Detection of economic denial of sustainability (EDoS) threats in self-organizing networks

Abstract This paper reviews the threat of economic denial of sustainability on recent communication networks and discusses their adaptation to emergent scenarios suited for self-organization and network function virtualization. Thorough the performed research two novel threats were defined: workload-based EDoS (W-EDoS) and Instantiation-based EDoS (I-EDoS). W-EDoS is characterized by executing expensive requests in terms of computational resources at the victim system, hence exhausting its workload and forcing operators to contract additional resources. On the other hand, I-EDoS occurs when the cloud management software deploys more instances of virtual network functions than needed as a response to requests that resemble legitimate, but are malicious, thus increasing the cost of the hired resources. In order to contribute to their mitigation, a security architecture that incorporates network-based intrusion detection capabilities for their recognition is proposed. It implements strategies that lie on predicting the behavior of the protected system, constructing adaptive thresholds, and clustering of instances based on productivity. An extensive experimentation has been conducted to demonstrate the proposal effectiveness, which includes case studies and the accuracy assessment when considering different adjustment parameters. Under the most intense conditions, the highest AUC performed above 98% when assessing the I-EDoS detection accuracy, being the same reading higher than 99% in the case of W-EDoS.

[1]  Kriti Bhushan,et al.  DDoS attack mitigation and resource provisioning in cloud using fog computing , 2017, 2017 International Conference On Smart Technologies For Smart Nation (SmartTechCon).

[2]  Khelchandra Thongam,et al.  Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks , 2016, Entropy.

[3]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[4]  S VivinSandar,et al.  Economic Denial of Sustainability (EDoS) in Cloud Services using HTTP and XML based DDoS Attacks , 2012 .

[5]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[6]  George M. Mohay,et al.  A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events , 2014, Comput. Secur..

[7]  Carolina Fortuna,et al.  Trends in the development of communication networks: Cognitive networks , 2009, Comput. Networks.

[8]  Brendan Jennings,et al.  Towards autonomic management of communications networks , 2007, IEEE Communications Magazine.

[9]  Songqing Chen,et al.  Attribution of Economic Denial of Sustainability Attacks in Public Clouds , 2016, SecureComm.

[10]  Dong Liang,et al.  Self-configuration and self-optimization in LTE-advanced heterogeneous networks , 2013, IEEE Communications Magazine.

[11]  Philippe Owezarski,et al.  Modeling Internet backbone traffic at the flow level , 2003, IEEE Trans. Signal Process..

[12]  Henning Sanneck,et al.  LTE Self-Organising Networks (SON): Network Management Automation for Operational Efficiency , 2012 .

[13]  Yanfei Sun,et al.  Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid , 2017, IEEE Transactions on Smart Grid.

[14]  Selvakumar Manickam,et al.  Critical Review of Economical Denial of Sustainability (EDoS) Mitigation Techniques , 2015, J. Comput. Sci..

[15]  Steven C. Wheelwright,et al.  Forecasting methods and applications. , 1979 .

[16]  C. Holt Author's retrospective on ‘Forecasting seasonals and trends by exponentially weighted moving averages’ , 2004 .

[17]  Athanasios V. Vasilakos,et al.  Passive IP Traceback: Disclosing the Locations of IP Spoofers From Path Backscatter , 2015, IEEE Transactions on Information Forensics and Security.

[18]  Gabriel Maciá-Fernández,et al.  A model-based survey of alert correlation techniques , 2013, Comput. Networks.

[19]  Rob J Hyndman,et al.  Prediction intervals for exponential smoothing using two new classes of state space models 30 January 2003 , 2003 .

[20]  Byung kwan Lee,et al.  An IP Traceback Protocol using a Compressed Hash Table, a Sinkhole Router and Data Mining based on Network Forensics against Network Attacks , 2014, Future Gener. Comput. Syst..

[21]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2017, Comput. Commun..

[22]  Valentin Rakovic,et al.  Visions Towards 5G: Technical Requirements and Potential Enablers , 2016, Wirel. Pers. Commun..

[23]  Spyros Makridakis,et al.  The M3-Competition: results, conclusions and implications , 2000 .

[24]  Muhammad Ali Imran,et al.  A Survey of Self Organisation in Future Cellular Networks , 2013, IEEE Communications Surveys & Tutorials.

[25]  Sriram Chellappan,et al.  A Statistical Framework to Forecast Duration and Volume of Internet Usage Based on Pervasive Monitoring of NetFlow Logs , 2018, 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA).

