期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

面向云环境内部DDoS攻击检测的博弈论优化 被引量:14

Game Optimization for Internal DDoS Attack Detection in Cloud Computing
下载PDF
导出
摘要 结合传统基于虚拟机内省(virtual machine introspection-based,VMI)和基于网络(networkbased)入侵检测系统(intrusion detection system,IDS)的特点,提出一种部署在云服务器集群内部的协同入侵检测系统(virtual machine introspection&network-based IDS,VMI-N-IDS)来抵御云环境内部分布式拒绝服务攻击(distributed denial of service,DDoS)攻击威胁,比如"云滴冻结"攻击.将入侵检测系统和攻击者看作是博弈的双方,提出一种针对云服务器集群内部DDoS攻击与检测的博弈论模型;分别给出博弈双方的效用函数,并证明了该模型子博弈精炼纳什均衡;给出了权衡误报率和恶意软件规模控制的最佳防御策略,解决了动态调整云环境内部入侵检测策略的问题.实验表明,VMI-N-IDS能够有效抵御云环境内部DDoS攻击威胁. A collaborative intrusion detection system (IDS) model, entitled virtual machine introspection network-based IDS (VMI-N-IDS) is proposed, which is based on traditional introspection-based IDS and network-based IDS, for the defense of internal distributed denial of service (DDoS) attack threat of cloud cluster (e. g. cloud droplets freezing, CDF Attack). The CDF attack can exhaust the internal bandwidth of the cluster, the CPU and the memory resources of physical servers. Based on the game theory, IDS and attacker are treated as the two game parties in the VMI-N-IDS model. Utility functions of the two parties are supported, and it is proved that the game model is a non-cooperative and repeated game of incomplete information, and the subgame perfect Nash equilibrium is existent. Finally, the optimal defense strategy is proposed, which is the tradeoff between the false alarm rate and the malicious software size control, for solving the problem of dynamical adjustment strategy of internal intrude detection. The best strategy for the stages of IDS is to increase the threshold value β when the mathematical expectation of the suspicious value is greater than the load of server resources, and to reduce such value conversely. Experimental result shows that the proposed method can effectively defense the internal DDoS attack threat in the cloud environment.
作者 王一川 马建峰 卢笛 张留美 孟宪佳
机构地区 西安理工大学计算机科学与工程学院 西安电子科技大学计算机学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2015年第8期1873-1882,共10页 Journal of Computer Research and Development
基金 国家科技重大专项基金项目(2012ZX03002003) 中央高校基本科研业务费专项资金项目(JY10000903001) 西安理工大学博士启动金基金项目(112-256081504)
关键词 云计算 网络安全 入侵检测 DDOS攻击 博弈论 cloud computing network security intrusion detection DDoS attack game theory
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献13

  • 1刘正伟,文中领,张海涛.云计算和云数据管理技术[J].计算机研究与发展,2012,49(S1):26-31. 被引量:170
  • 2Cloud Security Alliance. Security guidance for critical areas of focus in cloud computing v3.0 [OL]. 2011 [2014-06-20]. https ://cloudseeurityalliance. org/guidance/esaguide, v3.0. pdf.
  • 3Modi C, Dhiren P, Bhavesh B, et al. A survey on security issues and solutions at different layers of cloud computing [J]. The Journal of Supercomputing, 2013, 63(2): 561-592.
  • 4Arbor Networks. The arbor networks 8th annual worldwide infrastructure security report finds DDoS has become part of advanced threat landscape lOLl. 2013 [2014-06-20]. http:// www. arbornetworks, com/news-and-events/press-releasesl recent press-releases/4737-the-arbor-networks-8t h-annuat- worldwide-infrastructure-security-report-finds-ddos-has- become-part of-advanced-threat-landscape.
  • 5王一川,马建峰,卢笛,张留美,孟宪佳.云环境下的“云滴冻结”攻击[J].西安电子科技大学学报,2014,41(3):116-122. 被引量:4
  • 6Modi C, Patel D, Borisaniya B, et al. A survey of intrusion detection techniques in cloud [J]. Journal of Network and Computer Applications, 2013, 36(1): 42-57.
  • 7Dunlap G W, King S T, Cinar S, et al. ReVirt: Enabling intrusion analysis through virtual-rnachine logging and replay [J]. ACM SIGOPS Operating Systems Review, 2002, 36 (SI) : 211-224.
  • 8Liu Jiuxing, Wei Huang, Bulent A, et al. High performance VMM-bypass I/O in virtual machines [C] //Proc of the Annual Conf. Berkeley, CA: USENIX Association, 2006: 29-42.
  • 9Garfinkel T, Rosenblum M. A virtual machine introspection based architecture for intrusion detection [C] //Proc of the Network and Distributed Systems Security Symp. Reston, VA: Internet Society, 2003:191-206.
  • 10Laureano M, Maziero C, Jamhour E. Intrusion detection in virtual machine environments [C] //Proc of the 30th Euromicro Conf. Los Alamitos, CA: IEEE Computer Society, 2004:520-525.

二级参考文献19

  • 1Jansen W, Timothy G. Security Guidance for Critical Areas of Focus in Cloud Computing v3.0 [M]. Phoenix: Cloud Security Alliance, 2011.
  • 2Modi C, Patel D, Borisanyia B, et al. A Survey on Security Issues and Solutions at Different Layers of Cloud Computing [J]. Journal of Supercomputing, 2013, 63(2): 561-592.
  • 3Choi H, Lee H. Identifying Botnets by Capturing Group Activities in DNS Traffic [J]. Computer Networks, 2012, 56 (1) : 20-33.
  • 4Hunt N, Bergan T, Ceze L, et al. DDOS: Taming Nondeterminism in Distributed Systems [C] //Proceedings of the 18th International Conference on Architectural Support for Programming Languages and operating Systems. New York: ACM, 2013: 499-508.
  • 5Botezatu B. Anatomy of a Botnet [R]. Burlington: Arbor Networks, 2010.
  • 6Arbor Networks. 8th Annual Worldwide Infrastructure Security Report [R]. Burlington: Arbor Networks, 2013.
  • 7Studer A, Perrig A. The Coremelt Attack [C]//Lectures Notes in Computer Science. Heidelberg: Springer, 2009: 37- 52.
  • 8Liu Jiuxing, Huang Wei, Abali B, et al. High Performance VMM-bypass I/O in Virtual Machines [C]//Proceedings of the Annual Conference on USENIX: 6. Berkeley: USENIX Association, 2006: 3.
  • 9Wang Haining, Zhang Danlu, Shin K G. Detecting SYN Flooding Attacks [C]//Proceedings of IEEE 21st Annual Joint Conference on Computer and Communications Societies: 3. Piscataway: IEEE, 2002: 1530-1539.
  • 10Manikopoulos C, Papavassiliou S. Network Intrusion and Fault Detection: a Statistical Anomaly Approach [J]. IEEE Communications Magazine , 2002, 40(10) : 76-82.

共引文献171

同被引文献117

引证文献14

二级引证文献92

计算机研究与发展
2015年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部