通信学报 ›› 2021, Vol. 42 ›› Issue (9): 75-86.doi: 10.11959/j.issn.1000-436x.2021169
于斌, 张南, 陆旭, 段振华, 田聪
修回日期:
2021-03-25
出版日期:
2021-09-25
发布日期:
2021-09-01
作者简介:
于斌(1990− ),男,河南漯河人,博士,西安电子科技大学讲师,主要研究方向为模型检测、运行时验证基金资助:
Bin YU, Nan ZHANG, Xu LU, Zhenhua DUAN, Cong TIAN
Revised:
2021-03-25
Online:
2021-09-25
Published:
2021-09-01
Supported by:
摘要:
针对边缘计算系统中边缘服务器面临的拒绝服务(DoS)攻击问题,提出了一种基于并行运行时验证的DoS攻击检测方法。首先,使用命题投影时序逻辑(PPTL)公式形式化描述边缘服务器预期行为和DoS攻击特征;进而,针对待验证PPTL公式,采用并行运行时验证框架,充分利用边缘服务器的计算与存储资源,对程序运行状态进行异常检测和误用检测。利用所提方法,对一个实际的基于边缘计算的点对点(P2P)网络智能停车系统进行模拟 DoS 攻击和攻击检测。对比实验表明,所提方法能够有效检测出边缘服务器异常行为和所受 DoS攻击类型。
中图分类号:
于斌, 张南, 陆旭, 段振华, 田聪. 基于运行时验证的边缘服务器DoS攻击检测方法[J]. 通信学报, 2021, 42(9): 75-86.
Bin YU, Nan ZHANG, Xu LU, Zhenhua DUAN, Cong TIAN. Runtime verification approach for DoS attack detection in edge servers[J]. Journal on Communications, 2021, 42(9): 75-86.
[1] | PANG H H , TAN K L . Authenticating query results in edge computing[C]// Proceedings of 20th International Conference on Data Engineering. Piscataway:IEEE Press, 2004: 560-571. |
[2] | GEORGE G , THAMPI S M . Vulnerability-based risk assessment and mitigation strategies for edge devices in the Internet of Things[J]. Pervasive and Mobile Computing, 2019,59:101068. |
[3] | ROMAN R , LOPEZ J , MAMBO M . Mobile edge computing,fog et al.:a survey and analysis of security threats and challenges[J]. Future Generation Computer Systems, 2018,78: 680-698. |
[4] | SHIRAZI S N , GOUGLIDIS A , FARSHAD A ,et al. The extended cloud:review and analysis of mobile edge computing and fog from a security and resilience perspective[J]. IEEE Journal on Selected Areas in Communications, 2017,35(11): 2586-2595. |
[5] | SHI W S , CAO J , ZHANG Q ,et al. Edge computing:vision and challenges[J]. IEEE Internet of Things Journal, 2016,3(5): 637-646. |
[6] | MOUSTAFA N , HU J K , SLAY J . A holistic review of network anomaly detection systems:a comprehensive survey[J]. Journal of Network and Computer Applications, 2019,128: 33-55. |
[7] | AHMAD I . A survey on DDoS attacks in edge servers[D]. Arlington:The University of Texas at Arlington, 2020. |
[8] | GAUTAM D , TOKEKAR V . An approach to analyze the impact of DDoS attack on mobile cloud computing[C]// 2017 International Conference on Information,Communication,Instrumentation and Control. Piscataway:IEEE Press, 2017: 1-6. |
[9] | CAPROLU M , DI PIETRO R , LOMBARDI F ,et al. Edge computing perspectives:architectures,technologies,and open security issues[C]// 2019 IEEE International Conference on Edge Computing. Piscataway:IEEE Press, 2019: 116-123. |
[10] | SINGH J , BELLO Y , HUSSEIN A R ,et al. Hierarchical security paradigm for IoT multiaccess edge computing[J]. IEEE Internet of Things Journal, 2021,8(7): 5794-5805. |
[11] | RAZA S , WALLGREN L , VOIGT T . SVELTE:real-time intrusion detection in the Internet of things[J]. Ad Hoc Networks, 2013,11(8): 2661-2674. |
[12] | MIDI D , RULLO A , MUDGERIKAR A ,et al. Kalis—a system for knowledge-driven adaptable intrusion detection for the Internet of things[C]// 2017 IEEE International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2017: 656-666. |
[13] | HODO E , BELLEKENS X , HAMILTON A ,et al. Threat analysis of IoT networks using artificial neural network intrusion detection system[C]// 2016 International Symposium on Networks,Computers and Communications. Piscataway:IEEE Press, 2016: 1-6. |
[14] | WANG Y , XIE L , LI W ,et al. A privacy-preserving framework for collaborative intrusion detection networks through fog computing[C]// 2017 International Symposium on Cyberspace Safety and Security. Berlin:Springer, 2017: 267-279. |
[15] | MENG W Z , WANG Y , LI W J ,et al. Enhancing intelligent alarm reduction for distributed intrusion detection systems via edge computing[C]// 2018 Australasian Conference on Information Security and Privacy. Berlin:Springer, 2018: 759-767. |
[16] | 肖阳, 白磊, 王仙 . 基于朋友机制的移动ad hoc网络路由入侵检测模型研究[J]. 通信学报, 2015,36(S1): 203-214. |
XIAO Y , BAI L , WANG X . Friends mechanism-based routing intrusion detection model for mobile ad hoc network[J]. Journal on Communications, 2015,36(S1): 203-214. | |
