基于熵变的多租户云内DDoS检测方法研究

doi:10.11959/j.issn.1000-436x.2016268

通信学报 ›› 2016, Vol. 37 ›› Issue (Z1): 204-210.doi: 10.11959/j.issn.1000-436x.2016268

基于熵变的多租户云内DDoS检测方法研究

王淼^1,²,王利明¹,徐震¹,马多贺¹

¹ 中国科学院信息工程研究所信息安全国家重点实验室，北京 100093
² 中国科学院大学网络空间安全学院，北京 100049

出版日期:2016-10-25 发布日期:2017-01-17
基金资助:
国家高技术研究发展计划（“863”计划）基金资助项目;中国科学院先导专项基金资助项目;中国科学院先导专项基金资助项目

Research on DDoS detection in multi-tenant cloud based on entropy change

Miao WANG^1,²,Li-ming WANG¹,Zhen XU¹,Duo-he MA¹

¹ State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
² College of Cyberspace Security,University of Chinese Academy of Sciences,Beijing 100049,China

Online:2016-10-25 Published:2017-01-17
Supported by:
The National High Technology Research and Development Program of China (863 Program);Strategic Priority Research Program of the Chinese Academy of Sciences;Strategic Priority Research Program of the Chinese Academy of Sciences

摘要/Abstract

摘要：

分布式拒绝服务（DDoS）是攻击者通过入侵云内虚拟机组成攻击网络，以威胁多租户云系统安全的攻击。多租户云系统DDoS攻击检测难点在于如何确定攻击源虚拟机和攻击目标，尤其当攻击目标为云内主机时。提出一种基于熵度量的DDoS攻击检测方法，根据云环境特点在优先定位攻击源基础上再确定攻击目标，检测多租户云系统内发起的DDoS攻击。提出分布式检测架构，利用检测代理发现潜在攻击源端的可疑攻击流量，检测服务器识别DDoS攻击的真正攻击流。理论和实验分析验证了提出方法的可行性和有效性。

关键词: 分布式拒绝服务攻击, 攻击检测, 多租户, 云计算系统, 熵

Abstract:

An attacker compromised a number of VMs in the cloud to form his own network to launch a powerful distrib-uted denial of service (DDoS) attack.DDoS attack is a serious threat to multi-tenant cloud.It is difficult to detect which VM in the cloud are compromised and what is the attack target,especially when the VM in the cloud is the victim.A DDoS detection method was presented suitable for multi-tenant cloud environment by identifying the malicious VM at-tack sources first and then the victims.A distributed detection framework was proposed.The distributed agent detects the suspicious VM which generate the potential DDoS attack traffic flows on the source side.A central server confirms the real attack flows.The feasibility and effectiveness of the proposed detection method are verified by experiments in the multi-tenant cloud environment.

Key words: DDoS attack, detection, multi-tenant, cloud computing system, entropy

王淼,王利明,徐震,马多贺. 基于熵变的多租户云内DDoS检测方法研究[J]. 通信学报, 2016, 37(Z1): 204-210.

Miao WANG,Li-ming WANG,Zhen XU,Duo-he MA. Research on DDoS detection in multi-tenant cloud based on entropy change[J]. Journal on Communications, 2016, 37(Z1): 204-210.

