A Cache Based Countermeasure Against DDoS Attacks in Xen

  • Xiaomei DongEmail author
  • Siming Du
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1075)


Cloud security is very important for Cloud computing platform. As an open source project with many important cloud computing applications, Xen has faced many challenges. DDoS (distributed denial-of-service) attack, as one of the most harmful attacks, often succeeds easily and is difficult to defense. In this paper, based on the analysis of Xen’s structure, a countermeasure based on cache was proposed. By modifying the structure of Xen and adding cached queues and some control rules, packet transmission is controlled between a virtual machine and a physical network card driver to slowdown the DDoS attacks. Experimental results show that the proposed approach has low impact to system performance and is effective to defend against DDoS attacks.


Xen Distributed Denial of Service attack Defense Cache 


  1. 1.
    Jadeja Y., Modi K.: Cloud computing–concepts, architecture and challenges. In: 2012 International Conference on Computing, Electronics and Electrical Technologies (ICCEET), pp. 877–880. IEEE (2012)Google Scholar
  2. 2.
    Li, C., Raghunathan, A., Jha, N.: A trusted virtual machine in an untrusted management environment. IEEE Trans. Serv. Comput. 5(4), 472–483 (2012)CrossRefGoogle Scholar
  3. 3.
    Bedi, H.S., Shiva, S.: Securing cloud infrastructure against co-resident DoS attacks using game theoretic defense mechanisms. In: Proceedings of the International Conference on Advances in Computing, Communications and Informatics, pp. 463–469. ACM Press (2012)Google Scholar
  4. 4.
    Tang, J.: Research on IP traceback in Denial-of-Service attacks. Central South University, Changsha (2008). ( in Chinese)Google Scholar
  5. 5.
    Wang, K.: Research on countermeasures to Denial of Service attack and IP traceback scheme. Shandong University of Science and Technology, Qingdao (2009). (in Chinese)Google Scholar
  6. 6.
    Santos, J.R., Turner, Y., Janakiraman, G., et al.: Bridging the gap between software and hardware techniques for I/O virtualization. In: Proceedings of the USENIX 2008 Annual Technical Conference, pp. 29–42. IEEE Press (2008)Google Scholar
  7. 7.
    Pu, X., Liu, L., Mei, Y., et al.: Who is your neighbor: net I/O performance interference in virtualized clouds. IEEE Trans. Serv. Comput. (99), 1–15 (2012)Google Scholar
  8. 8.
    Xu, P., Qian, Z., Mao, B., et al.: Xen virtual machine scheduling enhancement by improving cache efficiency. Comput. Sci. 39(7), 297–301 (2012). (in Chinese) Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.School of Computer Science and EngineeringNortheastern UniversityShenyangPeople’s Republic of China

Personalised recommendations