DDoS Attacks Defense Mechanism based on Secure Routing Alliance

doi:10.23940/ijpe.18.03.p12.512520

Abstract

Abstract:

Distributed Denial of Service (DDoS) attacks on the cloud computing platform has become one of the key issues affecting cloud security. According to the sources of security threat of cloud computing platform, construct secure routing alliance, filter and resist DDoS from the route of cloud user to cloud computing center, design data forwarding mechanism and fault nodes replacement mechanism. The strategy of secure overlay services is combined with the structural characteristics of the ubiquitous routing platform to defend against DDoS attacks. The Chord ring is improved, the nodes are divided according to the distance in the physical network, and the Chord algorithm is avoided repeatedly ignoring the forwarding of physical paths. Since the original Chord algorithm is applied to the P2P network, in order to make it more suitable for the hierarchical physical topology, only the first three jumps of the Chord algorithm's query steps are taken. Fault nodes replacement mechanism uses virtual machine technology to convert nodes in the network into a large number of virtual nodes and serve as backup nodes in the security structure in time to replace the attacked nodes with backup nodes to minimize the impact of attacks on the nodes. The simulation results show that with the increase of the number of nodes, the data passing rate of the secure routing alliance can exceed 90% and the pass rate can be guaranteed to be over 35% when the number of attack nodes is large, which ensures data security and the availability of the transmission paths.

Submitted on December 25, 2017; Revised on January 16, 2018; Accepted on February 20, 2018
References: 21

Xiaohui Yang Yue Yu. DDoS Attacks Defense Mechanism based on Secure Routing Alliance [J]. Int J Performability Eng, 2018, 14(3): 512-520.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References 0

	A. Bakshi and B. Yogesh, “Securing Cloud from DDOS Attacks Using Intrusion Detection System in Virtual Machine,” Communication Software and Networks, pp. 260-264, 2010.
	Cloud Security Alliance, “Top Threats to Cloud Computing,” https://cloudsecurityalliance.org/group/top-threat, August 2015.
	X. Chen, H. Cheng, and Z. J. Zheng, “Cloud Computing Virtualization Technology Development and Trends”, Electronic Technology and Software Engineering, no. 21, 2017.
	T. Erl, Z. Mahmood, and R. Puttini, “Cloud Computing Concepts, Technology and Architecture,” Mechanical Industry Press, Beijing, China, pp. 14-76, 2014.
	W. Han, “Research on DDoS Attacks Defense based on Hadoop Cloud Computing Platform,” Taiyuan University of Science and Technology, Taiyuan, China, 2011.
	Z. J. Han, “Defence of Denial of Service Attack based on Cloud Computing Platform,” Institute of Information Technology, vol. 37, no. 3, pp. 67-69, 2011.
	C. H. In, C. S. Hong, and J. Wei, “An Enhanced SOS Architecture for DDoS Attacks Defense Using Active Network Technology,” Proceedings of Advanced Industrial Conference on Telecommunications/ Service Assurance with Partial and Intermittent Resources Conference/ Learning on Telecommunications Workshop, Lisbon, Portugal, pp. 90-95, 2005.
	A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: An Architecture for Mitigating DDoS Attacks,” IEEE Journal on Selected Areas in Communications, vol. 22, no. 1, pp. 176-187, 2004.
	G. Q. Lu, “Ubiquitous Routing Platform of Cloud Computing,” Journal of Information Security and Technology, pp. 106-108, August 2010.
	R. Sahay, G. Blanc, Z. Zhang, and H. Debar, “Towards Autonomic DDoS Mitigation Using Software Defined Networking,” NDSS Workshop on Security of Emerging Networking Technologies, Internet Society, 2015.
	G. Somani, M. S. Gaur, D. Sanghi, M. Conti, M. Rajarajan, and R. Buyya, “Combating DDoS Attacks in the Cloud: Requirements, Trends, and Future Directions,” IEEE Cloud Computing, 2017.
	A. Stavrou and A. D. Keromytis, “Countering DoS Attacks with Stateless Multipath Overlays,” Proceedings of the 12th ACM Conference on Computer and Communications Security CCS'05, pp. 249-259, Virginia, USA, 2005.
	S. C. Tsai, I. H. Liu, C. Lu, C. H. Chang, and J. S. Li, “Defending Cloud Computing Environment against the Challenge of DDoS Attacks based on Software Defined Network,” in Advances in Intelligent Information Hiding and Multimedia Signal Processing: Proceeding of the Twelfth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, vol. 1, pp. 21–292, 2017.
	X. Wang, M. Chen, and C. Xing, “SDSNM: A Software Defined Security Networking Mechanism to Defend Against DDoS Attacks,” in Frontier of Computer Science and Technology (FCST), 2015 Ninth International Conference on, IEEE, pp. 115–121, 2015.
	X. Wang, S. Chellappan, and P. Boyer, “On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 17, no. 7, pp. 619-632, 2006.
	Y. Wang, J. Ma, D. Lu, X. Lu, and L. Zhang, “From High-Availability to Collapse: Quantitative Analysis of ‘Cloud Droplet Freezing’ Attack Threats to Virtual Machine Migration in Cloud Computing,” Cluster Computing. vol. 17, no. 4, pp. 1369–1381, 2014.
	Z. J. Wu, Y. Cui, and M. Yue, “Defensive DDoS Attack Method based on Virtual Hash Secure Access Path VHSAP for Cloud Computing Routing Platforms,” Journal of Communication, vol. 36, no. 1, pp. 34-41, 2015.
	D. Xuan, S. Chellappan, and X. Wang, “Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks,” Proceedings of the 24th International Conference on Distributed Computing Systems, pp. 408-417, Tokyo, Japan,2004.
	Q. Yan and F. Yu, “Distributed Denial of Service Attacks in Software Defined Networking with Cloud Computing,” Commun. Mag. IEEE, vol.53, no. 4, pp. 52-59, 2015.
	G. Yossi, H. Amir, S. Michael, and G. Michael, “CDN on Demand: An Affordable DDoS Defense via Untrusted Clouds,” Network and Distributed System Security Symposium (NDSS), 2016.
	Y. L. Zhao and J. Zhang, “OMNeT++ and Network Simulation,” People's Posts and Telecommunications Press, pp. 22-102, Beijing, China, 2012.