图/表 8

图1

图2

图3

图4

图5

图6

图7

图8

参考文献 19

[1]	Amazon Inc. Amazon elastic compute cloud (Amazon EC2)[EB/OL]. , 2011.
[2]	CHOWDHURY N M M K , BOUTABA R . A survey of network virtu-alization[J]. Computer Networks, 2010,54(5):862-876.
[3]	HASHIZUME K , ROSADO D G , FERNáNDEZ-MEDINA E , et al. An analysis of security issues for cloud computing[J]. Journal of Inter-net Services and Applications, 2013,4(1):1.
[4]	JASTI A , SHAH P , NAGARAJ R , et al. Security in multi-tenancy cloud[C]//2010 IEEE International Carnahan Conference on Security Technology (ICCST). 2010:35-41.
[5]	MIRKOVIC J , REIHER P . A taxonomy of DDoS attack and DDoS defense mechanisms[J]. ACM SIGCOMM Computer Communication Review, 2004,34(2):39-53.
[6]	PENG T , LECKIE C , RAMAMOHANARAO K . Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys (CSUR), 2007,39(1):3.
[7]	BHUYAN M H , KASHYAP H J , BHATTACHARYYA D K , et al. Detecting distributed denial of service attacks:methods,tools and fu-ture directions[J]. Computer Journal, 2013,57(4):537-556.
[8]	FEINSTEIN L , SCHNACKENBERG D , BALUPARI R , et al. Statis-tical approaches to DDoS attack detection and response[C]//DARPA Information Survivability Conference and Exposition. 2003:303-314.
[9]	YI F , YU S , ZHOU W , et al. Source-based filtering scheme against DDOS attacks[J]. International Journal of Database Theory and Ap-plication, 2008,1(1):9-20.
[10]	CHOUHAN V , PEDDOJU S K . Packet monitoring approach to pre-vent DDoS attack in cloud computing[J]. International Journal of Computer Science and Electrical Engineering (IJCSEE) ISSN. 2013:2315-4209.
[11]	GAVASKAR S , SURENDIRAN R , RAMARAJ D E . Three counter defense mechanism for TCP SYN flooding attacks[J]. International Journal of Computer Applications, 2010,6(6):0975-8887.
[12]	RAI M K , MISHRA V S . Detection of UDP and HTTP anomalies on real time traffic based on NIDS using OURMON tool[J]. 2015.
[13]	SHANNON C E . A mathematical theory of communication[J]. ACM SIGMOBILE Mobile Computing and Communications Review, 2001,5(1):3-55.
[14]	KUMAR K , JOSHI R C , SINGH K . A distributed approach using entropy to detect DDoS attacks in ISP domain[C]//2007 International Conference on Signal Processing,Communications and Networking.IEEE, 2007:331-337.
[15]	DAVID J , THOMAS C . DDoS attack detection using fast entropy approach on flow-based network traffic[J]. Procedia Computer Science, 2015,50:30-36.
[16]	XIANG Y , LI K , ZHOU W . Low-rate DDoS attacks detection and traceback by using new information metrics[J]. IEEE Transactions on Information Forensics and Security, 2011,6(2):426-437.
[17]	BHUYAN M H , BHATTACHARYYA D K , KALITA J K . An empiri-cal evaluation of information metrics for low-rate and high-rate DDoS attack detection[J]. Pattern Recognition Letters, 2015,51:1-7.
[18]	TAO Y , YU S . DDoS attack detection at local area networks using information theoretical metrics[C]//2013 12th IEEE International Conference on Trust,Security and Privacy in Computing and Commu-nications.IEEE, 2013:233-240.
[19]	AIN A , BHUYAN M H , BHATTACHARYYA D K , et al. Rank corre-lation for low-rate DDoS attack detection:an empirical evaluation[J]. International Journal of Network Security, 2016,18(3):474-480.

基于熵变的多租户云内DDoS检测方法研究

Research on DDoS detection in multi-tenant cloud based on entropy change

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 19

相关文章 15

Metrics

推荐阅读 0

[1]	张平, 戴金晟, 张育铭, 王思贤, 秦晓琦, 牛凯. 面向语义通信的非线性变换编码[J]. 通信学报, 2023, 44(4): 1-14.
[2]	李国军, 侯旭, 叶昌荣, 罗一平. 短波通信接入网广域协作资源分配算法[J]. 通信学报, 2023, 44(2): 112-121.
[3]	刘传宏, 郭彩丽, 杨洋, 陈九九, 朱美逸, 孙鲁楠. 面向智能任务的语义通信：理论、技术和挑战[J]. 通信学报, 2022, 43(6): 41-57.
[4]	钱榕, 许建婷, 张克君, 董宏宇, 邢方远. 隐马尔可夫模型的异质网络链接预测方法研究[J]. 通信学报, 2022, 43(5): 214-225.
[5]	谢丽霞, 李雪鸥, 杨宏宇, 张良, 成翔. 基于样本特征强化的APT攻击多阶段检测方法[J]. 通信学报, 2022, 43(12): 66-76.
[6]	段雪源, 付钰, 王坤, 李彬. 基于简单统计特征的LDoS攻击检测方法[J]. 通信学报, 2022, 43(11): 53-64.
[7]	张忠平, 刘伟雄, 张玉停, 邓禹, 魏棉鑫. ERDOF：基于相对熵权密度离群因子的离群点检测算法[J]. 通信学报, 2021, 42(9): 133-143.
[8]	毛伊敏, 邓千虎, 陈志刚. 基于信息熵与遗传算法的并行关联规则增量挖掘算法[J]. 通信学报, 2021, 42(5): 122-136.
[9]	朱素霞, 刘抒伦, 孙广路. 基于相对熵和K-means的形状相似差分隐私轨迹保护机制[J]. 通信学报, 2021, 42(2): 113-123.
[10]	戴江安, 栾声扬, 赵明龙, 张兆军, 邱天爽. 脉冲噪声下基于平滑循环相关熵谱的调制识别方法[J]. 通信学报, 2021, 42(12): 121-133.
[11]	曹利峰,卢新,高振升,杜学绘. 基于L-DHT的多租户虚拟域隔离构建方法[J]. 通信学报, 2020, 41(6): 184-201.
[12]	孙伟,张鹏,何永全,邢丽超. 内网环境下基于时空事件关联的攻击检测方法[J]. 通信学报, 2020, 41(1): 33-41.
[13]	姜久兴,厚娇,黄海,赵玉迎,冯新新. 低面积复杂度AES低熵掩码方案的研究[J]. 通信学报, 2019, 40(5): 201-210.
[14]	田俊峰,齐鎏岭. SDN中基于条件熵和GHSOM的DDoS攻击检测方法[J]. 通信学报, 2018, 39(8): 140-149.
[15]	吴志军,潘卿波,岳猛. 基于ACK序号步长的LDoS攻击检测方法[J]. 通信学报, 2018, 39(7): 139-147.