基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法

doi:10.11959/j.issn.1000-436x.2015004

Abstract

Abstract:

Based on the analysis of security overlay service (SOS) approach of defending against DDoS attacks in large scale network,the vulnerability in the exit mechanism of being attacked nodes in SOS approach is explored.The vulnerability is solved by improving the Chord algorithm according to the routing strategy in cloud computing.Hence,the virtualization hash security access path (VHSAP) in three-layer structure is proposed to protect the cloud computing platform.In VHSAP,the heartbeat mechanism is applied to realize virtual nodes by using the virtual technology.Therefore,the virtual nodes have the ability of resilience,which can complete the seamless switching between being attacked nodes in cloud computing platform,and guarantee the legitimate user's authority of accessing to the resource in cloud computing platform.Experiments of VHSAP defending against DDoS attacks are carried out in simulation network environment.The parameters,such as the number of being attacked nodes in hash secure access path (HSAP),and the switching time and the handoff delay between nodes,are focused in experiments.The result shows that VHSAP achieves a higher data pass rate than that of SOS approach,and enhances the security of cloud computing platform.

Key words: cloud computing, routing platforms, DDoS, consistent hashing algorithm, virtualization; seamless switch

UZhi-jun W,UIYi C,UEMeng Y. VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms[J]. Journal on Communications, 2015, 36(1): 30-37.

Figures/Tables 11

References 14

[1]	孙长华，刘斌．分布式拒绝服务攻击研究新进展综述[J]．电子学报， 2009,37(7):1563-1568. SUN C H , LIU B . Survey on new solutions against distributed denial of service attacks[J]. ACTA Electronica Sinica, 2009,37(7):1563-1568.
[2]	冯登国，张敏，张妍等．云计算安全研究[J]．软件学报， 2012,22(1):72-81. FENG D G , ZHANG M , ZHANG Y , et al. Study on cloud computing security[J]. Journal of Software, 2012,22(1):72-81.
[3]	KEROMYTIS A D , MISRA V , RUBENSTEIN D . SOS:an architecture for mitigating DDoS attacks[J]. IEEE Journal on Selected Areas in Communications, 2004,22(1): 176-187.
[4]	STAVROU A , KEROMYTIS A D . Countering DoS attacks with stateless multipath overlays[A]. Proceedings of the 12th ACM Conference on Computer and Communications Security CCS '05, Alexandria,Virginia,USA, 2005. 249-259.
[5]	XUAN D , CHELLAPPAN S , WANG X , et al. Analyzing the secure overlay services architecture under intelligent DDoS attacks[A]. Proceedings of the 24th International Conference on Distributed Computing Systems, Tokyo Japan, 2004. 408-417.
[6]	WANG X , CHELLAPPAN S , BOYER P , et al. On the effectiveness of secure overlay forwarding systems under intelligent distributed DoS attacks[J]. IEEE Transactions on Parallel and Distributed Systems, Tokyo Japan, 2006,17(7): 619-632.
[7]	IN C H , HONG C S , WEI J , et al. An enhanced SOS architecture for DDoS attack defense using active network technology[A]. Proceedings of Advanced Industrial Conference on Telecommunications/ Service Assurance with Partial and Intermittent Resources Conference/ELearning on Telecommunications Workshop[C]. Lisbon,Portugal, 2005. 90-95.
[8]	KAUR R , SANGA A L , KUMAR K . Secure overlay services (SOS):a critical analysis[A]. 2012 2nd IEEE International Conference on Parallel,Distributed and Grid Computing[C]. Ottawa,Canada, 2012. 457-462.
[9]	卢国强．云计算泛联路由平台[J]．信息安全与技术， 2010,(8):106-108. LU G Q . Tum routing platform in cloud computing[J]. Information Security and Technology, 2010,(8):106-108.
[10]	DING S L , ZHAO X H . Analysis and improvement on Chord protocol for structured P2P[A]. IEEE 3rd International Conference on Communication Software and Networks, 2011. 214-218.
[11]	THIRUVATHUKAL G K , HINSEN K , L?UFER K , et al. Virtualization for computational scientists[J]. Computing in Science ＆ Engineering, 2010,12(4): 52-60.
[12]	邓谦．基于Hadoop的云计算安全机制研究[D]．南京：南京邮电大学， 2013. DENG Q . Research on Security Mechanism of Cloud Computing Based on Hadoop[D]. Nanjing: Nanjing University, 2013.
[13]	ZHU H , CHEN H P . Adaptive failure detection VIA heartbeat under hadoop[A]. 2011 IEEE Asia-Pacific Services Computing Conference[C]. Jeju,Korea, 2011. 231-238.
[14]	赵永利，张杰． OMNeT++与网络仿真[M]．北京：人民邮电出版社， 2012. ZHAO Y L , ZHANG J . OMNeT++and Network Simulation[M]. Beijing: Posts ＆Telecom Press 2012.

