Cloud Security Defence to Protect

runmidgeΤεχνίτη Νοημοσύνη και Ρομποτική

20 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

81 εμφανίσεις

Cloud Security
Defence

to Protect
Cloud Computing Against HTTP
-
DoS

and XML
-
DoS

attacks


Source
:
Journal of
Network and Computer Applications
,


Vol. 34, No.4, July
2011,
p.p. 1097
-
1107

Authors : Ashley
Chonka
, Yang Xiang,
Wanlei

Zhou


and
Alessio

Bonti

Speaker : Chin
-
Yu Sun

Date
:
2012/04/12



1

Outline


Related works


-

DoS

attack


-

DDoS

attack


-

H
-
DoS

attack(HTTP

DoS
)


-

X
-
DoS

attack(XML
DoS
)


Proposed
solution


-

Cloud
DDoS

attack



-

Solutions


Evaluations


Conclusions

2

Related works


DoS

attack

(Denial

of

Service)

Legal user

Server

request

response

3

Related works


DDoS

attack

(Distributed
DoS
)

Legal user

Server

request

response



Victims/zombies

4

Related works


H
-
DoS

attack

Source Port (16)

Destination Port (16)

Sequence Number (32)

Acknowledgment Number (32)

Data

Offset(4)

Reserved (6)

U

R

G

A

C

K

P

S

H

R

S

T

S

Y

N

F

I

N

Window

(16)

Checksum (16)

Urgent Pointer (16)

Options (0 or more 32 bit words + padding)

DATA

...

H

e

a

d

e

r

: Useless

: Sensitive

5

Related works


X
-
DoS

attack


XML message

<?
xml version="1.0
"?>

<!
DOCTYPE
lolz

[

<!
ENTITY
lol

"
Hello">

<!
ENTITY lol2 "&
lol
;">

]>



<
lolz
>&
lol2;</
lolz
>


=================================

Hello

6

Related works


X
-
DoS

attack


XML
Bomb

<?xml version="1.0"?>

<!
DOCTYPE
lolz

[

<!
ENTITY
lol

"
lol
">

<!
ENTITY lol2 "&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;">

<!
ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">

<!
ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">

<!
ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4
;">

<!
ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">

<!
ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">

<!
ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">

<!
ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">

]>


<
lolz
>&lol9;</
lolz
>

=============================================================

?

7

Proposed solution


Cloud
DDoS

attack


Cloud 0 (Victim)

Cloud 1 (Attacker)

Cloud 2 (Attacker)

8

Proposed solution


Solutions

Cloud 0 (Victim)

Cloud 1 (Attacker)

Cloud 2 (Attacker)

C

l

o

u

d

p

r

o

t

e

c

t

o

r

C

T

B

9

Proposed solution


CTB(Cloud
TraceBack
)

C

T

B

1.Service request

Cloud

protector

10

Proposed solution


CTB

Step1. Extract header of the message

If no header then



create
HeaderAttribute
(“client id”)

Else


get
UsernameToken
(xx)



Username = new client id

Step2. Store username and display the header

Create a table array



Ws.tx

= extract
Transactioninfo
()


Ws.tx.time_and_data

= timestamp


Ws.tx.username

= username


Table_array
[]+=

Ws.tx.username


11

Proposed solution


CTB


12

80

Destination Port (16)

Sequence Number (32)

Acknowledgment Number (32)

Data

Offset(4)

Reserved (6)

U

R

G

A

C

K

P

S

H

R

S

T

S

Y

N

F

I

N

Window

(16)

Checksum (16)

Urgent Pointer (16)

Options (0 or more 32 bit words + padding)

DATA

...

H

e

a

d

e

r

Extract the username: 168.134.50.88:80

and the timestamp: 201204012
-
11:30:21

stored in the table

Proposed solution


Cloud protector

C

T

B

Cloud

protector

13

Proposed solution


Cloud protector



-

Is a trained neural network (NN)



-

Detect and filter out X
-
DoS

messages

14

Input

Output

Weight

Weight

Weight

Total weight > threshold

or

Total weight
< threshold

Case 1.

Case 2.

.

.

.

Case n.

Proposed solution


Cloud protector



Example(1/2):

15

<?xml version="1.0"?>

<!
DOCTYPE
lolz

[

<!
ENTITY
lol

"
lol
">

<!
ENTITY lol2 "&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;">

<!
ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">

<!
ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">

<!
ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4
;">

<!
ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">

<!
ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">

<!
ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">

<!
ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">

]>


<
lolz
>&lol9;</
lolz
>

Proposed solution

16


Cloud protector

Example(2/2)
: (
Threshold:9
)


Case1. Logic error: weight is 10



Case2. Incomplete contain
: weight is 10



-
1. Scan the XML Message


-
2. Compute the total weight
: 10


-
3. Total weight: 10> Threshold: 9


-
4. Malicious message!

Evaluations

Three virtual machines with 20
Firefox browsers and each
firefox

browsers have 20 tabs use the tool
website = 3X20X20 = 1200

Can crash down the
I
ranian website


Example for H
-
DoS

attack

17

Evaluations

Point A: Normal traffic

Point B: Attack continued to increase the amount of http requests

Point C: Web server
defence

control started

Point D: Attack still can reach point D


Example for H
-
DoS

attack

18

Evaluations

19

Detected attack traffic (91%)

Missed traffic (9%)

Conclusions


Protect
Cloud Computing
Against X
-
DoS

and
H
-
DoS

attacks in future.


CTB can trace the attacker and

Cloud
protector can detect and filter the attacks.

20