ArticlePDF Available

Cloud QoS, High Availability & Service Security Issues with Solutions

Authors:
Muhammad Zakarya at AWK University
Muhammad Zakarya
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

Cloud Computing is a most recent and hottest buzzword nowadays, emerges as a key service of the Utility or On demand computing [1] which builds on decade of research in the ground of computer networking, World Wide Web and software services. It put forwards a service oriented architecture, reduced information technology overhead for the end-user, enormous and huge flexibility and reduced total cost of ownership. Recent attacks on the clouds especially Distributed Denial of Service (DDoS) poses as a potential intimidation and danger to this key technology of the expectations and future. In this paper we are going to present a new Cloud Environment and Architecture and an Entropy based Anomaly Detection System (ADS) approach to mitigate the DDoS attack which further improves network performance in terms of computation time, Quality of Service (QoS) and High Availability (HA) under Cloud Computing environment. Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and IT Foundation are four basic types of Cloud Computing [39].
Figures - uploaded by Muhammad Zakarya
Author content
All figure content in this area was uploaded by Muhammad Zakarya
Content may be subject to copyright.
Content uploaded by Muhammad Zakarya
Author content
All content in this area was uploaded by Muhammad Zakarya on Sep 14, 2015
Content may be subject to copyright.
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
71
Manuscript received July 5, 2012
Manuscript revised July 20, 2012
Cloud QoS, High Availability & Service Security Issues with
Solutions
Muhammad Zakarya & Ayaz Ali Khan
CS Department, COMSATS Institute of Information Technology, Islamabad, Pakistan
Abstract:
Cloud Computing is a most recent and hottest buzzword
nowadays, emerges as a key service of the Utility or On demand
computing [1] which builds on decade of research in the ground
of computer networking, World Wide Web and software
services. It put forwards a service oriented architecture, reduced
information technology overhead for the end-user, enormous and
huge flexibility and reduced total cost of ownership. Recent
attacks on the clouds especially Distributed Denial of Service
(DDoS) poses as a potential intimidation and danger to this key
technology of the expectations and future. In this paper we are
going to present a new Cloud Environment and Architecture and
an Entropy based Anomaly Detection System (ADS) approach
to mitigate the DDoS attack which further improves network
performance in terms of computation time, Quality of Service
(QoS) and High Availability (HA) under Cloud Computing
environment. Software as a Service (SaaS), Platform as a
Service (PaaS), Infrastructure as a Service (IaaS) and IT
Foundation are four basic types of Cloud Computing [39].
1. Introduction & Concepts:
Computing is being changed and altered to a new model
consisting of services that are commoditized and
delivered in a style similar to conventional utilities such
as water, gas, electricity, and telephony service. In such a
model, customers access services based on their
requirements without gaze at to where the services are
hosted or how they are delivered. Cloud computing
denotes the infrastructure as a “Cloud” from which
businesses and customers are competent and capable to
access applications from anywhere in the world using on
demand techniques. Depending on the category and kind
of resources provided by the Cloud, different layers can
be defined as Infrastructure as a Service (IaaS), Software
as a Service (SaaS), Platform as service (PaaS) and IT
Foundation [1, 39]. All of these layers come with the
promise to reduce first of all capital expenditures (CapEx)
as well as operational expenditures (OpEx) in terms of
reduced hardware, certificate & license and area
management. In contrast, along with these benefits, Cloud
Computing also raises rigorous and harsh concerns
especially on the subject of the security of the cloud
Computing Environment [38].
1.1 Ha in cloud Systems
Any system which is always available to its customers is
HA. High availability of cloud system can be achieved,
through implementing a lot of architectures. For example
reduce congestion. It is difficult to achieve HA in today’s
global village because more services are required to
customers. The more congested the network, more
systems are offline to its customers. Considering TCP
congestion scenario, where TCP drops all extra packets
resulting in increased queuing delays. Therefore using
traditional TCP congestion detection, avoidance
mechanisms are not to achieve HA.
Fig 2.1 CISCO Cloud Architecture [39]
1.2 QoS in cloud environment
We are trying to study different service level security
issues in Cloud computing especially in wireless Cloud,
and will try to propose new solutions to their security
improvements. As service level security issues like DoS
Attacks & Network Congestion, are most important.
Solving these issues results in High Availability as well as.
In high available systems, QoS services are expected from
service providers.
1.3 Security Issues
As networks are coming common to layperson in
computer technology, the need to provide good services to
its customers at any time is essential. Cloud computing
provides its services to its customers on need basis, means
whenever, what is required must be provided. Therefore
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
72
managing QoS and making the systems available, each
and every time, to provide its services to Cloud users and
customers, is a must. Although there is a obvious stipulate
for in-depth conversation of security issues in Cloud
Computing, the in progress surveys on Cloud security
issues focus principally on data confidentiality, data
protection and data privacy and discuss frequently
organizational means to conquer these issues.
Fig 2.2 Security model for Cloud Computing environment
1.4 Distributed Dos Attack
DDoS attacks are launched by sending a large volume of
packets to a target machine, using simultaneous
cooperation of multiple hosts which are distributed
throughout the Cloud computing environment. DDoS
attacks on the Internet & especially on Cloud Computing
has become an immediate problem in computer networks
terminology. Gossip based DDoS attacks detection
mechanism is used to detect such types of attacks in
network, by exchanging traffic over line i.e.
communication medium information. Mostly DDoS
attacks are considered as congestion control problem.
DDoS attacks are two phases attack. In first phase the
attacker finds some vulnerable systems in the network.
The attacker install some DDoS tools on these systems,
also called zombies or agents. In second phase all zombies
create the actual attack on the victim, as shown in figure
2.2 below [2].
