Low rate cloud DDoS attack defense method based on power spectral density analysis

被引：46

作者：

Agrawal, Neha ^{[1
]}

Tapaswi, Shashikala ^{[1
]}

机构：

[1] Atal Bihari Vajpayee Indian Inst Informat Technol, Gwalior 474015, MP, India

来源：

INFORMATION PROCESSING LETTERS | 2018年 / 138卷

关键词：

Availability; Low-rate DDoS attack; Power spectral density; Performance evaluation; OpenStack cloud platform; MITIGATION;

D O I：

10.1016/j.ipl.2018.06.001

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The major threat to the availability of cloud computing resources and services is Distributed Denial-of-Service (DDoS) attack. DDoS is a multifaceted attack, and the detection of Low-rate DDoS (LDDoS) attack is a challenging task due to its stealthy and low-rate attack traffic behavior. The objective of the letter is to propose an approach which detects and mitigates the LDDoS attack in the frequency-domain. A power spectral density (PSD) based approach is proposed which monitors and analyzes real-time aggregate traffic for the attack detection. It mainly consists of five phases; the first four phases are in the time-domain while the last phase is in the frequency-domain. The approach is implemented on the OpenStack-based closed setup of a real cloud environment. The experimental results show that the approach is adaptive, and provides 3.7% false positive rate (FPR) and 4.9% false negative rate (FNR) which are comparable. (C) 2018 Elsevier B.V. All rights reserved.

引用

页码：44 / 50

页数：7

共 18 条

[1] A Lightweight Approach to Detect the Low/High Rate IP Spoofed Cloud DDoS Attacks [J].

Agrawal, Neha ;

Tapaswi, Shashikala .

2017 IEEE 7TH INTERNATIONAL SYMPOSIUM ON CLOUD AND SERVICE COMPUTING (SC2 2017), 2017, :118-123

[2] Defense schemes for variants of distributed denial-of-service (DDoS) attacks in cloud computing: A survey [J].

Agrawal N. ;

Tapaswi S. .

Information Security Journal, 2017, 26 (02) :61-73

[3] An optimized reconfigurable power spectral density converter for real-time shrew DDoS attacks detection [J].

Chen, Hao ;

Gaska, Thomas ;

Chen, Yu ;

Summerville, Douglas H. .

COMPUTERS & ELECTRICAL ENGINEERING, 2013, 39 (02) :295-308

[4] Collaborative detection and filtering of shrew DDoS attacks using spectral analysis [J].

Chen, Yu ;

Hwang, Kai .

JOURNAL OF PARALLEL AND DISTRIBUTED COMPUTING, 2006, 66 (09) :1137-1151

[5] Power spectrum entropy based detection and mitigation of low-rate DoS attacks [J].

Chen, Zhaomin ;

Yeo, Chai Kiat ;

Lee, Bu Sung ;

Lau, Chiew Tong .

COMPUTER NETWORKS, 2018, 136 :80-94

[6] Spectral Analysis of Low Rate of Denial of Service Attacks Detection based on Fisher and Siegel Tests [J].

Cotae, Paul ;

Kang, Myong ;

Velazquez, Alexander .

2016 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2016,

[7]

Dan Tang, 2014, Journal of Networks, V9, P2674, DOI 10.4304/jnw.9.10.2674-2681

[8]

Fouladi RF, 2016, 2016 39TH INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS AND SIGNAL PROCESSING (TSP), P104, DOI 10.1109/TSP.2016.7760838

[9] Remote detection of bottleneck links using spectral and statistical methods [J].

He, Xinming ;

Papadopoulos, Christos ;

Heidemann, John ;

Mitra, Urbashi ;

Riaz, Usman .

COMPUTER NETWORKS, 2009, 53 (03) :279-298

[10] Real-time DDoS attack detection using FPGA [J].

Hoque, N. ;

Kashyap, H. ;

Bhattacharyya, D. K. .

COMPUTER COMMUNICATIONS, 2017, 110 :48-58

← 1 2 →