云计算中基于SAPA的DoS攻击防御方法

doi:10.11959/j.issn.1000-436x.2017079

Abstract

Abstract:

Denial of service (DoS) attack was one of the major threats to cloud computing.Security access path algorithm (SAPA) used node route table (NRT) to compose security access path.It simplified role nodes of traditional secure overlay services (SOS),and periodically updated role nodes,and cached security access paths.Therefore,SAPA was more appropriate for cloud computing to defend DoS attacks.Based on the turn routing architecture of cloud computing,the mathematical model of SAPA was built and its performance was analyzed in theory.The performance of SAPA was tested in OMNeT++ experimental platform.Also,the Test-bed experiments were performed to evaluate the effectiveness of SAPA for defending DoS attack.Experimental results show that comparing with SOS,SAPA can degrade the impact of communication success rate caused by DoS attack effectively,and guarantees the access delay small enough.

Key words: cloud computing, DoS attack, secure access path algorithm, defense

CLC Number:

TP393.08

Meng YUE,Kun LI,Zhi-jun WU. SAPA-based approach for defending DoS attacks in cloud computing[J]. Journal on Communications, 2017, 38(4): 129-139.

Figures/Tables 10

References 19

[1]	CHANG R K C . Defending against flooding-based distributed denial-of-service attacks:a tutorial[J]. IEEE Communications Magazine, 2002,40(10): 42-51.
[2]	CHONKA A , XIANG Y , ZHOU W L ,et al. Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks[J]. Journal of Network and Computer Applications, 2011,34(4): 1097-1107.
[3]	YU S , TIAN Y H , GUO S ,et al. Can we beat DDoS attacks in clouds?[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25(9): 2245-2254.
[4]	GIRMA A , GARUBA M , LI J ,et al. Analysis of DDoS attacks and an introduction of a hybrid statistical model to detect ddos attacks on cloud computing environment[C]// 12th International Conference on Information Technology-New Generations. 2015: 212-217.
[5]	OSANAIYE O A , DLODLO M . TCP/IP header classification for detecting spoofed DDoS attack in Cloud environment[C]// EUROCON 2015 International Conference on Computer as a Tool. 2015: 1-6.
[6]	LIU Z G , YIN X C , LEE H J . A new network flow grouping method for preventing periodic shrew DDoS attacks in cloud computing[C]// 2016 18th International Conference on Advanced Communication Technology (ICACT). 2016: 66-69.
[7]	韩志杰, 段晓阳 . 基于云计算平台的防御拒绝服务攻击方法[J]. 信息化研究, 2011,37(5): 67-69.
	HAN Z J , DUAN X Y . Defense strategy of denial of service attacks based on cloud computing platform[J]. Informatization Research, 2011,37(5): 67-69.
[8]	韩伟 . 基于 Hadoop 云计算平台下 DDoS 攻击防御研究[D]. 太原:太原科技大学, 2011.
	HAN W . DDoS attack defense research based on Hadoop cloud computing platform[D]. Taiyuan:Taiyuan University of Science and Technology, 2011.
[9]	吴志军, 崔奕, 岳猛 . 基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDoS攻击方法[J]. 通信学报, 2015,36(1): 1-8.
	WU Z J , CUI Y , YUE M . VHSAP-based approach of defending against DDoS attacks for cloud computing routing platforms[J]. Journal on Communications, 2015,36(1): 1-8.
[10]	KEROMYTIS A D , MISRA V , RUBENSTEIN D . SOS:secure overlay services[C]// The 2002 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications. 2002.
[11]	KEROMYTIS A D , MISRA V , RUBENSTEIN D . SOS:an architecture for mitigating DDoS attacks[J]. IEEE Journal on Selected Areas in Communications, 2004,22(1): 176-187.
[12]	卢国强 . 云计算环境下的泛联路由平台[J]. 信息安全与技术, 2010(8): 106-108.
	LU G Q . Tum routing platform in cloud computing[J]. Information Security and Technology, 2010(8): 106-108.
[13]	STOICA I , MORRIS R,LIBEN-NOWELL D ,et al. Chord:a scalable peer-to-peer lookup protocol for internet applications[J]. IEEE/ACM Transactions on Networking, 2003,11(1): 17-32.
[14]	刘孟 . 云环境下 DDoS 攻击攻防体系及其关键技术研究[D]. 南京:南京大学, 2016.
	LIU M . Architecture of DDoS attacks defense in cloud environment and its key technology[D]. Nanjing:Nanjing University, 2016.
[15]	ZOLTAN F , PETER F , STEFAN L ,et al. Performance analysis of IPsec in mobile IPv6 scenarios[C]// The 16th IST Mobile and Wireless Communication Summit. 2007: 1-5.
[16]	KHALED S , KHALID E , RAOUF B . Performance modeling and analysis of network firewalls[J]. IEEE Transactions on Network and Service Management, 2012,9(1): 12-21.
[17]	LIU M , DOU W C , YU S ,et al. A decentralized cloud firewall framework with resources provisioning cost optimization[J]. IEEE Transactions on Parallel and Distributed Systems, 2015,26(3): 621-631.
[18]	MOREIN W G , STAVROU A , COOK D L ,et al. Using graphic turning tests to counter automated DDoS attacks against Web servers[C]// The 10th ACM Conference on Computer and Communications Security. 2003: 8-19.
[19]	ANGELOS S , DEBRA L C , WILLIAM G M ,et al. WebSOS:an overlay-based system for protecting Web servers from denial of service attacks[J]. Journal of Computer Networks, 2005,48(5): 781-807.

