云环境下的“云滴冻结”攻击

doi:10.3969/j.issn.1001-2400.2014.03.017

J4 ›› 2014, Vol. 41 ›› Issue (3): 116-122.doi: 10.3969/j.issn.1001-2400.2014.03.017

云环境下的“云滴冻结”攻击

王一川;马建峰;卢笛;张留美;孟宪佳

(西安电子科技大学计算机学院，陕西西安 710071)

收稿日期:2013-09-17 出版日期:2014-06-20 发布日期:2014-07-10
通讯作者: 王一川
作者简介:王一川(1983-)，男，西安电子科技大学博士研究生，E-mail: ctechsky@gmail.com．
基金资助:
长江学者和创新团队发展计划资助项目(IRT1078)；国家自然基金重点资助项目(2011ZX03005-002)；中央高校基本科研业务费资助项目(JY0900120301)；国家科技重大专项资助项目(2012ZX03002003)

Cloud droplets freezing attack in cloud computing

WANG Yichuan;MA Jianfeng;LU Di;ZHANG Liumei;MENG Xianjia

(School of Computer Science and Technology, Xidian Univ., Xi'an 710071， China)

Received:2013-09-17 Online:2014-06-20 Published:2014-07-10
Contact: WANG Yichuan

摘要/Abstract

摘要：

根据云计算环境下服务器集群部署的特征，提出一种新型的、实用的分布式拒绝服务攻击模型——“云滴冻结”攻击．实验表明，攻击者可通过控制受感染的僵尸虚拟机发动该攻击，不仅使云服务器集群的内部网络带宽产生严重的拥塞，而且极大地消耗了物理主机的内存和CPU等资源．该攻击通过非法占用原本分配给合法虚拟机的资源，从而达到拒绝服务的效果．通过量化分析攻击原理，结合传统拒绝服务攻击和防御相关技术，讨论了防御“云滴冻结”攻击的思路．

关键词: 云计算, 分布式拒绝服务攻击, 网络安全, 僵尸网络

Abstract:

This paper proposes a novel and practical distributed denial-of-service attack model—cloud droplets freezing attack, by studying the characteristics of the server cluster deployment in cloud computing context. Experimental results show that the attacker can control the infected virtual machine to launch the attack. Such an attack not only produces a serious congestion effect to the internal network bandwidth of cloud server clusters, but also exhausts physical host resources such as memory and CPU. To achieve effective denial-of-service attacks, the attack illegally occupies resources that are originally assigned to a legitimate virtual machine. Combined with the defense related technologies toward traditional denial-of-service attack and the quantitative analysis of the principle of the Cloud droplets attack, the paper discusses the Cloud droplets freezing defense methods.

Key words: cloud computing, distributed denial of service attack, network security, botnet

中图分类号:

TP309

王一川;马建峰;卢笛;张留美;孟宪佳. 云环境下的“云滴冻结”攻击[J]. J4, 2014, 41(3): 116-122.

WANG Yichuan;MA Jianfeng;LU Di;ZHANG Liumei;MENG Xianjia. Cloud droplets freezing attack in cloud computing[J]. J4, 2014, 41(3): 116-122.

