Title :
CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment
Author :
Chen, Qi ; Lin, Wenmin ; Dou, Wanchun ; Yu, Shui
Author_Institution :
State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing, China
Abstract :
Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected at non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet at attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.
Keywords :
cloud computing; computer network security; filtering theory; CBF method; DDoS attack defense; attack period; cloud computing environment; cloud security; confidence based filtering method; distributed denial of service attack; filtering accuracy; nonattack period; packet filtering method; real-time filtering; Cloud computing; Computer crime; Correlation; Filtering; IP networks; Protocols; Cloud Environment; Confidence; Correlation Pattern; Distributed Denial-of-Service Attack; Filtering; Network Security;
Conference_Titel :
Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on
Conference_Location :
Sydney, NSW
Print_ISBN :
978-1-4673-0006-3
DOI :
10.1109/DASC.2011.86
