Frequency-Minimal Utility-Maximal Moving Target Defense against DDoS in SDN-Based Systems

Saptarshi Debroy, Prasad Calyam, Minh Nguyen, Roshan Lal Neupane, Bidyut Mukherjee, Ajay Kumar Eeralla, Khaled Salah

Research output: Contribution to journalArticlepeer-review

21 Scopus citations

Abstract

With the increase of DDoS attacks, resource adaptation schemes need to be effective to protect critical cloud-hosted applications. Specifically, they need to be adaptable to attack behavior, and be dynamic in terms of resource utilization. In this paper, we propose an intelligent strategy for proactive and reactive application migration by leveraging the concept of 'moving target defense' (MTD). The novelty of our approach lies in: (a) stochastic proactive migration frequency minimization across heterogeneous cloud resources to optimize migration management overheads, (b) market-driven migration location selection during proactive migration to optimize resource utilization, cloud service providers (CSPs) cost and user quality of experience, and (c) fast converging cost-minimizing reactive migration coupled with a 'false reality' pretense to reduce the future attack success probability. We evaluate the effectiveness of our proposed MTD-based defense strategy using a Software-defined Networking (SDN) enabled GENI Cloud testbed for a 'Just-in-time news articles and video feeds' application. Our frequency minimization results show more than 40% reduction in DDoS attack success rate in the best cases when compared to the traditional periodic migration schemes on homogeneous cloud resources. The results also show that our market-driven migration location selection strategy decreases CSP cost and increases resource utilization by 30%.

Original languageBritish English
Article number9023955
Pages (from-to)890-903
Number of pages14
JournalIEEE Transactions on Network and Service Management
Volume17
Issue number2
DOIs
StatePublished - Jun 2020

Keywords

  • Cloud security
  • DDoS attack
  • moving target defense
  • software-defined networking

Fingerprint

Dive into the research topics of 'Frequency-Minimal Utility-Maximal Moving Target Defense against DDoS in SDN-Based Systems'. Together they form a unique fingerprint.

Cite this