[17] | AN X S , ZHOU X W , LYU X ,et al. Sample selected extreme learning machine based intrusion detection in fog computing and MEC[J]. Wireless Communications and Mobile Computing, 2018,2018: 1-10. |
[18] | LIN F H , ZHOU Y T , AN X S ,et al. Fair resource allocation in an intrusion-detection system for edge computing:ensuring the security of Internet of things devices[J]. IEEE Consumer Electronics Magazine, 2018,7(6): 45-50. |
[19] | NALDURG P , SEN K , THATI P . A temporal logic based framework for intrusion detection[C]// 2004 International Conference on Formal Techniques for Networked and Distributed Systems (FORTE). Berlin:Springer, 2004: 359-376. |
[20] | AHMED A , LISITSA A , DIXON C . TeStID:a high performance temporal intrusion detection system[C]// International Symposium on Telecommunications. Piscataway:IEEE Press, 2013: 20-26. |
[21] | AHMED A , LISITSA A , DIXON C . A misuse-based network intrusion detection system using temporal logic and stream processing[C]// 2011 5th International Conference on Network and System Security. Piscataway:IEEE Press, 2011: 1-8. |
[22] | DENG M L , CAO H L , ZHU W J ,et al. Benchmark tests for the model-checking-based IDS algorithms[J]. IEEE Access, 2019,7: 135479-135498. |
[23] | OLIVAIN J , GOUBAULT-LARRECQ J ,, . The orchids intrusion detection tool[C]// 2005 International Conference on Computer Aided Verification. Berlin:Springer, 2005: 286-290. |
[24] | SUN Y , WU T , MA X Q ,et al. Modeling and verifying EPC network intrusion system based on timed automata[J]. Pervasive and Mobile Computing, 2015,24: 61-76. |
[25] | PNUELI A , . The temporal logic of programs[C]// 18th Annual Symposium on Foundations of Computer Science. Piscataway:IEEE Press, 1977: 46-57. |
[26] | CLARKE E M , EMERSON E A . Design and synthesis of synchronization skeletons using branching time temporal logic[C]// 1981 Workshop on Logic of Programs. Berlin:Springer, 1981: 52-71. |
[27] | TIAN C , DUAN Z . Propositional projection temporal logic,büchi automata and ω-regular expressions[C]// 2008 International Conference on Theory and Applications of Models of Computation. Berlin:Springer, 2008: 47-58. |
[28] | DUAN Z . An extended interval temporal logic and a framing technique for temporal logic programming[D]. Newcastle:Newcastle University, 1996. |
[29] | DUAN Z , TIAN C . A practical decision procedure for propositional projection temporal logic with infinite models[J]. Theoretical Computer Science, 2014,554: 169-190. |
[30] | 张琛, 段振华, 田聪 . 基于事件确定有限自动机的 UML2.0 序列图描述与验证[J]. 软件学报, 2011,22(11): 2625-2638. |
ZHANG C , DUAN Z H , TIAN C . Specification and verification of UML2.0 sequence diagrams based on event deterministic finite automata[J]. Journal of Software, 2011,22(11): 2625-2638. | |
[31] | SHEN H , ROBINSON M , NIU J . A logical framework for sequence diagram with combined fragments[R]. 2011. |
[32] | ZHANG N , LU X , TIAN C ,et al. P2P network based smart parking system using edge computing[J]. Mobile Networks and Applications, 2020,25(6): 2226-2239. |
[1] | 鲁蔚锋, 李宁, 徐佳, 徐力杰, 徐建. 多接入边缘计算中相关性任务的联合调度算法[J]. 通信学报, 2023, 44(4): 87-98. |
[2] | 苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136. |
[3] | 谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215. |
[4] | 余雪勇, 邱礼翔, 宋家宁, 朱洪波. 无人机辅助边缘计算中安全通信与能效优化策略[J]. 通信学报, 2023, 44(3): 45-54. |
[5] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[6] | 范伟, 彭诚, 朱大立, 王雨晴. 移动边缘计算网络下基于静态贝叶斯博弈的入侵响应策略研究[J]. 通信学报, 2023, 44(2): 70-81. |
[7] | 赵庶旭, 韦萍, 王小龙. 多任务并发边缘计算环境中最优联盟结构生成策略[J]. 通信学报, 2023, 44(2): 172-184. |
[8] | 王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11. |
[9] | 龙隆, 刘子辰, 陆在旺, 张玉成, 李蕾. 移动边缘网络下服务缓存与资源分配联合优化策略[J]. 通信学报, 2023, 44(1): 64-74. |
[10] | 张宇, 程旻. NDN中边缘计算与缓存的联合优化[J]. 通信学报, 2022, 43(8): 164-175. |
[11] | 王子园, 杜瑞忠. 边缘环境下基于无证书公钥密码的数据完整性审计方案[J]. 通信学报, 2022, 43(7): 62-72. |
[12] | 莫梓嘉, 高志鹏, 杨杨, 林怡静, 孙山, 赵晨. 面向车联网数据隐私保护的高效分布式模型共享策略[J]. 通信学报, 2022, 43(4): 83-94. |
[13] | 杨力, 潘成胜, 孔相广, 黄琦龙, 戚耀文. 5G融合卫星网络研究综述[J]. 通信学报, 2022, 43(4): 202-215. |
[14] | 王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238. |
[15] | 张琳, 魏新艳, 刘茜萍, 黄海平, 王汝传. 基于协作信誉和设备反馈的物联网边缘服务器信任评估算法[J]. 通信学报, 2022, 43(2): 118-130. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|