A confidence-based filtering method for DDoS attack defense in cloud environment

Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected in the non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet in the attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement, and an acceptable filtering accuracy. It specifically satisfies the real-time filtering requirements in cloud environment.

[1]  Katerina J. Argyraki,et al.  Optimal Filtering of Source Address Prefixes: Models and Algorithms , 2009, IEEE INFOCOM 2009.

[2]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[3]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[4]  Akihiro Nakao,et al.  DDoS Defense Deployment with Network Egress and Ingress Filtering , 2010, 2010 IEEE International Conference on Communications.

[5]  Wanlei Zhou,et al.  Chaos theory based detection against network mimicking DDoS attacks , 2009, IEEE Communications Letters.

[6]  Jinjun Chen,et al.  An evaluation method of outsourcing services for developing an elastic cloud platform , 2010, The Journal of Supercomputing.

[7]  Jiawei Han,et al.  Data Mining: Concepts and Techniques, Second Edition , 2006, The Morgan Kaufmann series in data management systems.

[8]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[9]  Xin Yuan,et al.  Controlling IP Spoofing through Interdomain Packet Filters , 2008, IEEE Transactions on Dependable and Secure Computing.

[10]  Jennifer Widom,et al.  Models and issues in data stream systems , 2002, PODS.

[11]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[12]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[13]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[14]  Sneha Kumar Kasera,et al.  Fast and robust signaling overload control , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[15]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[16]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[17]  Min Sik Kim,et al.  Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition , 2010, 2010 IEEE International Conference on Communications.

[18]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[19]  Shun-Zheng Yu,et al.  A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors , 2009, IEEE/ACM Transactions on Networking.

[20]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[21]  H. Jonathan Chao,et al.  ALPi: A DDoS Defense System for High-Speed Networks , 2006, IEEE Journal on Selected Areas in Communications.

[22]  Minyi Guo,et al.  Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks , 2009, IEEE Transactions on Parallel and Distributed Systems.

[23]  Liang-Jie Zhang,et al.  CCOA: Cloud Computing Open Architecture , 2009, 2009 IEEE International Conference on Web Services.