基于运行时验证的边缘服务器DoS攻击检测方法

doi:10.11959/j.issn.1000-436x.2021169

通信学报 ›› 2021, Vol. 42 ›› Issue (9): 75-86.doi: 10.11959/j.issn.1000-436x.2021169

基于运行时验证的边缘服务器DoS攻击检测方法

于斌, 张南, 陆旭, 段振华, 田聪

西安电子科技大学计算机科学与技术学院，陕西西安 710071

修回日期:2021-03-25 出版日期:2021-09-25 发布日期:2021-09-01
作者简介:于斌（1990− ），男，河南漯河人，博士，西安电子科技大学讲师，主要研究方向为模型检测、运行时验证
张南（1984− ），女，天津人，博士，西安电子科技大学副教授、博士生导师，主要研究方向为形式化验证、模型检测
陆旭（1985− ），男，河北承德人，博士，西安电子科技大学讲师，主要研究方向为可信软件、分离逻辑
段振华（1948− ），男，陕西咸阳人，博士，西安电子科技大学教授、博士生导师，主要研究方向为时序逻辑、形式化验证
田聪（1981− ），女，陕西合阳人，博士，西安电子科技大学教授、博士生导师，主要研究方向为形式化验证、模型检测
基金资助:
国家重点研发计划基金资助项目(2018AAA0103202);国家自然科学基金资助项目(61732013);国家自然科学基金资助项目(61806158);中央高校基本科研业务费专项资金资助项目(XJS210305);陕西省自然科学基础研究计划基金资助项目(2021JQ-208)

Runtime verification approach for DoS attack detection in edge servers

Bin YU, Nan ZHANG, Xu LU, Zhenhua DUAN, Cong TIAN

School of Computer Science and Technology, Xidian University, Xi’an 710071, China

Revised:2021-03-25 Online:2021-09-25 Published:2021-09-01
Supported by:
The National Key Research and Development Program of China(2018AAA0103202);The National Natural Science Foundation of China(61732013);The National Natural Science Foundation of China(61806158);The Fundamental Research Funds for the Central Universities(XJS210305);The Natural Science Basic Research Program of Shaanxi(2021JQ-208)

摘要/Abstract

摘要：

针对边缘计算系统中边缘服务器面临的拒绝服务（DoS）攻击问题，提出了一种基于并行运行时验证的DoS攻击检测方法。首先，使用命题投影时序逻辑（PPTL）公式形式化描述边缘服务器预期行为和DoS攻击特征；进而，针对待验证PPTL公式，采用并行运行时验证框架，充分利用边缘服务器的计算与存储资源，对程序运行状态进行异常检测和误用检测。利用所提方法，对一个实际的基于边缘计算的点对点（P2P）网络智能停车系统进行模拟 DoS 攻击和攻击检测。对比实验表明，所提方法能够有效检测出边缘服务器异常行为和所受 DoS攻击类型。

关键词: 边缘计算, 边缘服务器, 命题投影时序逻辑, 拒绝服务攻击, 运行时验证

Abstract:

Aiming at the DoS (denial of service) attacks against edge servers in an edge computing system, a parallel runtime verification approach for DoS attack detection was proposed.First, PPTL (propositional projection temporal logic) formulas were utilized to formally describe expected behaviors of an edge server and DoS attack characteristics.Then, for the PPTL formulas to be verified, a parallel runtime verification framework was adopted to make use of the computing and storage resources of an edge server to conduct anomaly detection and misuse detection.The proposed attack detection approach was performed for an actual P2P (peer-to-peer) network based on smart parking system using edge computing which was supposed to suffer from a DoS attack.Experiments show that the proposed method can accurately and efficiently identify abnormal behaviors of edge servers and types of DoS attacks.

Key words: edge computing, edge server, propositional projection temporal logic, DoS attack, runtime verification

中图分类号:

TN92

于斌, 张南, 陆旭, 段振华, 田聪. 基于运行时验证的边缘服务器DoS攻击检测方法[J]. 通信学报, 2021, 42(9): 75-86.

Bin YU, Nan ZHANG, Xu LU, Zhenhua DUAN, Cong TIAN. Runtime verification approach for DoS attack detection in edge servers[J]. Journal on Communications, 2021, 42(9): 75-86.

