云环境下的“云滴冻结”攻击

doi:10.3969/j.issn.1001-2400.2014.03.017

Abstract

Abstract:

This paper proposes a novel and practical distributed denial-of-service attack model—cloud droplets freezing attack, by studying the characteristics of the server cluster deployment in cloud computing context. Experimental results show that the attacker can control the infected virtual machine to launch the attack. Such an attack not only produces a serious congestion effect to the internal network bandwidth of cloud server clusters, but also exhausts physical host resources such as memory and CPU. To achieve effective denial-of-service attacks, the attack illegally occupies resources that are originally assigned to a legitimate virtual machine. Combined with the defense related technologies toward traditional denial-of-service attack and the quantitative analysis of the principle of the Cloud droplets attack, the paper discusses the Cloud droplets freezing defense methods.

Key words: cloud computing, distributed denial of service attack, network security, botnet

CLC Number:

TP309

WANG Yichuan;MA Jianfeng;LU Di;ZHANG Liumei;MENG Xianjia. Cloud droplets freezing attack in cloud computing[J].J4, 2014, 41(3): 116-122.

References

［1］ Jansen W, Timothy G. Security Guidance for Critical Areas of Focus in Cloud Computing v3.0［M］. Phoenix: Cloud Security Alliance, 2011.
［2］冯登国, 张敏, 张妍, 等. 云计算安全研究［J］. 软件学报, 2011, 22(1): 71-83.
Feng Dengguo, Zhang Min, Zhang Yan, et al. Study on Cloud Computing Security［J］. Journal of Software, 2011, 22(1): 71-83.
［3］ Modi C, Patel D, Borisanyia B, et al. A Survey on Security Issues and Solutions at Different Layers of Cloud Computing ［J］. Journal of Supercomputing, 2013, 63(2): 561-592.
［4］ Choi H, Lee H. Identifying Botnets by Capturing Group Activities in DNS Traffic ［J］. Computer Networks, 2012, 56(1): 20-33.
［5］ Hunt N, Bergan T, Ceze L, et al. DDOS: Taming Nondeterminism in Distributed Systems ［C］//Proceedings of the 18th International Conference on Architectural Support for Programming Languages and oPerating Systems. New York: ACM, 2013: 499-508.
［6］ Botezatu B. Anatomy of a Botnet ［R］. Burlington: Arbor Networks, 2010.
［7］ Arbor Networks. 8th Annual Worldwide Infrastructure Security Report ［R］. Burlington: Arbor Networks, 2013.
［8］ Studer A, Perrig A. The Coremelt Attack ［C］//Lectures Notes in Computer Science. Heidelberg: Springer, 2009: 37-52.
［9］ Liu Jiuxing, Huang Wei, Abali B, et al. High Performance VMM-bypass I/O in Virtual Machines ［C］//Proceedings of the Annual Conference on USENIX: 6. Berkeley: USENIX Association, 2006: 3.
［10］ Wang Haining, Zhang Danlu, Shin K G. Detecting SYN Flooding Attacks ［C］//Proceedings of IEEE 21st Annual Joint Conference on Computer and Communications Societies: 3. Piscataway: IEEE, 2002: 1530-1539.
［11］ Manikopoulos C, Papavassiliou S. Network Intrusion and Fault Detection: a Statistical Anomaly Approach ［J］. IEEE Communications Magazine , 2002, 40(10): 76-82.
［12］ Mirkovic J, Reiher P. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms ［J］. Computer Communication Review, 2004, 34(2): 39-53.

[1]	LI Huadong,ZHANG Xueliang,WANG Xiaolei,LIU Hui,WANG Pengcheng,DU Junzhao. Multi-node cooperative game load balancing strategy in the Kubernetes cluster [J]. Journal of Xidian University, 2021, 48(6): 16-22.
[2]	LIU Huayuan,SU Yunfei,LI Ruilin,TANG Chaojing. Structure-statebased graybox Fuzzing technique [J]. Journal of Xidian University, 2021, 48(1): 117-123.
[3]	LI Teng,CAO Shijie,YIN Siwei,WEI Dawei,MA Xindi,MA Jianfeng. Optimal method for the generation of the attack path based on the Q-learning decision [J]. Journal of Xidian University, 2021, 48(1): 160-167.
[4]	YANG Hongyu,ZENG Renyun. Method for assessment of network security situation with deep learning [J]. Journal of Xidian University, 2021, 48(1): 183-190.
[5]	YANG Hongyu,ZHANG Xugao. Network security situation adaptive prediction model [J]. Journal of Xidian University, 2020, 47(3): 14-22.
[6]	WANG Yan. Enhanced multi-objective evolutionary algorithm for workflow scheduling on the cloud platform [J]. Journal of Xidian University, 2019, 46(1): 130-136.
[7]	YANG Baowang. Low-rate-denial-of-service attack detection by symbolic dynamics method [J]. Journal of Xidian University, 2018, 45(1): 140-144.
[8]	HAN Kun;ZHANG Hailin;XIN Dan;WU Bo;KANG Yuanji. Design method of an identity-based fully homomorphic encryption library [J]. Journal of Xidian University, 2017, 44(4): 56-61.
[9]	JING Weipeng;HUO Shuaiqi;CHEN Guangsheng;LIU Yaqiu. Novel mixed-criticality reliability scheduling strategy and schedulability test [J]. Journal of Xidian University, 2016, 43(6): 158-163.
[10]	LIANG Hongquan;WU Wei. Secure link status routing protocol based on node trustworthiness [J]. Journal of Xidian University, 2016, 43(5): 121-127.
[11]	HUANG Chunshui;REN Yanli;CAI Jianxing. Verifiable outsourcing scheme for batch modular exponentiations [J]. Journal of Xidian University, 2016, 43(4): 135-140.
[12]	JING Weipeng;WU Zhibo;LIU Hongwei;SHU Yanjun. Multiple DAGs dynamic workflow reliability scheduling algorithm in a cloud computing system [J]. Journal of Xidian University, 2016, 43(2): 83-88.
[13]	WANG Jindong;YU Dingkun;ZHANG Hengwei;WANG Na. Active defense strategy selection based on the static Bayesian game [J]. J4, 2016, 43(1): 144-150.
[14]	LIU Xing;YUAN Chaowei;YANG Zhen;LI Zhenjun. Services promote Lyapunov-based strategy in mobile cloud computing [J]. J4, 2015, 42(6): 138-144.
[15]	WANG Zhiqiang;ZHANG Yuqing;LIU Qixu;HUANG Tingpei. Algorithm for discovering SNMP protocol vulnerability [J]. J4, 2015, 42(4): 20-26+40.

Cloud droplets freezing attack in cloud computing

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Metrics

Comments

Recommended 10