Defending Cloud Computing Environment Against the Challenge of DDoS Attacks Based on Software Defined Network
With the explosive growth of cloud computing, virtualization technology has become more and more mature. However, it also increases the complexity of the network topology and causes many new important issues. One of the important issues is the security problem. It is hard to directly monitor the network traffic between Virtual Machines (VMs) through the external network devices, which make VMs more vulnerable in virtual environments. This research focuses on how to efficiently and rapidly protect VMs from malicious attacks without consuming its resources. We combine virtualization platform with the concept of Defense in Depth based on Software Defined Network (SDN), and implement a real-time detection and defense system for DDoS attacks. Moreover, we propose an enhanced entropy-based DDoS detection method to improve its detection accuracy, and we deploy it in SDN architecture.
KeywordsCloud Computing SDN Defense in Depth DDoS KVM Virtual switch NIDS
Unable to display preview. Download preview PDF.
- 1.IBM X-Force Threat Intelligence Quarterly, 1Q 2015, Retrieved 2015/06/02 from http://public.dhe.ibm.com/common/ssi/ecm/wg/en/wgl03073usen/WGL03073USEN.PDF
- 2.Shunsuke Oshima, Takuo Nakashima, and Toshinori Sueyoshi.: Early DoS/DDOS detection method using short-term statistics. IEEE International Conference on Complex, Intelligent and Software Intensive Systems (CISIS), 2010, pp. 168-173.Google Scholar
- 3.Jie Zhang, Zheng Qin, Lu Ou, Pei Jiang, JianRong Liu and Alex X. Liu.: An Advanced Entropy-Based DDOS Detection Scheme. IEEE International Conference on Information, Networking and Automation (ICINA), 2010, pp. 67-71.Google Scholar
- 4.Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan.: Openow random host mutation: transparent moving target defense using software defined networking. Proceedings of the first ACM workshop on Hot topics in software defined networks, 2012, pp. 127-132.Google Scholar
- 5.Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker and Jonathan Turner.: OpenFlow: Enabling Innovation in Campus Networks. ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, 2008, pp. 69-74.Google Scholar
- 6.Tianyi Xing, Zhengyang Xiong, Dijiang Huang and Deep Medhi.: SDNIPS: Enabling Software-Defined Networking Based Intrusion Prevention System in Clouds. IEEE 10th International Conference on Network and Service Management (CNSM), 2014, pp. 308-311.Google Scholar
- 7.Hongxin Hu, Wonkyu Han, Gail-Joon Ahn and Ziming Zhao.: FLOWGUARD: building robust firewalls for software-defined networks. Proceedings of the third ACM workshop on Hot topics in software defined networking, 2014, pp. 97-102.Google Scholar
- 8.Seyed Mohammad Mousavi and Marc St-Hilaire.: Early Detection of DDoS Attacks against SDN Controllers. IEEE International Conference on Computing, Networking and Communications (ICNC), 2015, pp. 77-81.Google Scholar