies on real time traffic based on NIDS using OURMON tool [J ] . 2015 .

SHANNON C E . A mathematical theory of communication [J ] . ACM SIGMOBILE Mobile Computing and Communications Review , 2001 , 5 ( 1 ): 3 - 55 .

KUMAR K , JOSHI R C , SINGH K . A distributed approach using entropy to detect DDoS attacks in ISP domain[C]//2007 International Conference on Signal Processing,Communications and Networking.IEEE , 2007 : 331 - 337 .

DAVID J , THOMAS C . DDoS attack detection using fast entropy approach on flow-based network traffic [J ] . Procedia Computer Science , 2015 , 50 : 30 - 36 .

XIANG Y , LI K , ZHOU W . Low-rate DDoS attacks detection and traceback by using new information metrics [J ] . IEEE Transactions on Information Forensics and Security , 2011 , 6 ( 2 ): 426 - 437 .

BHUYAN M H , BHATTACHARYYA D K , KALITA J K . An empiri-cal evaluation of information metrics for low-rate and high-rate DDoS attack detection [J ] . Pattern Recognition Letters , 2015 , 51 : 1 - 7 .

TAO Y , YU S . DDoS attack detection at local area networks using information theoretical metrics[C]//2013 12th IEEE International Conference on Trust,Security and Privacy in Computing and Commu-nications.IEEE , 2013 : 233 - 240 .

AIN A , BHUYAN M H , BHATTACHARYYA D K , et al . Rank corre-lation for low-rate DDoS attack detection:an empirical evaluation [J ] . International Journal of Network Security , 2016 , 18 ( 3 ): 474 - 480 .

Views

1337

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Design and implementation of multi-tenant oriented lightweight virtual HPC cluster based on supercomputing environment

Weighted evidence combination based on degree of credibility and certainty

Evolution entropy risk assessment of ERP information security based on the business process

Research on resource monitoring and billing mechanisms of application engine in cloud computing environment

Model of fuzzy risk assessment of the information system

Related Author

Yao-xue ZHANG

Jian-feng ZHANG

Qing-bo WU

Rong-zhen LI

Yu-song TAN

Lu WANG

Qing-hua XING

Yi-fan MAO

Related Institution

College of Computer,National University of Defense Technology

School of Information Science and Engineering,Central South University

School of Air and Missile Defense, Air Force Engineering University

School of Information, Central University of Finance and Economics

School of Account,Inner Mongolia University of Finance and Economics,Huhhot

AI问答

⁰