CLOUD COMPUTING STRATEGY FOR OVERFLOW OF DENIED DATA

The success of the cloud computing paradigm is due to its on-demand, self-service, and pay-by-use nature. According to this paradigm, the effects of Denial of Service (DoS) attacks involve not only the quality of the delivered service, but also the service maintenance costs in terms of resource consumption. Specifically, the longer the detection delay is, the higher the costs to be incurred. Therefore, a particular attention has to be paid for stealthy DoS attacks. They aim at minimizing their visibility, and at the same time, they can be as harmful as the brute-force attacks. They are sophisticated attacks tailored to leverage the worst-case performance of the target system through specific periodic, pulsing, and low-rate traffic patterns. In this paper, we propose a strategy to orchestrate stealthy attack patterns, which exhibit a slowly-increasing-intensity trend designed to inflict the maximum financial cost to the cloud customer, while respecting the job size and the service arrival rate imposed by the detection mechanisms. We describe both how to apply the proposed strategy, and its effects on the target system deployed in the cloud.

[1]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[2]  Kieran McCorry,et al.  Security and Privacy Governance in Cloud Computing via SLAs and a Policy Orchestration Service , 2012, CLOSER.

[3]  Angelos D. Keromytis,et al.  Defending Against Next Generation Through Network/Endpoint Collaboration and Interaction , 2009 .

[4]  Somesh Jha,et al.  Backtracking Algorithmic Complexity Attacks against a NIDS , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[5]  Antonio Nucci,et al.  Robust and efficient detection of DDoS attacks for large-scale internet , 2007, Comput. Networks.

[6]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[7]  Anat Bremler-Barr,et al.  Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[8]  Xiao Guo,et al.  A queuing analysis for low-rate DoS attacks against application servers , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[9]  Salvatore Venticinque,et al.  Architecturing a Sky Computing Platform , 2010, ServiceWave Workshops.

[10]  Christoph Meinel,et al.  Intrusion Detection in the Cloud , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[11]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[12]  Gene Tsudik,et al.  Improving secure server performance by re-balancing SSL/TLS handshakes , 2006, ASIACCS '06.

[13]  Xing Li,et al.  Thwarting Zero-Day Polymorphic Worms With Network-Level Length-Based Signature Generation , 2010, IEEE/ACM Transactions on Networking.