[26]  Félix J. García Clemente,et al.  Towards the autonomous provision of self-protection capabilities in 5G networks , 2019, J. Ambient Intell. Humaniz. Comput..

[27]  Deven Shah,et al.  Fuzzy Entropy Based Feature Selection for Website User Classification in EDoS Defense , 2017 .

[28]  Gregory Ditzler,et al.  Learning in Nonstationary Environments: A Survey , 2015, IEEE Computational Intelligence Magazine.

[29]  Chuang Lin,et al.  On Denial of Service Attacks in Software Defined Networks , 2016, IEEE Network.

[30]  Franco Zambonelli,et al.  Case studies for self-organization in computer science , 2006, J. Syst. Archit..

[31]  L. Javier García-Villalba,et al.  Key Technologies in the Context of Future Networks: Operational and Management Requirements , 2016, Future Internet.

[32]  Kakali Chatterjee,et al.  Cloud security issues and challenges: A survey , 2017, J. Netw. Comput. Appl..

[33]  Ahmed Karmouch,et al.  Towards Autonomic Network Management: an Analysis of Current and Future Research Directions , 2009, IEEE Communications Surveys & Tutorials.

[34]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[35]  Yehuda Afek,et al.  Making DPI Engines Resilient to Algorithmic Complexity Attacks , 2016, IEEE/ACM Transactions on Networking.

[36]  Rob J Hyndman,et al.  Prediction Intervals for Exponential Smoothing State Space Models , 2001 .

[37]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[38]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[39]  Gene K. Groff Empirical Comparison of Models for Short Range Forecasting , 1973 .

[40]  Zubair A. Baig,et al.  Controlled access to cloud resources for mitigating Economic Denial of Sustainability (EDoS) attacks , 2016, Comput. Networks.

[41]  Steven C. Hillmer,et al.  An ARIMA-Model-Based Approach to Seasonal Adjustment , 1982 .

[42]  Richard R. Brooks,et al.  Deceiving entropy based DoS detection , 2015, Comput. Secur..

[43]  Franco Zambonelli,et al.  A survey of autonomic communications , 2006, TAAS.

[44]  Song Guo,et al.  Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient , 2012, IEEE Transactions on Parallel and Distributed Systems.

[45]  Robi Polikar,et al.  Incremental Learning of Concept Drift in Nonstationary Environments , 2011, IEEE Transactions on Neural Networks.

[46]  E. S. Gardner,et al.  FORECASTING WITH EXPONENTIAL SMOOTHING: SOME GUIDELINES FOR MODEL SELECTION , 1980 .

[47]  Wanlei Zhou,et al.  Detection and defense of application-layer DDoS attacks in backbone web traffic , 2014, Future Gener. Comput. Syst..

[48]  Alberto Leon-Garcia,et al.  Anomaly Detection using Resource Behaviour Analysis for Autoscaling systems , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[49]  Martin J. Reed,et al.  Uniform DoS traceback , 2014, Comput. Secur..

[50]  Alberto Leon-Garcia,et al.  eDoS Mitigation for Autonomic Management on Multi-Tier IoT , 2018, 2018 14th International Conference on Network and Service Management (CNSM).

[51]  Kaiping Xue,et al.  Combining Data Owner-Side and Cloud-Side Access Control for Encrypted Cloud Storage , 2018, IEEE Transactions on Information Forensics and Security.

[52]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Collateral damage to non-targets , 2016, Comput. Networks.

[53]  Theo Kanter,et al.  Supporting Self-Organization with Logical-clustering Towards Autonomic Management of Internet-of- Things , 2015 .

[54]  Ahmad Shawahna,et al.  EDoS-ADS: An Enhanced Mitigation Technique Against Economic Denial of Sustainability (EDoS) Attacks , 2020, IEEE Transactions on Cloud Computing.

[55]  Song Guo,et al.  Can We Beat DDoS Attacks in Clouds? , 2014, IEEE Transactions on Parallel and Distributed Systems.

[56]  Paramvir Singh,et al.  Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges , 2017, Comput. Secur..

[57]  Ahmad T. Al-Hammouri,et al.  Fast Flux Watch: A mechanism for online detection of fast flux networks , 2014, Journal of advanced research.

[58]  Stephen A. Jarvis,et al.  Grid load balancing using intelligent agents , 2005, Future Gener. Comput. Syst..