A confidence-based filtering method for DDoS attack defense in cloud environment

Authors:
Wanchun Dou;Qi Chen;Jinjun Chen
Affiliations:
State Key Laboratory for Novel Software Technology, Nanjing University Nanjing, 210093, PR China;State Key Laboratory for Novel Software Technology, Nanjing University Nanjing, 210093, PR China;School of System, Management and Leadership, University of Technology, Sydney, Australia
Venue:
Future Generation Computer Systems
Year:
2013

Citing 17
Cited 0

Models and issues in data stream systems

Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Fast and Robust Signaling Overload Control

ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks

IEEE Transactions on Dependable and Secure Computing
Survey of network-based defense mechanisms countering the DoS and DDoS problems

ACM Computing Surveys (CSUR)
Defense against spoofed IP traffic using hop-count filtering

IEEE/ACM Transactions on Networking (TON)
Controlling IP Spoofing through Interdomain Packet Filters

IEEE Transactions on Dependable and Secure Computing
Probabilistic packet marking for large-scale IP traceback

IEEE/ACM Transactions on Networking (TON)
Monitoring the application-layer DDoS attacks for popular websites

IEEE/ACM Transactions on Networking (TON)
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors

IEEE/ACM Transactions on Networking (TON)
Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks

IEEE Transactions on Parallel and Distributed Systems
CCOA: Cloud Computing Open Architecture

ICWS '09 Proceedings of the 2009 IEEE International Conference on Web Services
Chaos theory based detection against network mimicking DDoS attacks

IEEE Communications Letters
A view of cloud computing

Communications of the ACM
Traceback of DDoS Attacks Using Entropy Variations

IEEE Transactions on Parallel and Distributed Systems
Data Mining: Concepts and Techniques

Data Mining: Concepts and Techniques
ALPi: A DDoS Defense System for High-Speed Networks

IEEE Journal on Selected Areas in Communications
Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics

IEEE Transactions on Information Forensics and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected in the non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet in the attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement, and an acceptable filtering accuracy. It specifically satisfies the real-time filtering requirements in cloud environment.