Detecting DDoS Attacks in Cloud Computing Environment

Alina Madalina Lonea, Daniela Elena Popescu, Huaglory Tianfield

Abstract


This paper is focused on detecting and analyzing the Distributed Denial of Service (DDoS) attacks in cloud computing environments. This type of attacks is often the source of cloud services disruptions. Our solution is to combine the evidences obtained from Intrusion Detection Systems (IDSs) deployed in the virtual machines (VMs) of the cloud systems with a data fusion methodology in the front-end. Specifically, when the attacks appear, the VM-based IDS will yield alerts, which will be stored into the Mysql database placed within the Cloud Fusion Unit (CFU) of the front-end server. We propose a quantitative solution for analyzing alerts generated by the IDSs, using the Dempster-Shafer theory (DST) operations in 3-valued logic and the fault-tree analysis (FTA) for the mentioned flooding attacks. At the last step, our solution uses the Dempsters combination rule to fuse evidence from multiple independent sources.


Keywords


cloud computing, cloud security, Distributed Denial of Service (DDoS) attacks, Intrusion Detection Systems, data fusion, Dempster-Shafer theory.

Full Text:

PDF

References


Perry, G., Minimizing public cloud disruptions, TechTarget, [online]. Available at: http://searchdatacenter.techtarget.com/tip/Minimizing-public-cloud-disruptions, 2011.

Roschke, S., Cheng, F. and Meinel, C.,Intrusion Detection in the Cloud. In Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 729-734, 2009.

Yu, D. and Frincke, D.,A Novel Framework for Alert Correlation and Understanding. International Conference on Applied Cryptography and Network Security (ACNS) 2004, Springer's LNCS series, 3089, pp. 452-466, 2004.
http://dx.doi.org/10.1007/978-3-540-24852-1_33

Lee, J-H., Park, M-W., Eom, J-H. And Chung, T-M., Multi-level Intrusion Detection System and Log Management in Cloud Computing. In 13th International Conference on Advanced Communication Technology (ICACT) ICACT 2011, Seoul, 13- 16 February, pp.552- 555, 2011.

Chen, Q. and Aickelin, U., Dempster-Shafer for Anomaly Detection. In Proceedings of the International Conference on Data Mining (DMIN 2006), Las Vegas, USA, pp. 232-238, 2006.

Siaterlis, C., Maglaris, B. and Roris, P., A novel approach for a Distributed Denial of Service Detection Engine. National Technical University of Athens. Athens, Greece, 2003.

Siaterlis, C. And Maglaris, B., One step ahead to Multisensor Data Fusion for DDoS Detection. Journal of Computer Security, 13(5):779-806, 2005.

Guth, M.A.S., A Probabilistic Foundation for Vagueness & Imprecision in Fault-Tree Analysis. IEEE Transactions on Reliability, 40(5), pp.563-569, 1991.
http://dx.doi.org/10.1109/24.106778

Popescu D.E., Lonea A.M., Zmaranda D.,Vancea C. and Tiurbe C., Some Aspects about Vagueness & Imprecision in Computer Network Fault-Tree Analysis. INT J COMPUT COMMUN, ISSN: 1841-9836, 5(4):558-566, 2010.

Esmaili, M., Dempster-Shafer Theory and Network Intrusion Detection Systems. Scientia Iranica, Vol. 3, No. 4, Sharif University of Technology, 1997.

Sentz, K. and Ferson, S., Combination of Evidence in Dempster-Shafer Theory. Sandia National Laboratories, Sandia Report, 2002.

Dissanayake, A., Intrusion Detection Using the Dempster-Shafer Theory. 60-510 Literature Review and Survey, School of Computer Science, University of Windsor, 2008.

Mazzariello, C., Bifulco, R. and Canonico, R., Integrating a Network IDS into an Open Source Cloud Computing Environment. In Sixth International Conference on Information Assurance and Security, pp. 265-270, 2010.
http://dx.doi.org/10.1109/ISIAS.2010.5604069

Dhage, S. N., et al., Intrusion Detection System in Cloud Computing Environment. In International Conference and Workshop on Emerging Trends in Technology (ICWET 2011) ' TCET, Mumbai, India, pp. 235-239, 2011.