Fig 2.3 Attacker, Zombies and Victims [2]
1.5 IP Spoofing
Change of source address in the header of an IP packet is
called IP Spoofing. It requires privileged access to
network stack (raw socket access). A partial solution to IP
Spoofing is to associate a fixed MAC address with each
IP address in a subnet to detect spoofing.
2. Related Work & Existing techniques:
In this section we discuss some existing mechanisms and
techniques.
2.1 Mutually Guarded Approach
In wireless communication medium, if a node-A
(attacker) (masquerade itself as node-B), sends packets to
node-C, where nodes A & B are in the same coverage area,
then that packet will also be received by node-B.
Therefore node-B will easily catch the attack. But if nodes
B & C are in different coverage area, or both nodes B & C
are out of range to each other, in that scenario the attacker
will successfully launch its attack, as shown in Fig 3.1.
Fig 3.1 Mutually guarded approach
2.2 Ingress & Egress Filtering
Ingress & Egress filtering mechanism is shown
diagrammatically in Fig 3.2 [10].
Fig 3.2 Ingress & egress filtering [10]
2.3 IP trace-back mechanism
In this technique the attacker is traced, by location.
Actually without any mobility, it is some what easy, but
when mobility is involved, the attacker cannot be traced
easily.
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
73
2.4 Distributed Change point Detection (DCD)
In [6] the authors have proposed a new detection
mechanism for DDoS. A CAT is constructed. Nodes in a
CAT are ATRs that participate in forwarding the
malicious flows. The links in the CAT indicate the path
along which attacking traffic goes towards the victim.
Once a CAT is constructed, a DDoS attack is detected and
ATRs are identified. The next task is to filter out
malicious flows.
Fig 3.3 IP Trace-Back mechanism [6]
2.5 Moving Target Defense
A Band-Aid solution to a DDoS attack is to change the IP
address of the victim computer, thereby invalidating the
old address. The technique may work in some cases but
administrators must make a series of changes to DNS
entries, routing table entries etc.
2.6 Rate Limiting
Rate-limiting mechanisms compel a rate limit on a set of
packets that have been characterized as nasty by the
detection mechanism. It is a moderate response technique
that is usually deployed when the detection mechanism
has many false positives or cannot accurately illustrate the
attack flow.
2.7 Mitigating DDoS Attacks via Attestation
(Assayer)
In [9] the authors have proposed a new hardware based
attestation mechanism to detect and prevent DDoS attacks.
On a per-packet basis, they proposed to provide the
network with the dominant ability to identify, the code on
the end host that generated or permitted the packet. The
story is shown in Fig 3.4 below.
Fig 3.4 ASSAYER [9]
2.8 Traffic Shaping
A number of routers available in the bazaar today have
features that permit you to limit the amount of bandwidth
that some specific type of traffic can consume. This is
occasionally referred to as "traffic shaping” technique
[10].
2.9 Internet Protocol Version 6 (IPv6)
IPv.4 does not have any check or methods to authenticate
whether the IP address i.e. source address, that the sender
puts into an IPv.4 packet header field, is justifiable or not,
the DoS attacker can use any spoofed IP source address or
Inactive IP source address exclusive of any concern of
being caught. As a result, the authentication of source IP
address is to be anticipated to enhance and improve an
Internet Security against current DoS attacks as shown in
Fig 3.5 [10].
Fig 3.5 IP Version 6
2.10 Pushback: Router-Based Defense against DDoS
Attacks
Pushback is a mechanism for defending against DDoS
attacks. Each router has the ability to detect and
preferentially drop packets that possibly belong to an
attack. Upstream routers are also notified to drop such
packets (therefore named as Pushback), in order that the
router’s resources are used to route legitimate traffic only
[28], [29].
3. Existing Problem:
We are going to propose a DDoS detection and
prevention mechanism, that has the beauty of being easy
to adapt and more reliable than existing counterparts. As,
in service level security issues DoS Attacks, DDoS &
Network Congestion, are most important. Solving the
issue of DDoS also results in High Availability as well as
good QoS.
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
74
4. Proposed Solution:
After a deep study of available techniques, we are going
to introduce a new IDS, which can be implemented on our
own proposed architecture, resulting in DDoS detection
and prevention mechanism.
4.1 Proposed Architecture
In our proposed architecture, we have divided the whole
Cloud System into regional areas i.e. GS, where each GS
is protected by an AS / GL. Our developed ADS is
installed on two places i.e. every Cloud Node & AS or on
their respective routers. A packet which is detected as
cruel once at AS, is marked out, so that Client node can be
informed. In our proposed architecture (for future
direction), DDoS source is detected for future prevention.
A tree is maintained at every router, by marking every
packet with path modification strategy, so that the victim
is able to trace the sender of the packet. Any packet which
was detected as malicious flow, can be confirmed in a
second try i.e. confirmation process at GN i.e. victim node.
In phase 1 we detect malicious flow, while in phase 2 we
have a confirmation algorithm so either to drop the attack
flow, or to pass it otherwise. In the given scenario, we
consider that AS is configured properly for policed
address i.e. the attacker node address or victim IP address.
Fig 5.1 Proposed Cloud Architecture
Authentication Server (AS) or Geographical
Authentication & Authorization Server (GAS) is
responsible for controlling the geographical area
where defined.
Locally phase 1 is executed & at the core router phase
2 takes place.
Fig 5.2 Working diagram of Proposed Cloud Architecture
PROS & CONS
Local Security Policy
Little computation as compared to Global security
policy
Near the source detection
No overhead of extra packet
User accesses GAS, authenticated & authorization
check
Performance Scalability + load balancing + QoS
No need for resources to check the user identity
Local & Quick allocation of resources by GAS
No Single point of failure, affect some part of the
Cloud
GAS are required to inform all corresponding GAS in
case of new node to any geographical community
GAS is attacked by DDoS, not possible
4.2 Intrusion Detection System
IDS may be in software form and/or in hardware form,
that will monitor the network for disbelieving activity and
alerts the network administrator to take a particular action
accordingly. Signature based IDS will observe packets on
the network and judge against them to a database
maintained with well-known threats. On the other hand,
using an ADS, if deviation of user activity is exterior a
certain threshold value, it is marked as nasty and a
reaction is triggered. After a deep survey of DDoS
detection & prevention mechanism we reach to the point
that Entropy may be used as DDoS detection metric.