Metrics

Recommended 0

No Suggested Reading articles found!

改变前		改变后
查询标识符项	后向节点	查询标识符项	后向节点
16+2⁰	25	16+2⁰	25
16+2¹	25	16+2¹	25
16+2³	25	16+2³	25
16+2³	25	16+2³	25
16+2⁴	34	16+2⁴	34
16+2⁵	58	16+2⁵	46

参数配置/方法名称	通过率
参数配置/方法名称	VHSAP	SOS
N=100,Na=30,w=1	60%	11%
N=1000,Na=30,w=1	91%	65%
N=1000,Na=100,w=1	90%	60%
N=1000,Na=500,w=1	62%	2%
N=1000,Na=300,w=1	60%	14%
N=1000,Na=300,w=2	93%	30%

名称/项目	无需大量样本训练	应对更新快	无需进行大量计算	针对平台节点的防御
聚类分析	×	×	×	×
小波分析	√	√	×	×
心跳机制	√	√	√	√

[1]	Ling MA, Qiliang FAN, Ting XU, Guanchen GUO, Shenglin ZHANG, Yongqian SUN, Yuzhi ZHANG. Scheduling framework based on reinforcement learning in online-offline colocated cloud environment [J]. Journal on Communications, 2023, 44(6): 90-102.
[2]	Huaqun WANG, Zhe LIU, Debiao HE, Jiguo LI. Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud [J]. Journal on Communications, 2021, 42(7): 52-60.
[3]	Jianhong ZHANG, Menglong WU, Jing WANG, Pei LIU, Zhengtao JIANG, Changgen PENG. Secure and verifiable multi-keyword searchable encryption scheme in cloud [J]. Journal on Communications, 2021, 42(4): 139-149.
[4]	Ruiqi LI, Chunfu JIA, Yafei WANG. Multi-key homomorphic proxy re-encryption scheme based on NTRU and its application [J]. Journal on Communications, 2021, 42(3): 11-22.
[5]	Jiawei ZHANG, Jianfeng MA, Zhuo MA, Teng LI. Time-based and privacy protection revocable and traceable data sharing scheme in cloud computing [J]. Journal on Communications, 2021, 42(10): 81-94.
[6]	Wenjuan WANG, Xuehui DU, Dibin SHAN. Construction method of attack scenario in cloud environment based on dynamic probabilistic attack graph [J]. Journal on Communications, 2021, 42(1): 1-17.
[7]	Youliang TIAN,Qin LUO. Verifiable multi-keyword search scheme based on improved Merkle-Tree authentication method [J]. Journal on Communications, 2020, 41(9): 118-129.
[8]	Na WANG,Kun ZHENG,Junsong FU,Jian LI. Method of ciphertext retrieval in mobile edge computing based on block segmentation [J]. Journal on Communications, 2020, 41(7): 95-102.
[9]	Lindong ZHAO,Wenqin ZHUANG,Jianxin CHEN,Liang ZHOU. Hierarchical task offloading in heterogeneous cellular network:modeling and optimization [J]. Journal on Communications, 2020, 41(4): 34-44.
[10]	Bing LIANG,Wen JI. Multiuser computation offloading for edge-cloud collaboration using submodular optimization [J]. Journal on Communications, 2020, 41(10): 25-36.
[11]	SU Mingfeng,WANG Guojun,LI Renfa. Multidimensional QoS cloud computing resource scheduling method based on stakeholder perspective [J]. Journal on Communications, 2019, 40(6): 102-115.
[12]	CHEN Xingshu,HUA Qiang,WANG Yitong,GE Long,ZHU Yi. Research on low-rate DDoS attack of SDN network in cloud environment [J]. Journal on Communications, 2019, 40(6): 210-222.
[13]	Wanliang WANG, Zelin ZANG, Guoqi CHEN, Hangyao TU, Yule WANG, Linyan LU. Research on optimal two element exchange algorithm for large scale cloud computing server scheduling problem [J]. Journal on Communications, 2019, 40(5): 180-191.
[14]	Hongyan QIAN,Hao XUE,Ming CHEN. UDM:NFV-based prevention mechanism against DDoS attack on SDN controller [J]. Journal on Communications, 2019, 40(3): 116-124.
[15]	Tian WANG,Xuewei SHEN,Hao LUO,Baisheng CHEN,Guojun WANG,Weijia JIA. Research progress of trusted sensor-cloud based on fog computing [J]. Journal on Communications, 2019, 40(3): 170-181.

VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 14

Related Articles 15

Metrics

Recommended 0