Cloud Security
Defence
to Protect
Cloud Computing Against HTTP
-
DoS
and XML
-
DoS
attacks
Source
:
Journal of
Network and Computer Applications
,
Vol. 34, No.4, July
2011,
p.p. 1097
-
1107
Authors : Ashley
Chonka
, Yang Xiang,
Wanlei
Zhou
and
Alessio
Bonti
Speaker : Chin
-
Yu Sun
Date
:
2012/04/12
1
Outline
•
Related works
-
DoS
attack
-
DDoS
attack
-
H
-
DoS
attack(HTTP
DoS
)
-
X
-
DoS
attack(XML
DoS
)
•
Proposed
solution
-
Cloud
DDoS
attack
-
Solutions
•
Evaluations
•
Conclusions
2
Related works
•
DoS
attack
(Denial
of
Service)
Legal user
Server
request
response
3
Related works
•
DDoS
attack
(Distributed
DoS
)
Legal user
Server
request
response
…
Victims/zombies
4
Related works
•
H
-
DoS
attack
Source Port (16)
Destination Port (16)
Sequence Number (32)
Acknowledgment Number (32)
Data
Offset(4)
Reserved (6)
U
R
G
A
C
K
P
S
H
R
S
T
S
Y
N
F
I
N
Window
(16)
Checksum (16)
Urgent Pointer (16)
Options (0 or more 32 bit words + padding)
DATA
...
H
e
a
d
e
r
: Useless
: Sensitive
5
Related works
•
X
-
DoS
attack
•
XML message
<?
xml version="1.0
"?>
<!
DOCTYPE
lolz
[
<!
ENTITY
lol
"
Hello">
<!
ENTITY lol2 "&
lol
;">
]>
<
lolz
>&
lol2;</
lolz
>
=================================
Hello
6
Related works
•
X
-
DoS
attack
•
XML
Bomb
<?xml version="1.0"?>
<!
DOCTYPE
lolz
[
<!
ENTITY
lol
"
lol
">
<!
ENTITY lol2 "&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;">
<!
ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!
ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!
ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4
;">
<!
ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!
ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!
ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!
ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<
lolz
>&lol9;</
lolz
>
=============================================================
?
7
Proposed solution
•
Cloud
DDoS
attack
Cloud 0 (Victim)
Cloud 1 (Attacker)
Cloud 2 (Attacker)
8
Proposed solution
•
Solutions
Cloud 0 (Victim)
Cloud 1 (Attacker)
Cloud 2 (Attacker)
C
l
o
u
d
p
r
o
t
e
c
t
o
r
C
T
B
9
Proposed solution
•
CTB(Cloud
TraceBack
)
C
T
B
1.Service request
Cloud
protector
10
Proposed solution
•
CTB
Step1. Extract header of the message
If no header then
create
HeaderAttribute
(“client id”)
Else
get
UsernameToken
(xx)
Username = new client id
Step2. Store username and display the header
Create a table array
Ws.tx
= extract
Transactioninfo
()
Ws.tx.time_and_data
= timestamp
Ws.tx.username
= username
Table_array
[]+=
Ws.tx.username
11
Proposed solution
•
CTB
12
80
Destination Port (16)
Sequence Number (32)
Acknowledgment Number (32)
Data
Offset(4)
Reserved (6)
U
R
G
A
C
K
P
S
H
R
S
T
S
Y
N
F
I
N
Window
(16)
Checksum (16)
Urgent Pointer (16)
Options (0 or more 32 bit words + padding)
DATA
...
H
e
a
d
e
r
Extract the username: 168.134.50.88:80
and the timestamp: 201204012
-
11:30:21
stored in the table
Proposed solution
•
Cloud protector
C
T
B
Cloud
protector
13
Proposed solution
•
Cloud protector
-
Is a trained neural network (NN)
-
Detect and filter out X
-
DoS
messages
14
Input
Output
Weight
Weight
Weight
Total weight > threshold
or
Total weight
< threshold
Case 1.
Case 2.
.
.
.
Case n.
Proposed solution
•
Cloud protector
Example(1/2):
15
<?xml version="1.0"?>
<!
DOCTYPE
lolz
[
<!
ENTITY
lol
"
lol
">
<!
ENTITY lol2 "&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;&
lol
;">
<!
ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!
ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!
ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4
;">
<!
ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!
ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!
ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!
ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<
lolz
>&lol9;</
lolz
>
Proposed solution
16
•
Cloud protector
Example(2/2)
: (
Threshold:9
)
Case1. Logic error: weight is 10
Case2. Incomplete contain
: weight is 10
-
1. Scan the XML Message
-
2. Compute the total weight
: 10
-
3. Total weight: 10> Threshold: 9
-
4. Malicious message!
Evaluations
Three virtual machines with 20
Firefox browsers and each
firefox
browsers have 20 tabs use the tool
website = 3X20X20 = 1200
Can crash down the
I
ranian website
•
Example for H
-
DoS
attack
17
Evaluations
Point A: Normal traffic
Point B: Attack continued to increase the amount of http requests
Point C: Web server
defence
control started
Point D: Attack still can reach point D
•
Example for H
-
DoS
attack
18
Evaluations
19
Detected attack traffic (91%)
Missed traffic (9%)
Conclusions
•
Protect
Cloud Computing
Against X
-
DoS
and
H
-
DoS
attacks in future.
•
CTB can trace the attacker and
Cloud
protector can detect and filter the attacks.
20
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο