云计算中DDoS攻防技术研究综述

A Survey of DDoS Attack and Defense Technologies in Cloud Computing

云计算是一种服务模式的革新,它将物理资源(例如,计算资源、存储资源、数据资源)集中化,并通过网络以按需的方式提供给用户.云计算面临诸多安全挑战(例如,数据隐私、资源管理),其中分布式拒绝服务(Distributed Denial of Service,DDoS)攻击是主要的安全威胁之一.DDoS攻击严重影响了云计算的连续性和可用性.尽管DDoS攻击早已在传统网络中盛行,但云计算的应用给DDoS攻防带来了全新的挑战和机遇.一方面,云计算赋能攻击.云计算的大规模和集中化将传统攻击进一步放大.此外,云计算本身的漏洞被用于组织新型的攻击.在上述情况下,传统的防御技术难以应对云计算中大规模、多样化、复杂化的DDoS攻击.另一方面,云计算赋能防御.云计算丰富的资源结合新技术(例如,软件定义网络、自动伸缩)可保证自身的安全以及向用户提供云安全服务.充分利用云计算的新技术抗DDoS攻击是目前的发展趋势.云计算中的DDoS攻击引起了广泛的关注.许多研究工作致力于揭示新的漏洞或设计有效的抗DDoS方案.为了使相关研究人员能够全面了解最新的研究进展并激发他们开发新的方案应对各种DDoS攻击,本文对现有研究进行了广泛调研形成综述.首先,我们总结了云计算在技术和服务上存在的漏洞,并进一步揭示了攻击者如何利用这些漏洞发起DDoS攻击.接下来,我们描述了云计算中DDoS攻击的组织方式.此外,我们还分析了云计算中各种DDoS攻击的原理,并根据攻击速率将其分类.然后,我们给出一个DDoS防御的总体架构.基于此,我们从攻击预防、攻击检测和攻击缓解三个方面对现有的抗DDoS攻击技术进行了详细的分析和评估.重要的是,我们比较了这些技术的优缺点.除技术外,我们还简要讨论了为应对DDoS攻击在服务和管理上需要关注的问题.最后,我们讨论了当前开放性的问题以及面临的挑战,并展望未来的研究方向.希望本文能使读者更好地了解云计算中的DDoS攻击问题、当前已有解决方案以及未来的研究范畴,以便更有效地应对DDoS攻击.

Cloud computing is an innovation of the service model.It centralizes physical resources(e.g.,computing resources,storage resources,and data resources)and provides them to users on demand through the network.Cloud computing faces many security challenges(e.g.,data privacy,resource management).Distributed Denial of Service(DDoS)attack is one of the major security threats to cloud computing.The DDoS attack seriously affects the continuity and availability of cloud computing.Although the DDoS attack has been prevalent in traditional networks,the application of cloud computing brings new challenges and opportunities to attack and defense.On the one hand,cloud computing empowers attacks.The large scale and centralization of cloud computing amplifies traditional attacks.In addition,the vulnerabilities of cloud computing itself can be exploited to organize new types of DDoS attacks.In this case,it is difficult for traditional defense technologies to deal with large-scale,diverse,and complex DDoS attacks in cloud computing.On the other hand,cloud computing empowers defense.The cloud computing provides large amounts of resources combined with new technologies such as Software Defined Network(SDN),auto-scaling to guarantee its own security and provide cloud security services to users.The current development trend is to take full advantage of new technologies of cloud computing to defense DDoS attacks.The DDoS attack in cloud computing has attracted extensive attentions.Currently,many researches efforts have been devoted to exposing new vulnerabilities and designing effective anti-DDoS strategies.In order to enable researchers to comprehensively grasp the current research progress and excite them to develop new solutions against various DDoS attacks,this paper extensively reviews existing studies for a survey.First,we summarize the vulnerabilities of cloud computing in technology and service,and further reveal how to exploit these vulnerabilities to launch DDoS attacks.Next,we describe the organization approaches of DDoS attacks in cloud computing.In addition,we analyze the principles of various DDoS attacks in cloud computing and categorize them according to attack rate.Then,we present an overview of DDoS defense architecture in cloud computing.After that,we analyze and evaluate existing anti-DDoS technologies in detail from three aspects:attack prevention,attack detection and attack mitigation.The important thing is we compare advantages and disadvantages of these technologies.Beyond technology,we briefly extend our discussion on some important issues in service and management for anti-DDoS attack.Finally,we discuss current open issues and challenges,and prospect future research directions.We hope this paper can provide better understanding of the DDoS attack in cloud computing environment,current solution space,and future research scope to deal with such attacks more efficiently.