Introducing Fraudulent Energy Consumption in Cloud Infrastructures: A New Generation of Denial-of-Service Attacks

Currently, cloud computing is the target business environment for many enterprises and government organizations. However, despite the huge potential gains that can be achieved, security represents a fundamental issue, which prevents the massive cloud adoption in mission-critical Information Technology sectors. The most common security issues are amplified in the cloud environment since new complex features, with their inherent weaknesses, enter into the problem space, particularly those associated to multitenancy and elasticity. Thus, new threats, such as the energy-related denial-of-service attacks against large-scale cloud infrastructures, may involve not only the quality of the delivered services but also their operational costs in terms of energy bill. The longer is the time necessary to identify such attacks, the heavier is the impact on the overall energy consumption and, consequently, on the associated expenses. This work presents a detailed analysis of such new sophisticated menaces, by focusing on those that are specifically tailored to originate the worst-case energy demands by leveraging properly crafted low-rate traffic patterns in order to ensure stealth operations. We present some strategies exploiting the cloud flexibility in order to increase in a fraudulent way the overall energy consumption and analyze their impact within large-scale cloud infrastructures. This should help cloud providers in understanding such weaknesses and highlighting their root causes, as well as in providing some hints on how they can counter these subtle security issues.

[1]  Fang-Yie Leu,et al.  Analyzing job completion reliability and job energy consumption for a general MapReduce infrastructure , 2013, J. High Speed Networks.

[2]  Gabriel Maciá-Fernández,et al.  Defense techniques for low-rate DoS attacks against application servers , 2010, Comput. Networks.

[3]  Francesco Palmieri,et al.  Adaptive Stealth Energy-Related DoS Attacks against Cloud Data Centers , 2014, 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[4]  Francesco Palmieri,et al.  Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures , 2014, The Journal of Supercomputing.

[5]  Christian Esposito,et al.  Interconnecting Federated Clouds by Using Publish-Subscribe Service , 2013, Cluster Computing.

[6]  Joseph Idziorek,et al.  Exploiting Cloud Utility Models for Profit and Ruin , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[7]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2006, TNET.

[8]  Gabriel Maciá-Fernández,et al.  LoRDAS: A Low-Rate DoS Attack against Application Servers , 2007, CRITIS.

[9]  Xiao Guo,et al.  A queuing analysis for low-rate DoS attacks against application servers , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[10]  Gabriel Maciá-Fernández,et al.  Mathematical Model for Low-Rate DoS Attacks Against Application Servers , 2009, IEEE Transactions on Information Forensics and Security.

[11]  Massimo Ficco Security event correlation approach for cloud computing , 2013, Int. J. High Perform. Comput. Netw..

[12]  Francesco Palmieri,et al.  A distributed approach to network anomaly detection based on independent component analysis , 2014, Concurr. Comput. Pract. Exp..

[13]  Angelos D. Keromytis,et al.  Defending Against Next Generation Through Network/Endpoint Collaboration and Interaction , 2009 .

[14]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[15]  Francesco Palmieri,et al.  Evaluating Network-Based DoS Attacks under the Energy Consumption Perspective: New Security Issues in the Coming Green ICT Area , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[16]  Gabriel Maciá-Fernández,et al.  Evaluation of a low-rate DoS attack against application servers , 2008, Comput. Secur..

[17]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[18]  Zhenyu Wu,et al.  On Energy Security of Server Systems , 2012, IEEE Transactions on Dependable and Secure Computing.

[19]  Alessio Merlo,et al.  Green-Aware Security : Towards a new Research Field , 2012 .

[20]  Min Sik Kim,et al.  Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition , 2010, 2010 IEEE International Conference on Communications.

[21]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[22]  Gabriel Maciá-Fernández,et al.  Evaluation of a low-rate DoS attack against iterative servers , 2007, Comput. Networks.

[23]  Douglas Jacobson,et al.  The Insecurity of Cloud Utility Models , 2013, IT Professional.

[24]  L. Schwartz,et al.  Sophisticated Denial of Service attacks aimed at application layer , 2012, 2012 ELEKTRO.