Lo, C-C., Huang, C-C. And Ku, J., A Cooperative Intrusion Detection System Framework for Cloud Computing Networks. In 39th International Conference on Parallel Processing Workshops, pp.280-284, 2010.
http://dx.doi.org/10.1109/ICPPW.2010.46

Yu, D. and Frincke, D., Alert Confidence Fusion in Intrusion Detection Systems with Extended Dempster-Shafer Theory. ACM-SE 43: Proceedings of the 43rd ACM Southeast Conference, pp. 142-147, 2005.

Chou, T., Yen, K.K., Luo, J., Network intrusion detection design using feature selection of soft computing paradigms. International Journal of Computational Intelligence, 4(3):102- 105, 2008.

Chatzigiannakis, V., et al., Data fusion algorithms for network anomaly detection: classification and evaluation. Proceedings of the Third International Conference on Networking and Services (ICNS'07), 2007.
http://dx.doi.org/10.1109/ICNS.2007.49

Hu, W., Li, J. and Gao, Q., Intrusion Detection Engine Based on Dempster-Shafer's Theory of Evidence. Communications, Circuits and Systems Proceedings, 2006 International Conference, 3:1627-1631, 2006.




DOI: https://doi.org/10.15837/ijccc.2013.1.170



Copyright (c) 2017 Alina Madalina Lonea, Daniela Elena Popescu, Huaglory Tianfield

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

CC-BY-NC  License for Website User

Articles published in IJCCC user license are protected by copyright.

Users can access, download, copy, translate the IJCCC articles for non-commercial purposes provided that users, but cannot redistribute, display or adapt:

  • Cite the article using an appropriate bibliographic citation: author(s), article title, journal, volume, issue, page numbers, year of publication, DOI, and the link to the definitive published version on IJCCC website;
  • Maintain the integrity of the IJCCC article;
  • Retain the copyright notices and links to these terms and conditions so it is clear to other users what can and what cannot be done with the  article;
  • Ensure that, for any content in the IJCCC article that is identified as belonging to a third party, any re-use complies with the copyright policies of that third party;
  • Any translations must prominently display the statement: "This is an unofficial translation of an article that appeared in IJCCC. Agora University  has not endorsed this translation."

This is a non commercial license where the use of published articles for commercial purposes is forbiden. 

Commercial purposes include: 

  • Copying or downloading IJCCC articles, or linking to such postings, for further redistribution, sale or licensing, for a fee;
  • Copying, downloading or posting by a site or service that incorporates advertising with such content;
  • The inclusion or incorporation of article content in other works or services (other than normal quotations with an appropriate citation) that is then available for sale or licensing, for a fee;
  • Use of IJCCC articles or article content (other than normal quotations with appropriate citation) by for-profit organizations for promotional purposes, whether for a fee or otherwise;
  • Use for the purposes of monetary reward by means of sale, resale, license, loan, transfer or other form of commercial exploitation;

    The licensor cannot revoke these freedoms as long as you follow the license terms.

[End of CC-BY-NC  License for Website User]


INTERNATIONAL JOURNAL OF COMPUTERS COMMUNICATIONS & CONTROL (IJCCC), With Emphasis on the Integration of Three Technologies (C & C & C),  ISSN 1841-9836.

IJCCC was founded in 2006,  at Agora University, by  Ioan DZITAC (Editor-in-Chief),  Florin Gheorghe FILIP (Editor-in-Chief), and  Misu-Jan MANOLESCU (Managing Editor).

Ethics: This journal is a member of, and subscribes to the principles of, the Committee on Publication Ethics (COPE).

Ioan  DZITAC (Editor-in-Chief) at COPE European Seminar, Bruxelles, 2015:

IJCCC is covered/indexed/abstracted in Science Citation Index Expanded (since vol.1(S),  2006); JCR2018: IF=1.585..

IJCCC is indexed in Scopus from 2008 (CiteScore2018 = 1.56):

Nomination by Elsevier for Journal Excellence Award Romania 2015 (SNIP2014 = 1.029): Elsevier/ Scopus

IJCCC was nominated by Elsevier for Journal Excellence Award - "Scopus Awards Romania 2015" (SNIP2014 = 1.029).

IJCCC is in Top 3 of 157 Romanian journals indexed by Scopus (in all fields) and No.1 in Computer Science field by Elsevier/ Scopus.

 

 Impact Factor in JCR2018 (Clarivate Analytics/SCI Expanded/ISI Web of Science): IF=1.585 (Q3). Scopus: CiteScore2018=1.56 (Q2);

SCImago Journal & Country Rank

Editors-in-Chief: Ioan DZITAC & Florin Gheorghe FILIP.