4.3 Information Theory & Entropy Based Ads
According to [14], any statements that have some surprise
and meaning are called information. Some consider that
information theory is to be a subset of communication
theory, but we consider it much more. The word entropy
is rented from physics, in which entropy is a measure of
the chaos of a group of particles i.e. 2nd law of
thermodynamics. If there are a number of possible
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
75
messages, then each one can be expected to occur after
certain fraction of time. This fraction is called the
probability of the message. In [23], [24] Shannon proved
that information content of a message is inversely related
to its probability of occurrence. To summarize, the more
unlikely a message is, the more information it contains. In
[15], Entropy H(X) is given by
The log is to the base 2 and entropy is expressed in bits.
To say randomness is directly proportional to entropy i.e.
more random they are, more entropy is there. The value of
sample entropy lies between 0 and log(n). The entropy
value is smaller when the class distribution belongs to
only one & same class while entropy value is larger when
the class distribution is more even. Therefore, comparing
entropy values of some traffic feature to that of another
traffic feature provides a mechanism for detecting
changes in the randomness. We use traffic distribution
like IP Address & application Port Number i.e. (IP
address, Port). If we wants to calculate entropy of packets
at a single or unique source i.e. destination, then
maximum value of n must be 232 for IPV4 address.
Similarly if we want to gauge entropy at multiple
application ports then value of n is the total number of
ports [16]. In similar way, p(x) where x є X, is the
probability that X takes the value x. We randomly
examine X for a fix time window (w), then p(x) = mi/m
Where, mi is the total number we examine that X takes
value x i.e
Putting these values in entropy equation 1, we get
Similarly, if we want to calculate the probability p(x),
then m is the entire number of packets, but mi is the
number of packets with value x at destination as source
[37]. Mathematically given as
Again if we want to calculate probability p(x) for each
destination port, then
Remember that total number of packets is the number of
packets observed in a specific time slot (w). When this
calculation finishes, normalized entropy is calculated to
get the overall probability of the captured flow in a
specific time window (w). Normalized Entropy is given
by
Where no is the number of dissimilar values of x, in a
specific time slot (w). During the attack, the attack flow
dominates the whole traffic, resulting in decreased
normalized entropy. To confirm our attack detection,
again we have to calculate the entropy rate i.e. growth of
entropy values for random variables, provided that the
limit exists, and is given by
If a discrete source sends one packet each after a specific
amount of time, then we can find its information rate as
given by R = rs H(X)
Where R stands for information rate, rs is the specific
amount of time and H(X) is the entropy of that source.
For example suppose node A sends five packet each after
one milliseconds with probability of ½, ¼, 1/8, 1/16 and
1/16 respectively, then its
H(X) = 1.875 bits/symbol &
R = 1000 * 1.875 bits/second
5. Proposed Algorithms:
FOR DETECTION OF DDOS ATTACK
Decide a threshold value δ1
On edge routers collect traffic flows for a specific time
window (w)
Find probability P(X) for each node packets
Calculate link entropy of all active nodes separately
Calculate H(X) for routers using Equation (1)
Find normalized entropy using Equation (3)
If normalized entropy < δ1, identify malicious attack flow
FOR CONFIRMATION OF ATTACK FLOWS
Decide a threshold value δ2
Calculate entropy rate on edge router using Equation (4)
Compare entropy rates on that router, if =< δ2, DDoS
confirmed
COMPUTATIONAL COMPLEXITY
The running time of this algorithm can be expressed as
a(n) + b for constants values a & b that are dependant on
other statements cost. Therefore it is a linear function of n
and is given asymptotically by O(n). So best case running
time is O(n), while worst case running time is Θ(n2).
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
76
Fig 6.1 Flow / Transition Diagram
6. Implementation, Simulation & Results:
In this chapter we are going to discuss that how our
proposed ADS will be implemented in Cloud environment,
and also how routers communicate with each other to
detect DDoS attack. In this section we describe that how
to mathematically or statically implement our proposed
scheme, while in section coming after that we have shown
our simulation results along with charts form with a
practical environment.
6.1 Mathematical Proof
Fig 7.1 Environment for statistical study
Consider Fig 6.1, A1 and B3 are attack sources at
different Cloud Sites, while C3 is the target victim
machine. Router 1 will capture traffic flow coming from
A1 and Router 2 will capture attack flow thrown by B3,
for a specified time window (w). Suppose that we capture
the following traffic flow at Router 1 and Router 2, shown
in table 7.1 and table 7.2, 7.3 and 7.4 respectively.
