Key Completion Indicators  - Minimizing the Effect of DoS Attacks on Elastic Cloud-based Applications Based on Application-level Markov Chain Checkpoints

George Kousiouris

doi:10.5220/0004963006220628

Key Completion Indicators - Minimizing the Effect of DoS Attacks on Elastic Cloud-based Applications Based on Application-level Markov Chain Checkpoints

George Kousiouris

2014

Abstract

The problem of DoS attacks has significant effects for any computing system available through the public domain. In the case of Clouds, it becomes even more critical since elasticity policies tied with metrics like Key Performance Indicators (KPIs) can lead a Cloud adopter to significant monetary losses. DoS attacks increase the KPIs, which in turn trigger the elastic increase of resources but without financial benefit for the owner of the cloud-enabled application (Economic Denial of Sustainability). Given the numerous scenarios of DoS attacks and the nature of services computing (in many cases involving legitimate automated traffic requests and bursts), networking mitigation approaches may not be sufficient. In this paper, the concept of Key Completion Indicators (KCIs) is provided and an analysis framework based on a probabilistic approach is proposed that can be applied on the application layer in cloud-deployed applications and elasticity policies, in order to avoid the aforementioned situation. KCIs indicate the level of completeness and provided revenue of the requests made towards a publicly available service and together with the KPIs can lead to a safer result with regard to elasticity. An initial architecture of this DoS Identification as a Service is portrayed.

References

Naresh Kumar, M.; Sujatha, P.; Kalva, V.; Nagori, R.; Katukojwala, A. K.; Kumar, M., "Mitigating Economic Denial of Sustainability (EDoS) in Cloud Computing Using In-cloud Scrubber Service," Computational Intelligence and Communication Networks (CICN), 2012 Fourth International Conference on , vol., no., pp.535,539, 3-5 Nov. 2012.
Haining Wang, Danlu Zhang, Kang G. Shin, "ChangePoint Monitoring for the Detection of DoS Attacks," IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 4, pp. 193-208, Oct.-Dec. 2004.
P. Arun Raj Kumar, S. Selvakumar, Distributed denial of service attack detection using an ensemble of neural classifier, Computer Communications, Volume 34, Issue 11, 15 July 2011, Pages 1328-1341, ISSN 0140- 3664.
Kuochen Wang, Chun-Ying Huang, Shang-Jyh Lin, YingDar Lin, A fuzzy pattern-based filtering algorithm for botnet detection, Computer Networks, Volume 55, Issue 15, 27 October 2011, Pages 3275-3286, ISSN 1389-1286.
E. Ahmed, G. Mohay, A. Tickle, and S. Bhatia, “Use of ip addresses for high rate flooding attack detection,” in Proceedings of 25th International Information Security Conference (SEC 2010) : Security & Privacy : Silver Linings in the Cloud, Brisbane, Australia.
M. Mailloux, H. Naim, T. Wayne, “Application Layer and Operating System Collaboration to Improve QoS against DDoS Attack”, Available at: https://wiki.engr.illinois.edu/download/attachments/68 780072/QoSSoD.pdf?version=2&modificationDate=1 210044601000.
Pinzón, C., De Paz, J. F., Zato, C., Pérez, J.: Protecting Web Services against DoS Attacks: A Case-Based Reasoning Approach. In: Graña Romay, M., Corchado, E., Garcia Sebastian, M.T. (eds.) HAIS 2010. LNCS, vol. 6076, pp. 229-236. Springer, Heidelberg (2010).
Kranas, P.; Anagnostopoulos, V.; Menychtas, A.; Varvarigou, T., "ElaaS: An Innovative Elasticity as a Service Framework for Dynamic Management across the Cloud Stack Layers," Complex, Intelligent and Software Intensive Systems (CISIS), 2012 Sixth International Conference on , vol., no., pp.1042,1049, 4-6 July 2012.
Yang J., Li Y., Huang B., Ming J. (2008) Preventing DDoS attacks based on credit model for P2P streaming system. In: ATC 7808: Proc of the 5th International Conference on Autonomic and Trusted Computing. Springer, Berlin, pp 13-20.
Sandar S. V., Shenai S. Economic denial of sustainability (EDoS) in cloud services using HTTP and XML based DDoS attacks. International Journal of Computer Applications 2012;41(20):11-6.
Cheng Jin, Haining Wang, and Kang G. Shin. 2003. Hopcount filtering: an effective defense against spoofed DDoS traffic. In Proceedings of the 10th ACM conference on Computer and communications security (CCS 7803). ACM, New York, NY, USA, 30-41.

Download

Paper Citation

in Harvard Style

Kousiouris G. (2014). Key Completion Indicators - Minimizing the Effect of DoS Attacks on Elastic Cloud-based Applications Based on Application-level Markov Chain Checkpoints . In Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-019-2, pages 622-628. DOI: 10.5220/0004963006220628

in Bibtex Style

@conference{closer14,
author={George Kousiouris},
title={Key Completion Indicators - Minimizing the Effect of DoS Attacks on Elastic Cloud-based Applications Based on Application-level Markov Chain Checkpoints},
booktitle={Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2014},
pages={622-628},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004963006220628},
isbn={978-989-758-019-2},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - Key Completion Indicators - Minimizing the Effect of DoS Attacks on Elastic Cloud-based Applications Based on Application-level Markov Chain Checkpoints
SN - 978-989-758-019-2
AU - Kousiouris G.
PY - 2014
SP - 622
EP - 628
DO - 10.5220/0004963006220628