Metrics

Recommended 0

No Suggested Reading articles found!

方法	无DoS攻击/（次·秒^-1）	有DoS攻击（/ 次·秒^-1）
SOS（OMNeT++）	4 667	3 209
SAPA（OMNeT++）	7 299	6 582
SOS（Test-bed）	4 459	3 071
SAPA（Test-bed）	7 024	6 344

SAPA-based approach for defending DoS attacks in cloud computing

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 19

Related Articles 15

Metrics

Recommended 0

[1]	Ling MA, Qiliang FAN, Ting XU, Guanchen GUO, Shenglin ZHANG, Yongqian SUN, Yuzhi ZHANG. Scheduling framework based on reinforcement learning in online-offline colocated cloud environment [J]. Journal on Communications, 2023, 44(6): 90-102.
[2]	Yingze LIU, Yuanbo GUO, Chen FANG, Yongfei LI, Qingli CHEN. Intelligent planning method for cyber defense strategies based on bounded rationality [J]. Journal on Communications, 2023, 44(5): 52-63.
[3]	Dacheng ZHOU, Hongchang CHEN, Weizhen HE, Guozhen CHENG, Hongchao HU. Research on multidimensional dynamic defense strategy for microservice based on deep reinforcement learning [J]. Journal on Communications, 2023, 44(4): 50-63.
[4]	Jinyin CHEN, Haiyang XIONG, Haonan MA, Yayu ZHENG. CLB-Defense: based on contrastive learning defense for graph neural network against backdoor attack [J]. Journal on Communications, 2023, 44(4): 154-166.
[5]	Jin ZHANG, Qiang GE, Weihai XU, Yiming JIANG, Hailong MA, Hongtao YU. Design, implementation and formal verification of BGP proxy for mimic router [J]. Journal on Communications, 2023, 44(3): 33-44.
[6]	Ming XU, Baojun ZHANG, Yiming WU, Chenduo YING, Ning ZHENG. Cyber attacks and privacy protection distributed consensus algorithm for multi-agent systems [J]. Journal on Communications, 2023, 44(3): 117-127.
[7]	Dacheng ZHOU, Hongchang CHEN, Guozhen CHENG, Weizhen HE, Ke SHANG, Hongchao HU. Design and implementation of adaptive mimic voting device oriented to persistent connection [J]. Journal on Communications, 2022, 43(6): 71-84.
[8]	Hongyong JIA, Yunfei PAN, Wenhe LIU, Junjie ZENG, Jianhui ZHANG. Executive dynamic scheduling algorithm based on high-order heterogeneity [J]. Journal on Communications, 2022, 43(3): 233-245.
[9]	Zhibin FENG, Yuhua XU, Zhiyong DU, Xin LIU, Wen LI, Hao HAN, Xiaobo ZHANG. Active defense technology against intelligent jammer [J]. Journal on Communications, 2022, 43(10): 42-54.
[10]	Jinyin CHEN, Shulong HU, Changyou XING, Guomin ZHANG. Deception defense method against intelligent penetration attack [J]. Journal on Communications, 2022, 43(10): 106-120.
[11]	Bin YU, Nan ZHANG, Xu LU, Zhenhua DUAN, Cong TIAN. Runtime verification approach for DoS attack detection in edge servers [J]. Journal on Communications, 2021, 42(9): 75-86.
[12]	Yiyu YANG, Wei ZHOU, Shangru ZHAO, Cong LIU, Yuhui ZHANG, He WANG, Wenjie WANG, Yuqing ZHANG. Survey of IoT security research: threats, detection and defense [J]. Journal on Communications, 2021, 42(8): 188-205.
[13]	Qing TONG, Yunfei GUO, Shumin HUO, Yawen WANG, Yujia MAN, Kai ZHANG. Design of self-adaptive spatio-temporal diversity joint scheduling strategy [J]. Journal on Communications, 2021, 42(7): 12-24.
[14]	Huaqun WANG, Zhe LIU, Debiao HE, Jiguo LI. Identity-based provable data possession scheme for multi-source IoT terminal data in public cloud [J]. Journal on Communications, 2021, 42(7): 52-60.
[15]	Xiaoyu XU, Hao HU, Hongqi ZHANG, Yuling LIU. Random routing defense method based on deep deterministic policy gradient [J]. Journal on Communications, 2021, 42(6): 41-51.