TABLE 7.1: TRAFFIC AT ROUTER 1
Source node Destination
node No of packets Entropy
A1 C3 7 0.50
A2 B1 2 0.40
A3 B3 3 0.47
A4 E1 2 0.40
Therefore Router Entropy for Router 1 is 0.50 + 0.40 +
0.47 + 0.40 = 1.77 & as log24 = log4/log2 = 2
Hence Normalized Entropy is 1.77/ log24 = 0.88
TABLE 7.2: TRAFFIC AT ROUTER 2
Source
node
Destination
node
No of
packets
Entropy
B1 D1 2 0.44
B2 A3 1 0.31
B3 C3 6 0.47
B4 E2 2 0.44
Therefore Router Entropy for Router 2 is 0.44 + 0.31 +
0.47 + 0.44 = 1.66 & as log24 = log4/log2 = 2
Hence Normalized Entropy is 1.66/ log24 = 0.83
TABLE 7.3: TRAFFIC AT ROUTER 4
Source
node
Destination
node
No of
packets Entropy
D1 A1 2 0.46
D2 A3 2 0.46
D3 E3 3 0.52
D4 C2 3 0.52
Therefore Router Entropy for Router 1 is 0.46 + 0.46 +
0.52 + 0.52 = 1.96 & as log24 = log4/log2 = 2
Hence Normalized Entropy is 1.96/ log24 = 0.98
TABLE 7.4: TRAFFIC AT ROUTER 5
Source
node
Destination
node
No of
packets Entropy
D1 C3 2 0.52
D2 C1 1 0.43
D3 D1 2 0.52
D4 A4 1 0.43
Therefore Router Entropy for Router 2 is 0.52 + 0.43 +
0.52 + 0.43 = 1.90 & as log24 = log4/log2 = 2
Hence Normalized Entropy is 1.90/ log24 = 0.95
We can see that as at both routers i.e. Router 1 and Router
2, routers entropy is lesser as only one flow conquered the
whole bandwidth. As an outcome normalized entropy
decreases. If we have a perfect threshold value δ, suppose
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
77
0.94 then our proposed ADS will consider flows coming
from A1 (GS A) and B3 (GS B) as malicious flows, while
Cloud Site D & Cloud Site E have entropy value greater
than our considered threshold value 0.94, no attack is
detected at these sites. Entropy rates are calculated for A1
at Router 1 and Router 0 and are compared. If entropy
rates are same or near to similarity, malicious flow is
dropped. The process is show in state transition diagram
given in Fig 7.2.
Fig 7.2 Transition Diagram
6.2 Simulations study
6.2.1 Simulation Environment
CloudSim was used as a simulation environment, for
testing the results of our proposed Idea. To simulate our
proposed idea we have 3 users with 2 posers of DDoS
attack, 2 routers and 3 resources containing any single
victim node on the same time. The environment is shown
in Fig 7.3
Fig 7.3 Environment for simulation study
For simplicity we take equal size bandwidth media. Both
routers are connected to each other over a 10 Mbps link,
while all other connections are made at 1 Mbps link.
DDoS detection algorithm is implemented on router 0,
while DDoS confirmation algorithm is supposed to be
implemented on router 1.
6.2.2. Simulation Results
In this section we consider only DDoS detection
algorithm on router 0, not to confirm attack.
CASE 1:
TABLE 7.5: TRAFFIC AT ROUTER FOR USER_0
Destination
node
Total No
of packets Probability Entropy
Res_0 5 0.5 0.5
Res_1 2 0.2 0.46
Res_2 3 0.3 0.52
Therefore Router Entropy for Router 2 is 0.5 + 0.46 +
0.52 = 1.48 & as log23 = log3/log2 = 1.58
Hence Normalized Entropy is 1.48/ log23 = 0.93 (DDoS
Detected)
TABLE 7.6: TRAFFIC AT ROUTER FOR USER_1
Source
node Total No
of packets Probability Entropy
Res_0 4 0.4 0.52
Res_1 3 0.3 0.52
Res_2 3 0.3 0.52
Therefore Router Entropy for Router 2 is 0.52 + 0.52 +
0.52 = 1.57 & as log23 = log3/log2 = 1.58
Hence Normalized Entropy is 1.57/ log23 = 0.99 (DDoS
Not Detected)
TABLE 7.7: TRAFFIC AT ROUTER FOR USER_2
Source
node Total No
of packets Probability Entropy
Res_0 0 0.0 0.0
Res_1 3 0.3 0.52
Res_2 7 0.7 0.36
Therefore Router Entropy for Router 2 is 0.0 + 0.52 +
0.36 = 0.88 & as log22 = log2/log2 = 1
Hence Normalized Entropy is 0.88/ log22 = 0.88 (DDoS
Detected)
7. Performance Evaluation:
After a deep study of the proposed scheme we concluded
that our ADS can detect 100% DDoS only in case of good
threshold value. A value of 0.94 results in good detection
rate. A value greater than 0.94, results in good detection
rate but generate more false positive alarms. The reports
are shown in graphs below.
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
78
Fig 8.1 DDoS detection rate
Fig 8.2 DDoS false positive rate
8. Conclusion & Future Work:
In this paper, we have proposed a new architecture for Cloud
Computing platform, where the whole Cloud System is divided
into multiple administrative domain, which is controlled
separately by its own Authentication & Certification Authority
i.e. AS. We have also developed ADS for detection & early
prevention of DDoS attacks in our proposed architecture. In
future the proposed idea may be actually implemented over
Cloud environment to accurately detect DDoS attacks. The idea
may also be extended for recovery mechanism for DDoS attacks.
Following are some challenges which might be addressed for
further enhancement by researchers and scholars.
Setting perfect threshold values δ1, δ2, some time it must be
dynamic in nature to detect DDoS with high accuracy
Usually in DDoS same function is used for posing the attack, but
what about different functions when used for creating attack
packets
Huge network access results in malicious flow detection, so in such
a scenario separating legitimate flows from attack flows is a
challenging task
References:
[1] “Michael Armbrust, Armando Fox, Rean Griffith, Anthony
D. Joseph, Randy H. Katz, Andrew Konwinski, Gunho Lee,
David A. Patterson, Ariel Rabkin, Ion Stoica and Matei
Zaharia”, “Above the Clouds: A Berkeley View of Cloud
Computing”, Technical Report No. UCB/EECS-2009-28
[2] “Kashan Samad, Ejaz Ahmed, Riaz A. Shaikh, Ahmad Ali
Iqbal”, “ANALYSIS OF DDOS ATTACKS AND
DEFENSE MECHANISMS”, 2005
[3] “Hang Chau”, Network Security – Mydoom, Doomjuice,
Win32/Doomjuice Worms and DoS/DDoS Attacks”, USA
[4] “Puneet Zaroo”, “A Survey of DDoS attacks and some
DDoS defence mechanisms”, Advanced Information
Assurance (CS 626).
