Intrusion Detection and Defense against DDoS Attack in Virtual Network Systems
Abstract
Cloud Security has involved a lot of research in past few years. Generally, attackers can discover vulnerabilities of a cloud system and virtual machines are compromised to install further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks involves many stages such as multi-step utilization, low frequency vulnerability scanning, and compromise identified vulnerable virtual machines as zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the Infrastructure-as-a-Service (IaaS) clouds, the discovery of zombie exploration attacks is really hard. It’s for the reason that the cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from being compromised in the cloud, the proposed method is a multi-phase distributed vulnerability detection and protection mechanism as a System called NICE, which is made on attack graph based analytical models and reconfigurable virtual network-based defenses. The suggested framework forces Open Flow network programming APIs to build a monitor and control plane over distributed programmable virtual switches in order to significantly improve attack detection and improve attack consequences. The system and security evaluations exhibit the efficiency and usefulness of the solution proposed for the attack.
Keywords
Full Text:
PDFReferences
Coud Sercurity Alliance, “Top threats to cloud computing v1.0,”https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf, March 2010.
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A view of cloud computing,” ACM Commun., vol. 53, no. 4, pp. 50–58, Apr. 2010.
B. Joshi, A. Vijayan, and B. Joshi, “Securing cloud computing environment against DDoS attacks,” IEEE Int’l Conf. Computer Communication and Informatics (ICCCI ’12), Jan. 2012.
H. Takabi, J. B. Joshi, and G. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security & Privacy, vol. 8, no. 6, pp. 24–31, Dec. 2010.
“Open vSwitch project,” http://openvswitch.org, May 2012. [6] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and spam zombies by monitoring outgoing messages,” IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 198–210, Apr. 2012.
O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, “Automated generation and analysis of attack graphs,” Proc. IEEE Symp. on Security and Privacy, 2002, pp. 273–284.
“NuSMV: A new symbolic model checker,” http://afrodite.itc.it: 1024/∼nusmv. Aug. 2012.
X. Ou, W. F. Boyer, and M. A. McQueen, “A scalable approach to attack graph generation,” Proc. of the 13th ACM conf. on Computer and communications security (CCS ’06), pp. 336–345. 2006.
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.