Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems

Abstract : Public IaaS cloud environments are vulnerable to misbehaving applications and virtual machines. Moreover, cloud service availability, reliability, and ultimately reputation is specifically at risk from Denial of Service forms as it is based on resource over-commitment.In this paper, we describe a stealthy randomised probing strategy to learn thresholds used in the process of taking migration decisions in the cloud (i.e. reverse engineering of migration algorithms). These discovered thresholds are used to design a more efficient, harder to detect, and robust cloud DoS attack family. A sequence of tests is designed to extract and reveal these thresholds; these are performed by coordinating stealthily increased resource consumption among attackers whilst observing cloud management reactions to the increased demand. We can learn the required parameters by repeating the tests, observing the cloud reactions, and analysing the observations statistically. Revealing these hidden parameters is a security breach by itself; furthermore, they can be used to design a hard-to-detect DoS attack by stressing the host resources using a precise amount of workload to trigger migration. We design a formal model for migration decision processes, create a dynamic algorithm to extract the required hidden parameters, and demonstrate the utility with a specimen DoS attack.
Type de document :
Communication dans un congrès
Bart Decker; André Zúquete. 15th IFIP International Conference on Communications and Multimedia Security (CMS), Sep 2014, Aveiro, Portugal. Springer, Lecture Notes in Computer Science, LNCS-8735, pp.73-85, 2014, Communications and Multimedia Security. 〈10.1007/978-3-662-44885-4_6〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01404188
Contributeur : Hal Ifip <>
Soumis le : lundi 28 novembre 2016 - 14:46:35
Dernière modification le : vendredi 17 novembre 2017 - 13:10:01
Document(s) archivé(s) le : mardi 21 mars 2017 - 02:52:13

Fichier

978-3-662-44885-4_6_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Suaad Alarifi, Stephen Wolthusen. Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems. Bart Decker; André Zúquete. 15th IFIP International Conference on Communications and Multimedia Security (CMS), Sep 2014, Aveiro, Portugal. Springer, Lecture Notes in Computer Science, LNCS-8735, pp.73-85, 2014, Communications and Multimedia Security. 〈10.1007/978-3-662-44885-4_6〉. 〈hal-01404188〉

Partager

Métriques

Consultations de la notice

134

Téléchargements de fichiers

18