[5] “Stephen M. Specht, Ruby B. Lee”, “Distributed Denial of
Service : Taxonomies of Attacks, Tools and
Countermeasures”, September 2004
[6] “Yu Chen, Kai Hwang, Wei-Shinn Ku”, Distributed
Change point Detection of DDoS Attacks: Experimental
Results on DETER Testbed”, 2007
[7] “Preeti, Yogesh Chaba, Yudhvir Singh”, “Review of
Detection and Prevention Policies for Distributed Denial of
Service Attack in MANET”, March 2008
[8] “S.Meenakshi, Dr.S.K.Srivatsa”, “A Comprehensive
Mechanism to reduce the detection time of SYN Flooding
Attack”, 2009
[9] “Bryan Parno, Zongwei Zhou, Adrian Perrig”, “Don’t Talk
to Zombies: Mitigating DDoS Attacks via Attestation”,
June 2009
[10] “Konstantinos Meintanis, Brian Bedingfield, Hyoseon
Kim”, “The Detection & Defense of DDoS Attack”,
University of Texas
[11] “A. Lakhina, M. Crovella, and C. Diot.”, “Diagnosing
Network-Wide Traffic Anomalies”, ACM SIGCOMM
Computer Communication Review, Portland, 2004
[12] “L. Feinstein, D. Schnackenberg, R. Balupari, and D.
Kindred”, “Statistical approaches to DDoS attack detection
and response”, 2003
[13] “W. Lee, D. Xiang”, “Information-theoretic measures for
anomaly Detection”, IEEE, 2001
[14] “DAVID APPLEBAUM”, “PROBABILITY AND
INFORMATION (An Integrated Approach)”,
CAMBRIDGE UNIVERSITY PRESS, 2008
[15] THOMAS M. COVER, JOY A. THOMAS”,
“ELEMENTS OF INFORMATION THEORY”, Second
Edition, 2006
[16] “Dennis Arturo Ludeña Romaña, Yasuo Musashi”,
“Entropy Based Analysis of DNS Query Traffic in the
Campus Network”, Japan
[17] Rajkumar Buyya, Manzur Murshed”, “GridSim: a toolkit
for the modeling and simulation of distributed resource
management and scheduling for Grid computing”, 2002
[18] “Anthony Sulistio, Gokul Poduval, Rajkumar Buyya, Chen-
Kong Tham”, “Constructing A Grid Simulation with
Differentiated Network Service
using GridSim”, University of Melbourne, Australia
[19] “Manzur Murshed, Rajkumar Buyya”, “Using the GridSim
Toolkit for Enabling Grid Computing Education”, Monash
University, Australia
[20] “Anthony Sulistio, Uros Cibej, Srikumar Venugopal, Borut
Robic, Rajkumar Buyya”, “A toolkit for modelling and
IJCSNS International Journal of Computer Science and Network Security, VOL.12 No.7, July 2012
79
simulating data Grids: an extension to GridSim”, March
2008
[21] “Anthony Sulistio, Chee Shin Yeo, Rajkumar Buyya”,
“Visual Modeler for Grid Modeling and Simulation
(GridSim) Toolkit”, 2003
[22] “Microsoft Encarta Encyclopedia”, 2009
[23] “Claude E. Shannon”, “A Mathematical Theory of
Communication”, 1948
[24] “Claude E. Shannon”, “Communication Theory of Secrecy
Systems”, 1949
[25] “Yi-Chi Wu, Wuu Yang, Rong-Horg Jan”, “DDoS
Detection and Trace-back with Decision Tree and Gray
Relational Analysis”, National Chiao Tung University,
Taiwan.
[26] “Ian. Foster, C. Kesselman”, “The Grid: Blueprint for a
new computing infrastructure”, Morgan Kaufmann
publishers, 1999.
[27] “Kumar, S. and E.H. Spafford”, “A Pattern Matching
Model For Misuse Intrusion Detection”, 1994
[28] “JU WANG”, “Tolerating Denial-of-Service Attacks – A
System Approach”, 2005
[29] “Dawei Yao”, “Adaptive Firewalls for Grid Computing”,
2005
[30] http://www.gridbus.org/gridsim/
[31] http://www.buyya.com/gridsim/
[32] “B. B. Gupta, Manoj Misra and R. C. Joshi”, “An ISP Level
Solution to Combat DDoS Attacks using Combined
Statistical Based Approach”, 2008
[33] “J. Mirkovic, P. Reiher”, “A Taxonomy of DDoS Attack
and DDoS defense Mechanisms”, April 2004
[34] “Mobin Javed, Ayesha Binte Ashfaq, M. Zubair Shafiq,
Syed Ali Khayam”, “On the Inefficient Use of Entropy for
Anomaly Detection”, NUST & FAST, Pakistan.
[35] “Thomas M. Cover, Joy A. Thomas”, “ELEMENTS OF
INFORMATION THEORY”, Chapter 4, 1991
[36] “Tao Peng”, “Defending Against Distributed Denial of
Service Attacks”, April 2004
[37] “George Nychis”, “An Empirical Evaluation of Entropy-
based Anomaly Detection”, May 2007
[38] “Palvinder Singh Mann, Dinesh Kumar”, “An Analytical
Approach to Mitigate DDoS Attacks and improve Network
Performance under Collaborative Software as a Service
(SaaS) Cloud Computing Environment”, DAV Institute of
Engineering & Technology Jalandhar, Punjab, India
[39] “Point of View White Paper for U.S. Public Sector”, “Cisco
Cloud Computing Data Center Strategy, Architecture, and
Solutions”, 1st Edition
[40] CloudSim documentation for programming and simulations
The author of this paper is a new
researcher to the field of new emerging
computing technologies like Grid,
Cloud and Green Computing. He has
done MS in Computer Science and is
interested for a doctorate degree in
computer engineering.
