Documente Academic
Documente Profesional
Documente Cultură
Around the world hundreds of millions of computing devices are connected to form a new virtual world Internet. The World of internet relies on the interconnectivity between the computing devices; this interconnectivity if on the one side is blessing but on the other side is hot target for the malicious users attempt to exhaust resources and launch attacks against them.
In a DoS attack, a malicious attempt takes place to prevent the legitimate users from accessing information and services from the victim, sites, or nodes. The Dos attacks are derived from a single host of the network. On the other hand, it is also feasible that a lot of malicious hosts organize in way that the attack takes place simultaneously from multiple points. This type of attack is called a Distributed DoS, or DDoS attack.
sometimes thousands of -- compromised systems. With a single command, the zombie instructs the controlled machines to launch attacks against a specified target to causes a denial of service. In October 2010, a massive DDoS attack took the entire country of Myanmar offline.[2] In February 15th 2012, Stock exchange operators Nasdaq and BATS saw their Web sites attacked for over 24 hours on Tuesday, blocking access to sites although trading was not affected, report said. Security watcher noted such denial-of-service (DoS) attacks "impossible" to prevent, though.[3] Liau Yun Qing, ZDNet Asia on February 15th, 2012 (February 15th, 2012) Facebook, Twitter,Yahoo, Buy.com, RIAA and the United States Copyright Office are among the victims of DDoS attacks. The largest DDoS attacks have now grown to 40 gigabit barrier this year and may reach to 100 gigabitssoon. So if someone threatens to bring down the cloud system with DDoS attack cloud may become worrisome. Preventing zombies from attacking the cloud infrastructure is the only realisticthing the staff, management and planners can predict.
Interface (API) (b)Unknown risk profile (Heartland Data Breach) (c)Integrity, Confidentiality and Availability (3) IaaS vulnerability (a) Data leakage in Virtual Machine (b) Shared technology issues (c)Integrity, Confidentiality and Availability So among all these different vulnerabilities Availability affects all three layers and more harmful.
Since cloud computing security follows the idea of cloud computing, there are two main areas that security experts look at security in a cloud system: These are VM (Virtual Machine) vulnerabilities and message Availability between cloud systems. Intrusion detection system (IDS) is a practical solution to resist these kinds of attacks. However, if IDS is deployed in each cloud computing region, but without any cooperation and communication, IDS may easily suffers from single point of failure attack. Obviously, the abilities of intrusion detection and response are decreased significantly. Thus, the cloud environment could not support services continually. Intrusion detection technique has become an extremely feature of the system defense. Intrusion detection system sets off alerts about detected intrusions so that a system administrator or the system itself may take appropriate action. In general, IDS collects network traffics, analyzes these traffics, and makes response or alerts the network to the manager if there is an intrusion taking place. Thus, the aim of the IDS is to alert or notify the system that some malicious activities have taken place and try to eliminate it. According to the method of the collection of intrusion data, all the intrusion detection systems can be classified into two types: host-based and network-based IDSs. Host-based intrusion detection systems (HIDSs) analyze audit data collected by an operating system about the actions performed by users and applications; while network-based intrusion detection systems (NIDSs) analyze data collected from network packets. IDSs analyze one or more events gotten from the collected data. According to analysis techniques, IDS system is classified into two different parts: misuse detection and anomaly detection. Misuse detection systems use signature patterns of exited well-known attacks of the system to match and identify known intrusions. Misuse detection techniques, in general, are not effective against the latest attacks that have no matched rules or pattern yet. Anomaly detection systems identify those activities which deviate significantly from the established
normal behaviors as anomalies. These anomalies are most likely regarded as intrusions. Anomaly detection techniques can be effective against unknown or the latest attacks. However, anomaly detection systems tend to generate more false alarms than misuse detection systems because an anomaly may be a new normal behavior or an ordinary activity. While IDS detects an intrusion attempt, IDS should report to the system administrator. There are three ways to report the detection results [3]: notification, manual response, and automatic response. In notification response system, IDS only generates reports and alerts. In manual response system, IDS provides additional capability for the system administrator to initiate a manual response. In automatic response system, IDS immediately respond to an intrusion through auto response system.
References
[1] Gary C. Kessler, Defenses against distributed denial of service attacks, http://www.garykessler.net/library/ddos.html, November 2000. [2]http://searchsecurity.techtarget.com/definition/distributed-denial-of-service-attack(This was last