Optimal load distribution for the detection of VM-based DDoS attacks in the cloud
Distributed Denial of Service (DDoS) constitutes a major threat against cloud systems owing to the large financial losses it incurs. This motivated the security research community to investigate numerous detection techniques to limit such attack's effects. Yet, the existing solutions are still...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , , |
| Format: | article |
| Published: |
2018
|
| Online Access: | http://hdl.handle.net/10725/8317 http://dx.doi.org/10.1109/TSC.2017.2694426 http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php https://ieeexplore.ieee.org/abstract/document/7902208 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1864513484541132800 |
|---|---|
| author | Abdel Wahab, Omar |
| author2 | Bentahar, Jamal Otrok, Hadi Mourad, Azzam |
| author2_role | author author author |
| author_facet | Abdel Wahab, Omar Bentahar, Jamal Otrok, Hadi Mourad, Azzam |
| author_role | author |
| dc.creator.none.fl_str_mv | Abdel Wahab, Omar Bentahar, Jamal Otrok, Hadi Mourad, Azzam |
| dc.date.none.fl_str_mv | 2018-08-14T08:36:39Z 2018-08-14T08:36:39Z 2018-08-14 2020 |
| dc.identifier.none.fl_str_mv | 1939-1374 http://hdl.handle.net/10725/8317 http://dx.doi.org/10.1109/TSC.2017.2694426 Wahab, O. A., Bentahar, J., Otrok, H., & Mourad, A. (2020). Optimal load distribution for the detection of VM-based DDoS attacks in the cloud. IEEE Transactions on Services Computing, 13 (1), 114-129. http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php https://ieeexplore.ieee.org/abstract/document/7902208 |
| dc.language.none.fl_str_mv | en |
| dc.relation.none.fl_str_mv | IEEE Transactions on Services Computing |
| dc.rights.*.fl_str_mv | info:eu-repo/semantics/openAccess |
| dc.title.none.fl_str_mv | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud |
| dc.type.none.fl_str_mv | Article info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/article |
| description | Distributed Denial of Service (DDoS) constitutes a major threat against cloud systems owing to the large financial losses it incurs. This motivated the security research community to investigate numerous detection techniques to limit such attack's effects. Yet, the existing solutions are still not mature enough to satisfy a cloud-dedicated detection system's requirements since they overlook the attacker's wily strategies that exploit the cloud's elastic and multi-tenant properties, and ignore the cloud system's resources constraints. Motivated by this fact, we propose a two-fold solution that allows, first, the hypervisor to establish credible trust relationships toward guest Virtual Machines (VMs) by considering objective and subjective trust sources and employing Bayesian inference to aggregate them. On top of the trust model, we design a trust-based maximin game between DDoS attackers trying to minimize the cloud system's detection and hypervisor trying to maximize this minimization under limited budget of resources. The game solution guides the hypervisor to determine the optimal detection load distribution among VMs in real-time that maximizes DDoS attacks’ detection. Experimental results reveal that our solution maximizes attacks’ detection, decreases false positives and negatives, and minimizes CPU, memory and bandwidth consumption during DDoS attacks compared to the existing detection load distribution techniques. |
| eu_rights_str_mv | openAccess |
| format | article |
| id | LAURepo_7e0c40f4b950b9194bca562b159ce0ac |
| identifier_str_mv | 1939-1374 Wahab, O. A., Bentahar, J., Otrok, H., & Mourad, A. (2020). Optimal load distribution for the detection of VM-based DDoS attacks in the cloud. IEEE Transactions on Services Computing, 13 (1), 114-129. |
| language_invalid_str_mv | en |
| network_acronym_str | LAURepo |
| network_name_str | Lebanese American University repository |
| oai_identifier_str | oai:laur.lau.edu.lb:10725/8317 |
| publishDate | 2018 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| spelling | Optimal load distribution for the detection of VM-based DDoS attacks in the cloudAbdel Wahab, OmarBentahar, JamalOtrok, HadiMourad, AzzamDistributed Denial of Service (DDoS) constitutes a major threat against cloud systems owing to the large financial losses it incurs. This motivated the security research community to investigate numerous detection techniques to limit such attack's effects. Yet, the existing solutions are still not mature enough to satisfy a cloud-dedicated detection system's requirements since they overlook the attacker's wily strategies that exploit the cloud's elastic and multi-tenant properties, and ignore the cloud system's resources constraints. Motivated by this fact, we propose a two-fold solution that allows, first, the hypervisor to establish credible trust relationships toward guest Virtual Machines (VMs) by considering objective and subjective trust sources and employing Bayesian inference to aggregate them. On top of the trust model, we design a trust-based maximin game between DDoS attackers trying to minimize the cloud system's detection and hypervisor trying to maximize this minimization under limited budget of resources. The game solution guides the hypervisor to determine the optimal detection load distribution among VMs in real-time that maximizes DDoS attacks’ detection. Experimental results reveal that our solution maximizes attacks’ detection, decreases false positives and negatives, and minimizes CPU, memory and bandwidth consumption during DDoS attacks compared to the existing detection load distribution techniques.PublishedN/A2018-08-14T08:36:39Z2018-08-14T08:36:39Z20202018-08-14Articleinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/article1939-1374http://hdl.handle.net/10725/8317http://dx.doi.org/10.1109/TSC.2017.2694426Wahab, O. A., Bentahar, J., Otrok, H., & Mourad, A. (2020). Optimal load distribution for the detection of VM-based DDoS attacks in the cloud. IEEE Transactions on Services Computing, 13 (1), 114-129.http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.phphttps://ieeexplore.ieee.org/abstract/document/7902208enIEEE Transactions on Services Computinginfo:eu-repo/semantics/openAccessoai:laur.lau.edu.lb:10725/83172021-03-23T18:11:07Z |
| spellingShingle | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud Abdel Wahab, Omar |
| status_str | publishedVersion |
| title | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud |
| title_full | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud |
| title_fullStr | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud |
| title_full_unstemmed | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud |
| title_short | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud |
| title_sort | Optimal load distribution for the detection of VM-based DDoS attacks in the cloud |
| url | http://hdl.handle.net/10725/8317 http://dx.doi.org/10.1109/TSC.2017.2694426 http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php https://ieeexplore.ieee.org/abstract/document/7902208 |