... Artificial intelligence revolves around the improvement of computer programs, which can acquire data and learn new information from it. Supervision is a group of calculation, which uses existing experiences, information, data [29], [30] to characterize and expect all the information indicators of the errand. In next section, we discuss our proposed model and the obtained results. ...
... First, we selected the UNSW-nb15 dataset from the GitHub repository that contains information about the DDoS attacks. This dataset was provided by the Australian Centre for Cyber Security (ACCS) [29], [30]. Then, Python and jupyter notebook were used to work on data wrangling. ...
A Machine Learning-Based Classification and Prediction Technique for DDoS Attacks
Article
Full-text available
  • Feb 2022
Distributed network attacks are referred to, usually, as Distributed Denial of Service (DDoS) attacks. These attacks take advantage of specific limitations that apply to any arrangement asset, such as the framework of the authorized organization’s site. In the existing research study, the author worked on an old KDD dataset. It is necessary to work with the latest dataset to identify the current state of DDoS attacks. This paper, used a machine learning approach for DDoS attack types classification and prediction. For this purpose, used Random Forest and XGBoost classification algorithms. To access the research proposed a complete framework for DDoS attacks prediction. For the proposed work, the UNWS-np-15 dataset was extracted from the GitHub repository and Python was used as a simulator. After applying the machine learning models, we generated a confusion matrix for identification of the model performance. In the first classification, the results showed that both Precision (PR) and Recall (RE) are $\sim 89$ % for the Random Forest algorithm. The average Accuracy (AC) of our proposed model is ~89% which is superb and enough good. In the second classification, the results showed that both Precision (PR) and Recall (RE) are approximately 90% for the XGBoost algorithm. The average Accuracy (AC) of our suggested model is ~90%. By comparing our work to the existing research works, the accuracy of the defect determination was significantly improved which is approximately 85% and 79%, respectively.
View
... Cloud computing [1] is a type of service model computing. A pool of computing resources that can be ease manage \& access by user i.e. storage, servers, networks and some customer applications in the cloud. ...
Using DVFS Power Aware Simulation for Virtual Machine allocation in Cloud Computing Datacenters
Article
  • Nov 2016
By increasing utility of cloud infrastructure as a result to increase the power consumption among datacentres still a critical research problem. Some approaches are used to solve this problem but still those approaches are not comfortable for parallel systems. To overcome this problem, this paper will present the bookworms of inside current datacentre what is available already and still what is required for energy optimization. We studied several algorithms like Lago Allocator, Best Resource Selection (BRS), Round Robin (RR), Energy Effi cient (EE) by using Power-Aware, Non-Power-Aware and DVFS enabled Simulation techniques. Simulation results demonstrate that more power save in DVFS enabled simulation.
View
... On the other hand, Cloud Computing [150], and the Service Oriented Architecture (SOA) [203] are the main reasons for the emergence of the need for security of services [97,233,271,272]. While various security issues are considered for services, here the focus is on unauthorized access to the services. ...
Co-Engineering Safety and Security in Risk-Prone Smart Work Environments
Thesis
Full-text available
  • Feb 2017
Co-Engineering Safety and Security in Risk-Prone Smart Work Environments PhD Student: Mahsa Teimourikia Advisor: Prof. Mariagrazia Fugini Abstract: Safety and security are two risk-driven aspects that are usually tackled separately. The importance of considering safety and security as dependent aspects and co-engineering them together as cyber-security is highlighted with the advent of Internet of Things (IoT) which has a direct or indirect effect on how safety and security are managed in critical environments. As an emerging technology, IoT, has provided a promising opportunity in the appearance of Industry 4.0 and Smart Work Environments (SWEs). As with all new technologies, SWEs introduce various issues and opportunities. On one hand, as more devices are getting integrated in the IoT technology, SWEs become more and more vulnerable to the security threats. And hence new approaches should be proposed to protect the sensitive and critical resources in the SWEs. On the other hand, the IoT technology provides the chance to acquire ambient and monitoring data to be exploited to identify and treat the risks related to safety. While this is an advantage to protect persons' safety, the security policies should allow the treatment of the risks when necessary by adapting to the safety-related context in each situation. In this thesis, the security and safety of the risk-prone SWEs are tackled. Starting with safety, a run-time risk management methodology is proposed that exploits an automated risk assessment process that is developed considering the commonly adopted risk assessment techniques in the industry. In addition, an ontology is designed and developed to extract safet knowledge in a computer-readable way. Coming to security, a risk-adaptive Access Control (AC) model based on Attribute-Based Access Control (ABAC) is developed considering hierarchical safety-related contexts. Upon receiving risk descriptions, based on the designed meta-rules, the AC system adapts the security rules to allow risk treatment.
View
... Cloud computing [1] is a popular computing service model. Users can easily access and manage a pool of computing resources like storage, networks, servers and other client applications in the cloud. ...
An Energy Efficient Algorithm for Virtual Machine Allocation in Cloud Datacenters
Conference Paper
Full-text available
  • Aug 2016
In cloud datacenters, virtual machine (VM) allocation in a power efficient way remains a critical research problem. There are a number of algorithms for allocating the workload among different machines. However, existing works do not consider more than one energy efficient host, thus they are not efficient for large scale cloud datacenters. In this paper, we propose a VM allocation algorithm to achieve higher energy efficiency in large scale cloud datacenters. Simulation result shows that, compared with BRS, RR and MPD algorithms, our algorithms can achieve 23 %, 23 % and 9 % more power efficiency in large scale cloud environment.