图/表 15

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

表1

表2

图12

表3

参考文献 32

[1]	PANG H H , TAN K L . Authenticating query results in edge computing[C]// Proceedings of 20th International Conference on Data Engineering. Piscataway:IEEE Press, 2004: 560-571.
[2]	GEORGE G , THAMPI S M . Vulnerability-based risk assessment and mitigation strategies for edge devices in the Internet of Things[J]. Pervasive and Mobile Computing, 2019,59:101068.
[3]	ROMAN R , LOPEZ J , MAMBO M . Mobile edge computing,fog et al.:a survey and analysis of security threats and challenges[J]. Future Generation Computer Systems, 2018,78: 680-698.
[4]	SHIRAZI S N , GOUGLIDIS A , FARSHAD A ,et al. The extended cloud:review and analysis of mobile edge computing and fog from a security and resilience perspective[J]. IEEE Journal on Selected Areas in Communications, 2017,35(11): 2586-2595.
[5]	SHI W S , CAO J , ZHANG Q ,et al. Edge computing:vision and challenges[J]. IEEE Internet of Things Journal, 2016,3(5): 637-646.
[6]	MOUSTAFA N , HU J K , SLAY J . A holistic review of network anomaly detection systems:a comprehensive survey[J]. Journal of Network and Computer Applications, 2019,128: 33-55.
[7]	AHMAD I . A survey on DDoS attacks in edge servers[D]. Arlington:The University of Texas at Arlington, 2020.
[8]	GAUTAM D , TOKEKAR V . An approach to analyze the impact of DDoS attack on mobile cloud computing[C]// 2017 International Conference on Information,Communication,Instrumentation and Control. Piscataway:IEEE Press, 2017: 1-6.
[9]	CAPROLU M , DI PIETRO R , LOMBARDI F ,et al. Edge computing perspectives:architectures,technologies,and open security issues[C]// 2019 IEEE International Conference on Edge Computing. Piscataway:IEEE Press, 2019: 116-123.
[10]	SINGH J , BELLO Y , HUSSEIN A R ,et al. Hierarchical security paradigm for IoT multiaccess edge computing[J]. IEEE Internet of Things Journal, 2021,8(7): 5794-5805.
[11]	RAZA S , WALLGREN L , VOIGT T . SVELTE:real-time intrusion detection in the Internet of things[J]. Ad Hoc Networks, 2013,11(8): 2661-2674.
[12]	MIDI D , RULLO A , MUDGERIKAR A ,et al. Kalis—a system for knowledge-driven adaptable intrusion detection for the Internet of things[C]// 2017 IEEE International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2017: 656-666.
[13]	HODO E , BELLEKENS X , HAMILTON A ,et al. Threat analysis of IoT networks using artificial neural network intrusion detection system[C]// 2016 International Symposium on Networks,Computers and Communications. Piscataway:IEEE Press, 2016: 1-6.
[14]	WANG Y , XIE L , LI W ,et al. A privacy-preserving framework for collaborative intrusion detection networks through fog computing[C]// 2017 International Symposium on Cyberspace Safety and Security. Berlin:Springer, 2017: 267-279.
[15]	MENG W Z , WANG Y , LI W J ,et al. Enhancing intelligent alarm reduction for distributed intrusion detection systems via edge computing[C]// 2018 Australasian Conference on Information Security and Privacy. Berlin:Springer, 2018: 759-767.
[16]	肖阳, 白磊, 王仙 . 基于朋友机制的移动ad hoc网络路由入侵检测模型研究[J]. 通信学报, 2015,36(S1): 203-214.
	XIAO Y , BAI L , WANG X . Friends mechanism-based routing intrusion detection model for mobile ad hoc network[J]. Journal on Communications, 2015,36(S1): 203-214.
[17]	AN X S , ZHOU X W , LYU X ,et al. Sample selected extreme learning machine based intrusion detection in fog computing and MEC[J]. Wireless Communications and Mobile Computing, 2018,2018: 1-10.
[18]	LIN F H , ZHOU Y T , AN X S ,et al. Fair resource allocation in an intrusion-detection system for edge computing:ensuring the security of Internet of things devices[J]. IEEE Consumer Electronics Magazine, 2018,7(6): 45-50.
[19]	NALDURG P , SEN K , THATI P . A temporal logic based framework for intrusion detection[C]// 2004 International Conference on Formal Techniques for Networked and Distributed Systems (FORTE). Berlin:Springer, 2004: 359-376.
[20]	AHMED A , LISITSA A , DIXON C . TeStID:a high performance temporal intrusion detection system[C]// International Symposium on Telecommunications. Piscataway:IEEE Press, 2013: 20-26.
[21]	AHMED A , LISITSA A , DIXON C . A misuse-based network intrusion detection system using temporal logic and stream processing[C]// 2011 5th International Conference on Network and System Security. Piscataway:IEEE Press, 2011: 1-8.
[22]	DENG M L , CAO H L , ZHU W J ,et al. Benchmark tests for the model-checking-based IDS algorithms[J]. IEEE Access, 2019,7: 135479-135498.
[23]	OLIVAIN J , GOUBAULT-LARRECQ J ,, . The orchids intrusion detection tool[C]// 2005 International Conference on Computer Aided Verification. Berlin:Springer, 2005: 286-290.
[24]	SUN Y , WU T , MA X Q ,et al. Modeling and verifying EPC network intrusion system based on timed automata[J]. Pervasive and Mobile Computing, 2015,24: 61-76.
[25]	PNUELI A , . The temporal logic of programs[C]// 18th Annual Symposium on Foundations of Computer Science. Piscataway:IEEE Press, 1977: 46-57.
[26]	CLARKE E M , EMERSON E A . Design and synthesis of synchronization skeletons using branching time temporal logic[C]// 1981 Workshop on Logic of Programs. Berlin:Springer, 1981: 52-71.
[27]	TIAN C , DUAN Z . Propositional projection temporal logic,büchi automata and ω-regular expressions[C]// 2008 International Conference on Theory and Applications of Models of Computation. Berlin:Springer, 2008: 47-58.
[28]	DUAN Z . An extended interval temporal logic and a framing technique for temporal logic programming[D]. Newcastle:Newcastle University, 1996.
[29]	DUAN Z , TIAN C . A practical decision procedure for propositional projection temporal logic with infinite models[J]. Theoretical Computer Science, 2014,554: 169-190.
[30]	张琛, 段振华, 田聪 . 基于事件确定有限自动机的 UML2.0 序列图描述与验证[J]. 软件学报, 2011,22(11): 2625-2638.
	ZHANG C , DUAN Z H , TIAN C . Specification and verification of UML2.0 sequence diagrams based on event deterministic finite automata[J]. Journal of Software, 2011,22(11): 2625-2638.
[31]	SHEN H , ROBINSON M , NIU J . A logical framework for sequence diagram with combined fragments[R]. 2011.
[32]	ZHANG N , LU X , TIAN C ,et al. P2P network based smart parking system using edge computing[J]. Mobile Networks and Applications, 2020,25(6): 2226-2239.

