当前位置: X-MOL 学术IEEE Trans. Serv. Comput. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Optimal Load Distribution for the Detection of VM-based DDoS Attacks in the Cloud
IEEE Transactions on Services Computing ( IF 5.5 ) Pub Date : 2020-01-01 , DOI: 10.1109/tsc.2017.2694426
Omar Abdel Wahab , Jamal Bentahar , Hadi Otrok , Azzam Mourad

Distributed Denial of Service (DDoS) constitutes a major threat against cloud systems owing to the large financial losses it incurs. This motivated the security research community to investigate numerous detection techniques to limit such attack's effects. Yet, the existing solutions are still not mature enough to satisfy a cloud-dedicated detection system's requirements since they overlook the attacker's wily strategies that exploit the cloud's elastic and multi-tenant properties, and ignore the cloud system's resources constraints. Motivated by this fact, we propose a two-fold solution that allows, first, the hypervisor to establish credible trust relationships toward guest Virtual Machines (VMs) by considering objective and subjective trust sources and employing Bayesian inference to aggregate them. On top of the trust model, we design a trust-based maximin game between DDoS attackers trying to minimize the cloud system's detection and hypervisor trying to maximize this minimization under limited budget of resources. The game solution guides the hypervisor to determine the optimal detection load distribution among VMs in real-time that maximizes DDoS attacks’ detection. Experimental results reveal that our solution maximizes attacks’ detection, decreases false positives and negatives, and minimizes CPU, memory and bandwidth consumption during DDoS attacks compared to the existing detection load distribution techniques.

中文翻译:

用于检测云中基于 VM 的 DDoS 攻击的最佳负载分配

分布式拒绝服务 (DDoS) 是对云系统的主要威胁,因为它会造成巨大的经济损失。这促使安全研究社区研究多种检测技术以限制此类攻击的影响。然而,现有的解决方案仍然不够成熟,无法满足云专用检测系统的要求,因为它们忽略了攻击者利用云的弹性和多租户属性的狡猾策略,也忽略了云系统的资源限制。受这一事实的启发,我们提出了一个双重解决方案,首先,管理程序通过考虑客观和主观信任来源并采用贝叶斯推理来聚合它们,从而建立对来宾虚拟机 (VM) 的可信信任关系。在信任模型之上,我们在 DDoS 攻击者试图最小化云系统的检测和管理程序试图在有限的资源预算下最大化这种最小化之间设计了一个基于信任的最大化博弈。游戏解决方案指导虚拟机管理程序实时确定虚拟机之间的最佳检测负载分布,以最大限度地提高 DDoS 攻击的检测能力。实验结果表明,与现有的检测负载分配技术相比,我们的解决方案最大限度地提高了攻击检测率,减少了误报和误报,并最大限度地减少了 DDoS 攻击期间的 CPU、内存和带宽消耗。游戏解决方案指导虚拟机管理程序实时确定虚拟机之间的最佳检测负载分布,以最大限度地提高 DDoS 攻击的检测能力。实验结果表明,与现有的检测负载分配技术相比,我们的解决方案最大限度地提高了攻击检测率,减少了误报和误报,并最大限度地减少了 DDoS 攻击期间的 CPU、内存和带宽消耗。游戏解决方案指导虚拟机管理程序实时确定虚拟机之间的最佳检测负载分布,以最大限度地提高 DDoS 攻击的检测能力。实验结果表明,与现有的检测负载分配技术相比,我们的解决方案最大限度地提高了攻击检测率,减少了误报和误报,并最大限度地减少了 DDoS 攻击期间的 CPU、内存和带宽消耗。
更新日期:2020-01-01
down
wechat
bug