View
Cloud Security Issues: Counter DDOS Attack by Integrating IP Monitoring and Routing Protocol
Experiment Findings
Full-text available
  • Jul 2016
Cloud computing is the well-known services and popular in wide spread because of the services like speed, ubiquitous computing, huge storage facility provided by third party etc. However Security issues or dares are still surrounded by various complications threats .Attacks on user services associated with network communication or any data storage services are a part of each internet using customer's life. There are various types of attacks in cloud computing that deal with numerous technique and methodologies to prevent, detect or to avoid those attack. This Thesis focuses on methods to discover the denial of service or Dos and DDos attacks by performing CUSUM algorithmic that known as cumulative sum algorithm. These attack are initiated by the zombie computer sometime called botnet system, these botnet or zombie system are the infected computer over internet. these zombie system or botnet system work on DDOS attack by making a service of legitimate user inaccessible that result in availability issue of services over cloud network. Once the occurrence of attack recognize by using IP monitoring algorithm that referred the use of cusum algorithm we further studies for another attacker detection method that is use ad hoc on demand vector routing protocol to find the actual attacker and by eliminating them reduce the disturbance in communication channel to process the service of a legitimate user. By applying the first method one get the knowledge of occurrence of attack but then to find out the actual attacker or the evil nodes here we take a help of ad-hoc on demand vector protocol. By using simulations the performance of the method in several attack situations have shown, that display a better detection by sensing a much wider range of occurrences of attack.
View
View
Cognitive visual analytics of multi-dimensional cloud system monitoring data
Conference Paper
  • Aug 2016
Hardware virtualization has enabled large scale computational service delivery models with significant cost leverage and has improved resource utilization of cloud computing platforms. This has completely changed the landscape of computing in the last decade. It has enabled very large-scale data analytics through distributed, high performance computing. However, due to the infrastructure complexity, end-users and administrators of cloud platforms can rarely obtain a complete picture of the state of cloud computing systems and data centers. Recent monitoring tools enable users to obtain large amounts of data with respect to many utilization parameters of cloud platforms. However, they often fall short of maximizing the overall insight into the resource utilization dynamics of cloud platforms. Furthermore, existing tools make it difficult to observe large scale patterns making it difficult to learn from the past behavior of cloud system dynamics. New operating platforms for cloud management and service provisioning allow live migration and dynamic resource re-allocation at multiple levels of the hardware virtualization layers. Hence, it has become necessary to provide cognitive visualizing tools for monitoring the activities in an active cloud environment. In this work, we describe a perceptual-based interactive visualization platform that gives users and administrators a cognitive view of cloud computing system dynamics. We define machine states and aggregate states at multiple levels of detail to construct a multiview presentation of the resource utilization according to the scalability and the elasticity features of a cloud computing system.
View
Cognitive Visual Analytics of Multi-Dimensional Cloud System Monitoring Data
Article
  • Jan 2017
Hardware virtualization has enabled large scale computational service delivery models with high cost leverage and improved resource utilization on cloud computing platforms. This has completely changed the landscape of computing in the last decade. It has also enabled large–scale data analytics through distributed high performance computing. Due to the infrastructure complexity, end–users and administrators of cloud platforms can rarely obtain a full picture of the state of cloud computing systems and data centers. Recent monitoring tools enable users to obtain large amounts of data with respect to many utilization parameters of cloud platforms. However, they fail to get the maximal overall insight into the resource utilization dynamics of cloud platforms. Furthermore, existing tools make it difficult to observe large-scale patterns, making it difficult to learn from the past behavior of cloud system dynamics. In this work, the authors describe a perceptual-based interactive visualization platform that gives users and administrators a cognitive view of cloud computing system dynamics.
View
Resource Provisioning with QoS in Cloud Storage
Conference Paper
Full-text available
  • Jun 2014
With the rapid development of cloud computing, cloud services and human life has been closely together. In recent years, cloud services are widely used by everyone. With network technology advanced, network accessing for data transmission become more and more important and using the applications through cloud computing has become a new trend. Before embracing cloud computing, there are some issues on allocating the resources of cloud computing needed to be solved since the resources which used by cloud computing system are very limited. Therefore, the resource allocations in the cloud computing should provide dynamic resource provisioning, allow users to access the resources efficiently and guarantee quality of service (QoS). In this paper, we use Gluster file system (GlusterFS) to dynamically allocate storages and build a cloud storage service integration platform. In experiments, the results show that our proposed method is superior to the traditional types of distributed storages that consider a single document file allocation. We try to adjust GlusterFS storage method, consider the configuration of disk capacity and different ways of saving files, thus allocating resource more effectively and increase the performance of the cloud storage system.
View
Distributed Denial of service attacks and its effects on Cloud environment- a survey
Conference Paper
Full-text available
  • Jun 2014
Security in this world of digital computing plays a typical role, since all the operations are automated and large volumes of data are being maintained in the servers. Cloud computing is one of the evolving technologies where a huge volume of storage is made on-line, data and services are also distributed. Because of its distributed nature, they have become easy targets for the intruders to exploit the information. The well known Distributed Denial of Service (DDoS) attack is the most prominent attacks in this area of computing. DDoS is the single largest threat to internet and internet of things. This paper provides a wide survey on various DDoS attacks, their vulnerabilities and countermeasures proposed against them. Also this paper provides an in-depth analysis on effects of DDoS attacks in the Cloud environment. Through the analysis done it will be useful for designing a secured cloud infrastructure which will abide the DDoS attacks.