攻击类型	正常数量/个	攻击数量/个
Smurf	26 980	8 960
SYN Flood	12 560	5 800
Land	853	9

方法	准确率	误报率	训练时间/s	检测时间/ ms	内存/MB
本文方法	97.5%	1.2%	—	231	9
ASDL^[22]	95.6%	2.1%	—	362	5
SS-ELM^[17]	99.1%	0.4%	4.5	267	25
BP	84.2%	7.8%	387	321	76
SVM	94.3%	3.6%	15	365	37

公式	性质是否满足	单个验证线程提供验证算力/ms	3个验证线程提供验证算力/ms	5个验证线程提供验证算力/ms
P₁	×	641	303	385
P₂	√	392	217	276
P₃	×	313	158	187
P₄	×	432	249	293

基于运行时验证的边缘服务器DoS攻击检测方法

Runtime verification approach for DoS attack detection in edge servers

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 15

参考文献 32

相关文章 15

Metrics

推荐阅读 0

[1]	鲁蔚锋, 李宁, 徐佳, 徐力杰, 徐建. 多接入边缘计算中相关性任务的联合调度算法[J]. 通信学报, 2023, 44(4): 87-98.
[2]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[3]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
[4]	余雪勇, 邱礼翔, 宋家宁, 朱洪波. 无人机辅助边缘计算中安全通信与能效优化策略[J]. 通信学报, 2023, 44(3): 45-54.
[5]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[6]	范伟, 彭诚, 朱大立, 王雨晴. 移动边缘计算网络下基于静态贝叶斯博弈的入侵响应策略研究[J]. 通信学报, 2023, 44(2): 70-81.
[7]	赵庶旭, 韦萍, 王小龙. 多任务并发边缘计算环境中最优联盟结构生成策略[J]. 通信学报, 2023, 44(2): 172-184.
[8]	王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11.
[9]	龙隆, 刘子辰, 陆在旺, 张玉成, 李蕾. 移动边缘网络下服务缓存与资源分配联合优化策略[J]. 通信学报, 2023, 44(1): 64-74.
[10]	张宇, 程旻. NDN中边缘计算与缓存的联合优化[J]. 通信学报, 2022, 43(8): 164-175.
[11]	王子园, 杜瑞忠. 边缘环境下基于无证书公钥密码的数据完整性审计方案[J]. 通信学报, 2022, 43(7): 62-72.
[12]	莫梓嘉, 高志鹏, 杨杨, 林怡静, 孙山, 赵晨. 面向车联网数据隐私保护的高效分布式模型共享策略[J]. 通信学报, 2022, 43(4): 83-94.
[13]	杨力, 潘成胜, 孔相广, 黄琦龙, 戚耀文. 5G融合卫星网络研究综述[J]. 通信学报, 2022, 43(4): 202-215.
[14]	王继锋, 王国峰. 边缘计算模式下密文搜索与共享技术研究[J]. 通信学报, 2022, 43(4): 227-238.
[15]	张琳, 魏新艳, 刘茜萍, 黄海平, 王汝传. 基于协作信誉和设备反馈的物联网边缘服务器信任评估算法[J]. 通信学报, 2022, 43(2): 118-130.