Two-Player Security Game Approach Based Co-Resident Dos Attack Defence Mechanism for Cloud Computing

Authors(2) :-Rethishkumar S, Dr. R. Vijayakumar

Virtual Machines (VM) are considered as the fundamental components to cloud computing systems. Though VMs provide efficient computing resources, they are also exposed to several security threats. While some threats are easy to block, some attacks such as co-resident attacks are much harder even to detect. This paper proposes two-player game approach based defense mechanism for minimizing the co-resistance DOS attacks by making it difficult for attackers to initiate attacks. The proposed defense mechanism first analyzes the attacker behavior difference between attacker and normal users under PSSF VM allocation policy. Then the clustering analysis is performed by EDBSCAN (Enhanced Density-based Spatial Clustering of Applications with Noise). The partial labeling is done based on the clustering algorithm to partially distinguish the users as legal or malicious. Then the semi-supervised learning using Deterministic Annealing Semi-supervised SVM (DAS3VM) optimized by branch and bounds method is done to classify the nodes. Once the user accounts are classified, the two-player security game approach is utilized to increase the cost of launching new VMs thus minimizing the probability of initiating co-resident DOS attack. Thus the security threats can be averted efficiently using the proposed defense mechanism. Experimental results prove that the proposed co-resident DOS attack defense mechanism makes a significant contribution preventing security threats

Authors and Affiliations

Rethishkumar S
School of Computer Sciences, Mahatma Gandhi University, Kottayam, Kerala, India
Dr. R. Vijayakumar
Professor, School of Computer Sciences, Mahatma Gandhi University, Kottayam, Kerala, India

Co-resident DOS attack, PSSF, EDBSCAN, DAS3VM, branch and bound method

  1. Armbrust, M., Fox, A., Griffith, R., Joseph, A., Katz, R., et al.: Above the Clouds: A Berkeley View of Cloud Computing. Technical Report UCB/EECS-2009-28, University of California, Berkeley (2009)
  2. Amazon. Amazon Elastic Compute Cloud (EC2). http://aws. amazon.com/ec2/
  3. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get off of my cloud: exploring information leakage in third-party compute clouds. In: CCS’09: Proceedings of 16th ACM Conference on Computer and Communications Security, Chicago (2009)
  4. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting R.: An exploration of L2 cache covert channels in virtualized environments. In: Proceedings of 3rd ACM Workshop on Cloud Computing, Security (CCSW’11) (2011)
  5. Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: Co-Residency Detection in the Cloud via Side-Channel Analysis. In: Proceedings of 2011 IEEE Symposium on Security and Privacy, Berkeley (2011)
  6. Keller, E., Szefer, J., Rexford, J., Lee, R.B.: Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of ACM Conference on Computer and Communications, Security (CCS’11) (2011)
  7. Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: Proceedings of 2009 ACM Workshop on Cloud Computing Security, CCSW ’09, Chicago (2009)
  8. Bier, V. M., & Azaiez, M. N. (Eds.). (2008). Game theoretic risk analysis of security threats (Vol. 128). Springer Science & Business Media.
  9. Han, Y., Chan, J., Alpcan, T., & Leckie, C. (2014, June). Virtual machine allocation policies against co-resident attacks in cloud computing. In 2014 IEEE International Conference on Communications (ICC) (pp. 786-792). IEEE.
  10. Han, Y., Alpcan, T., Chan, J., Leckie, C., & Rubinstein, B. I. (2016). A game theoretical approach to defend against co-resident attacks in cloud computing: Preventing co-residence using semi-supervised learning. IEEE Transactions on Information Forensics and Security11(3), 556-570.
  11. Yinqian Zhang, Ari Juels, Alina Oprea (2011) “Home Alone: Co-Residency Detection in the Cloud via Side-Channel Analysis” 2011 IEEE Symposium on Security and Privacy.
  12. Adam Bates, Benjamin Mood, Joe Pletcher, Hannah Pruse, Masoud Valafar (2010) “Detecting Co-Residency with Active Traffic Analysis Techniques”.
  13. Han Y, Tansu Alpcan, Jeffrey Chan, Christopher Leckie, (2011) “Security Games for Virtual Machine Allocation in Cloud Computing”.
  14. Yu, S.: Distributed Denial of Service Attack and Defense. Springer, 2014.
  15. Lenon, M.: Cloudare infrastructure hit with 400gbs ntp-based ddos attack, 2014. http://www.securityweek.com/cloudflare-infrastructure-hit-400gbs-ntp-based-ddos-attack
  16. Kumar, N., Sharma, S.: Study of intrusion detection system for ddos attacks in cloud computing. In: Wireless and Optical Communications Networks (WOCN), 2013 Tenth International Conference on, pp. 1{5. IEEE, 2013.
  17. Ismail, M.N., Aborujilah, A., Musa, S., Shahzad, A.: Detecting ooding based dos attack in cloud computing environment using covariance matrix approach. In: Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, p. 36. ACM, 2013.
  18. Liu, H.: A new form of dos attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 65{76. ACM, 2010.
  19. Bedi, H.S., Shiva, S.: Securing cloud infrastructure against co-resident dos attacks using game theoretic defense mechanisms. In: Proceedings of the International Conference on Advances in Computing, Communications and Informatics, pp. 463{469. ACM, 2012.
  20. Zunnurhain, K.: Fapa: a model to prevent ooding attacks in clouds. In: Proceedings of the 50th Annual Southeast Regional Conference, pp. 395{396. ACM, 2012.
  21. M. Ester, H.-P. Kriegel, J. Sander, and X. Xu, “A density-based algorithm for discovering clusters in large spatial databases with noise,” in Proc. 2nd Int. Conf. Knowl. Discovery Data Mining (KDD), 1996, pp. 226–231.
  22. Phung, D., Adams, B., Tran, K., Venkatesh, S. and Kumar, M. (2009) High Accuracy Context Recovery using Clustering Mechanisms, In proceedings of the seventh international conference on Pervasive Computing and Communications, PerCom Galveston, USA, Pp. 122-130
  23. Chapelle, O., Sindhwani, V., & Keerthi, S. S. (2006). Branch and bound for semi-supervised support vector machines. In Advances in neural information processing systems (pp. 217-224).
  24. Y. Azar, S. Kamara, I. Menache, M. Raykova, and B. Shepard, “Co-location-resistant clouds,” in Proc. 6th ACM Workshop Cloud Comput. Secur., 2014, pp. 9–20.

Publication Details

Published in : Volume 2 | Issue 4 | July-August 2017
Date of Publication : 2017-08-31
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 757-767
Manuscript Number : CSEIT1724181
Publisher : Technoscience Academy

ISSN : 2456-3307

Cite This Article :

Rethishkumar S, Dr. R. Vijayakumar, "Two-Player Security Game Approach Based Co-Resident Dos Attack Defence Mechanism for Cloud Computing", International Journal of Scientific Research in Computer Science, Engineering and Information Technology (IJSRCSEIT), ISSN : 2456-3307, Volume 2, Issue 4, pp.757-767 , July-August-2017. |          | BibTeX | RIS | CSV

Article Preview