View
Review of Detection and Prevention Policies for Distributed Denial of Service Attack in MANET
Article
Full-text available
Abstract-An ad hoc network is a collection of wireless mobile nodes that forms a temporary network without any centralized administration. While early research effort assumed a friendly and cooperative environment and focused on problems such as wireless channel access and multihop routing, security has become a primary concern in order to provide protected communication between nodes in a potentially hostile environment. Recent wireless research indicates that the wireless MANET presents a larger security problem than conventional wired and wireless networks. Distributed Denial of Service (DDoS) attacks have also become a problem for users of computer systemsconnected to the Internet. A DDoS attack is a distributed, large-scale attempt by malicious users toflood the victim network with an enormous number of packets. This exhausts the victim network of resources such as bandwidth, computing power, etc. The victim isunable to provide services to its legitimate clients and network performance is greatly deteriorated. Inthis paper, we have studied the vulnerability of MANETs to DDoS attacks and provide an overview of detection and prevention of DDoS attacks in MANET (Mobile Ad hoc Network).
View
Entropy Based Analysis of DNS Query Traffic in the Campus Network
Article
Full-text available
  • Jan 2007
We carried out the entropy based study on the DNS query traffic from the campus network in a university through January 1st, 2006 to March 31st, 2007. The results are summarized, as follows: (1) The source IP addresses- and query keyword-based entropies change symmetrically in the DNS query traffic from the outside of the campus network when detecting the spam bot activity on the campus network. On the other hand (2), the source IP addresses- and query keyword- based entropies change similarly each other when detecting big DNS query traffic caused by prescanning or distributed denial of service (DDoS) attack from the campus network. Therefore, we can detect the spam bot and/or DDoS attack bot by only watching DNS query access traffic.
View
View
Don'tTalktoZombies: MitigatingDDoSAttacksviaAttestation Don't Talk to Zombies: Mitigating DDoS Attacks via Attestation
Article
Distributed Denial-of-Service (DDoS) attacks typically orig-inate from exploited endhosts controlled by a remote attacker. Current network-based DDoS defenses can only filter out malicious traffic based on the traffic's inherent properties; they cannot filter based on properties of the endhost that gen-erated the traffic. We observe that the identity of the code that has generated a packet offers powerful predicates for filtering, and we develop a secure, general architecture, As-sayer, for in-network filtering based on endhost properties. Our proposed Assayer architecture leverages hardware-based attestation mechanisms to enable legitimate endhosts to embed secure proofs of code identity in packets. Re-ceivers can specify traffic policies, which are enforced by on-path prioritizers. We design Assayer to achieve scalabil-ity, efficiency, and incremental deployability. We implement and evaluate a basic Assayer prototype and find that the perceived application overhead, felt only during periods of significant network congestion, is less than 12%. Our simulations indicate that our architecture, even when de-ployed only at the victim's ISP, provides excellent protection against a botnet of 100,000 attacking hosts.
View
View
Grid High Availability and Service Security Issues with Solutions
Data
  • Jan 2010
DDoS attacks are launched through sending a large quantity of packets to a target machine, using instantaneous teamwork of multiple hosts which are distributed throughout the Grid computing environment. Today DDoS attacks on the Internet in general and especially in Grid Computing environment has become a visible issue in computer networks. DDoS attacks are easy to generate but their detection is a very difficult task and therefore, an attractive weapon for hackers. DDoS streams do not have familiar characteristics, therefore currently available IDS cannot detect these attacks perfectly. Similarly, there implementation is a challenging task. In practice, Gossip based DDoS attacks detection mechanism is used to detect such types of attacks in network, by exchanging traffic over line. Gossip based techniques results in network congestion and have overhead of extra packets. Keeping the above drawbacks in mind, we are going to propose a DDoS detection and prevention mechanism, that has the beauty of being easy to adapt and more reliable than existing counterparts. We are going to introduce entropy based detection mechanism for DDoS attack detection. Our proposed solution has no overhead of extra packets, hence resulting in good QoS. Once DDoS is detected, any prevention technique can be used to prevent DDoS in Grid environment. Index Terms—Normalized entropy (NE), denial of service (DoS), grid simulator (GridSim).
View
A Comprehensive Mechanism to reduce the detection time of SYN Flooding Attack
Article
  • Jan 2009
We are currently in the bronze age of information security. The explosive growth in computer systems and their interconnections via networks has increased the dependence of both organizations and individuals on the information stored and communicated using these systems. This has increased the need to protect the data and the resources from disclosure and to protect the entire network from network based attacks. There are many attacks intended to deprive legitimate users from accessing network resources and functions. Denial of service (DoS) attack is an attack on the availability of Internet services and resources. A Denial of Service (DoS) attack is an attack which prevents legitimate users from using a victim computing system or network resource. Flooding based Distributed Denial of service (DDoS) attack presents a very serious threat to the stability of the Internet. We want to design a comprehensive mitigation mechanism against the DDoS attack. In the proposed system the entire attack detection process is divided into two levels due to the distributed nature of DDoS attack.In the first level the individual detection systems are installed in all autonomous systems to perform local detection. In the second level the all the detection systems exchange their messages using consensus method to take global decision. Prevention and early detection of DDoS attack is very important. The objective is to minimize the expected delay of detecting DDoS attack after its occurrence. For this reason, good lower bound is to be fit on the expected time between false alarms before the DDoS attack. So the overall detection time would be reduced for global decision making. Defense in depth is an essential feature of the proposed work.
View
View
View
Probability and Information: An Integrated Approach
Book
  • Jan 1996
This new and updated textbook is an excellent way to introduce probability and information theory to students new to mathematics, computer science, engineering, statistics, economics, or business studies. Only requiring knowledge of basic calculus, it begins by building a clear and systematic foundation to probability and information. Classic topics covered include discrete and continuous random variables, entropy and mutual information, maximum entropy methods, the central limit theorem and the coding and transmission of information. Newly covered for this edition is modern material on Markov chains and their entropy. Examples and exercises are included to illustrate how to use the theory in a wide range of applications, with detailed solutions to most exercises available online for instructors.
View