参考文献

［1］ Jansen W, Timothy G. Security Guidance for Critical Areas of Focus in Cloud Computing v3.0［M］. Phoenix: Cloud Security Alliance, 2011.
［2］冯登国, 张敏, 张妍, 等. 云计算安全研究［J］. 软件学报, 2011, 22(1): 71-83.
Feng Dengguo, Zhang Min, Zhang Yan, et al. Study on Cloud Computing Security［J］. Journal of Software, 2011, 22(1): 71-83.
［3］ Modi C, Patel D, Borisanyia B, et al. A Survey on Security Issues and Solutions at Different Layers of Cloud Computing ［J］. Journal of Supercomputing, 2013, 63(2): 561-592.
［4］ Choi H, Lee H. Identifying Botnets by Capturing Group Activities in DNS Traffic ［J］. Computer Networks, 2012, 56(1): 20-33.
［5］ Hunt N, Bergan T, Ceze L, et al. DDOS: Taming Nondeterminism in Distributed Systems ［C］//Proceedings of the 18th International Conference on Architectural Support for Programming Languages and oPerating Systems. New York: ACM, 2013: 499-508.
［6］ Botezatu B. Anatomy of a Botnet ［R］. Burlington: Arbor Networks, 2010.
［7］ Arbor Networks. 8th Annual Worldwide Infrastructure Security Report ［R］. Burlington: Arbor Networks, 2013.
［8］ Studer A, Perrig A. The Coremelt Attack ［C］//Lectures Notes in Computer Science. Heidelberg: Springer, 2009: 37-52.
［9］ Liu Jiuxing, Huang Wei, Abali B, et al. High Performance VMM-bypass I/O in Virtual Machines ［C］//Proceedings of the Annual Conference on USENIX: 6. Berkeley: USENIX Association, 2006: 3.
［10］ Wang Haining, Zhang Danlu, Shin K G. Detecting SYN Flooding Attacks ［C］//Proceedings of IEEE 21st Annual Joint Conference on Computer and Communications Societies: 3. Piscataway: IEEE, 2002: 1530-1539.
［11］ Manikopoulos C, Papavassiliou S. Network Intrusion and Fault Detection: a Statistical Anomaly Approach ［J］. IEEE Communications Magazine , 2002, 40(10): 76-82.
［12］ Mirkovic J, Reiher P. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms ［J］. Computer Communication Review, 2004, 34(2): 39-53.

[1]	李华东,张学亮,王晓磊,刘惠,王鹏程,杜军朝. Kubernetes集群中多节点合作博弈负载均衡策略[J]. 西安电子科技大学学报, 2021, 48(6): 16-22.
[2]	刘华渊,苏云飞,李瑞林,唐朝京. 结构状态覆盖导向的灰盒模糊测试技术[J]. 西安电子科技大学学报, 2021, 48(1): 117-123.
[3]	李腾,曹世杰,尹思薇,魏大卫,马鑫迪,马建峰. 应用Q学习决策的最优攻击路径生成方法[J]. 西安电子科技大学学报, 2021, 48(1): 160-167.
[4]	杨宏宇,曾仁韵. 一种深度学习的网络安全态势评估方法[J]. 西安电子科技大学学报, 2021, 48(1): 183-190.
[5]	郑献春,李晖,王瑞,闫皓楠,戴睿,萧明炽. 匿名网络应用及仿真平台研究综述[J]. 西安电子科技大学学报, 2021, 48(1): 22-38.
[6]	杨宏宇,张旭高. 一种网络安全态势自适应预测模型[J]. 西安电子科技大学学报, 2020, 47(3): 14-22.
[7]	王燕. 改进多目标进化算法的云工作流调度[J]. 西安电子科技大学学报, 2019, 46(1): 130-136.
[8]	杨宝旺. 采用符号动力学方法检测低速率拒绝服务攻击[J]. 西安电子科技大学学报, 2018, 45(1): 140-144.
[9]	韩鹍;张海林;辛丹;吴波;康元基. 利用身份的全同态加密函数库设计方法[J]. 西安电子科技大学学报, 2017, 44(4): 56-61.
[10]	景维鹏;霍帅起;陈广胜;刘亚秋. 混合关键任务可靠调度方法与调度性分析[J]. 西安电子科技大学学报, 2016, 43(6): 158-163.
[11]	梁洪泉;吴巍. 利用节点可信度的安全链路状态路由协议[J]. 西安电子科技大学学报, 2016, 43(5): 121-127.
[12]	黄春水;任艳丽;蔡建兴. 可验证模指数批计算外包方案[J]. 西安电子科技大学学报, 2016, 43(4): 135-140.
[13]	景维鹏;吴智博;刘宏伟;舒燕君. 多DAG工作流在云计算环境下的可靠性调度方法[J]. 西安电子科技大学学报, 2016, 43(2): 83-88.
[14]	王晋东;余定坤;张恒巍;王娜. 静态贝叶斯博弈主动防御策略选取方法[J]. J4, 2016, 43(1): 144-150.
[15]	柳兴;袁超伟;杨震;李振军. 一种基于李雅普诺夫优化的业务推送策略[J]. J4, 2015, 42(6): 138-144.

云环境下的“云滴冻结”攻击

Cloud droplets freezing attack in cloud computing

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

Metrics

本文评价

推荐阅读 10