Optimal Load Distribution for the Detection of VM-Based DDoS Attacks in the Cloud

Research output: Contribution to journalArticlepeer-review

91 Scopus citations

Abstract

Distributed Denial of Service (DDoS) constitutes a major threat against cloud systems owing to the large financial losses it incurs. This motivated the security research community to investigate numerous detection techniques to limit such attack's effects. Yet, the existing solutions are still not mature enough to satisfy a cloud-dedicated detection system's requirements since they overlook the attacker's wily strategies that exploit the cloud's elastic and multi-tenant properties, and ignore the cloud system's resources constraints. Motivated by this fact, we propose a two-fold solution that allows, first, the hypervisor to establish credible trust relationships toward guest Virtual Machines (VMs) by considering objective and subjective trust sources and employing Bayesian inference to aggregate them. On top of the trust model, we design a trust-based maximin game between DDoS attackers trying to minimize the cloud system's detection and hypervisor trying to maximize this minimization under limited budget of resources. The game solution guides the hypervisor to determine the optimal detection load distribution among VMs in real-time that maximizes DDoS attacks' detection. Experimental results reveal that our solution maximizes attacks' detection, decreases false positives and negatives, and minimizes CPU, memory and bandwidth consumption during DDoS attacks compared to the existing detection load distribution techniques.

Original languageBritish English
Article number7902208
Pages (from-to)114-129
Number of pages16
JournalIEEE Transactions on Services Computing
Volume13
Issue number1
DOIs
StatePublished - 1 Jan 2020

Keywords

  • cloud computing
  • Detection load distribution
  • Distributed Denial of Service (DDoS)
  • game theory
  • security
  • trust
  • virtualization

Fingerprint

Dive into the research topics of 'Optimal Load Distribution for the Detection of VM-Based DDoS Attacks in the Cloud'. Together they form a unique fingerprint.

Cite this