Entropy-Based Economic Denial of Sustainability Detection
- An in-depth review of the EDoS threats and the efforts made by the research community for their detection, mitigation and identification of sources.
- A multi-layered architecture for EDoS attack detection, which describes the management of the acquired information from its monitoring to the notification of possible threats.
- A novel entropy-based EDoS detection approach, which assuming its original definition, allows to discover unexpected behavior on local-level metrics related with the auto-scaling capabilities of the victim system.
- An evaluation methodology adapted to the singularities of the EDoS threats and the assumptions driven by their original definition.
- Comprehensive experimental studies that validate the proposed detection strategy, in this way motivating its adaptation to future use cases.
2.1. Economic Denial of Sustainability Attacks
3. EDoS Attack Detection
- As remarked by Hoff in the original definition of EDoS attacks , they pose threats that do not aim on deny the service of the victim systems, but increase the economic cost of the services they offer to make them unsustainable.
- Hereinafter, Chris clarified that at network-level, EDoS threats resemble activities performed by legitimate users . This implies that the distribution of the different network metrics (number of request, number of sessions, frequency, bandwidth computation, etc.) does not vary significantly when these attacks are launched. This is because in order to ensure their effectiveness, they must go unnoticed.
- It is possible to identify EDoS attacks by analyzing performance metrics at local-level. Given that at network-level there are no differences between EDoS and normal traffic, the requests performed by these threats must involve a greater operational cost.
- Requests performed by EDoS attacks have a similar quality to those from legitimate users (for example, a similar success rate). However, attackers may exploit vulnerabilities (usually at Application layer) to extend their impact .
- DDoS attacks usually originate from a large number of clients, where each of them performs a huge number of low-quality requests. On the other hand, EDoS attacks also come from many sources, but each client performs an amount of request similar to that of legitimate users. Unlike in flash crowds, EDoS attacks affect the predictability of the performance metrics related to the costs resulting from attending the requests served by the victim .
3.1. Monitoring and Aggregation
3.2. Novelty Detection
3.2.1. Detection Criteria
3.2.3. Adaptive Thresholding
3.3. Decision-Making and Response
4.1. Execution Environment
4.2. Server-Side Components
4.2.1. RESTful Web Service
4.2.2. HTTP Usage Monitor
4.2.3. Entropy Modeler
4.3. Client-Side Component
4.4. Test Scenarios
Conflicts of Interest
- European Union Agency for Network and Information Security (ENISA) Threat Landscape Report 2016. Available online: https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2016 (accessed on 28 November 2017).
- Kolias, C.; Kambourakis, G.; Stavrou, A.; Voas, J. DDoS in the ioT: Mirai and other botnets. Computer 2017, 50, 80–84. [Google Scholar] [CrossRef]
- European Comission Cybersecurity Stratregy. 2017. Available online: https://ec.europa.eu/digital-single-market/en/policies/cybersecurity (accessed on 28 November 2017).
- US National Cyber Incident Response Plan (NCIRP). 2017. Available online: https://www.us-cert.gov/ncirp (accessed on 28 November 2017).
- European Police (Europol). The Internet Organised Crime Threat Assessment (IOCTA). 2017. Available online: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2017 (accessed on 28 November 2017).
- Wei, W.; Chen, F.; Xia, Y.; Jin, G. A rank correlation based detection against distributed reflection DoS attacks. IEEE Commun. Lett. 2013, 17, 173–175. [Google Scholar] [CrossRef]
- Zargar, S.T.; Joshi, J.; Tipper, D. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 2013, 15, 2046–2069. [Google Scholar] [CrossRef][Green Version]
- Baig, Z.A.; Sait, S.M.; Binbeshr, F. Controlled access to cloud resources for mitigating Economic Denial of Sustainability (EDoS) attacks. Comput. Netw. 2016, 97, 31–47. [Google Scholar] [CrossRef]
- Chris, H. Cloud Computing Security: From DDoS (Distributed Denial Of Service) to EDoS (Economic Denial of Sustainability). 2008. Available online: http://rationalsecurity.typepad.com/blog/2008/11/cloud-computing-security-from-ddos-distributed-denial-of-service-to-edos-economic-denial-of-sustaina.html (accessed on 28 November 2017).
- Chris, H. A Couple of Follow-Ups on the EDoS (Economic Denial of Sustainability) Concept … 2009. Available online: http://rationalsecurity.typepad.com/blog/edos/ (accessed on 28 November 2017).
- Reuven, C. Cloud Attack: Economic Denial of Sustainability (EDoS). Available online: http://www.elasticvapor.com/2009/01/cloud-attack-economic-denial-of.html (accessed on 28 November 2017).
- Singh, P.; Manickam, S.; Rehman, S.U. A survey of mitigation techniques against Economic Denial of Sustainability (EDoS) attack on cloud computing architecture. In Proceedings of the IEEE 3rd International Conference on Reliability, Infocom Technologies and Optimization (ICRITO), Noida, India, 8–10 October 2014; pp. 1–4. [Google Scholar]
- Bremler-Barr, A.; Brosh, E.; Sides, M. DDoS attack on cloud auto-scaling mechanisms. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM 2017), Atlanta, GA, USA, 1–4 May 2017; pp. 1–9. [Google Scholar]
- Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M. DDoS attacks in cloud computing: Collateral damage to non-targets. Comput. Netw. 2016, 109, 157–171. [Google Scholar] [CrossRef]
- Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M.; Buyya, R. DDoS attacks in cloud computing: Issues, taxonomy, and future directions. Comput. Commun. 2017, 107, 30–48. [Google Scholar] [CrossRef]
- Bhingarkar, A.S.; Shah, B.D. A survey: Securing cloud infrastructure against edos attack. In Proceedings of the International Conference on Grid Computing and Applications (GCA), Athens, Greece, 27–30 July 2015; pp. 16–22. [Google Scholar]
- Vivinsandar, S.; Shenai, S. Economic Denial of Sustainability (EDoS) in Cloud Services Using HTTP and XML Based DDoS Attacks. Int. J. Comput. Appl. 2012, 41, 11–16. [Google Scholar] [CrossRef]
- Zhou, W.; Jia, W.; Wen, S.; Xiang, Y.; Zhou, W. Detection and defense of application-layer DDoS attacks in backbone web traffic. Future Gener. Comput. Syst. 2014, 38, 36–46. [Google Scholar] [CrossRef]
- Singh, K.; Dee, T. MLP-GA based algorithm to detect application layer DDoS attack. J. Inf. Secur. Appl. 2017, 36, 145–153. [Google Scholar] [CrossRef]
- Singh, K.; Singh, P.; Kumar, K. Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges. Comput. Secur. 2017, 65, 344–372. [Google Scholar] [CrossRef]
- Singh, A.; Chatterjee, K. Cloud security issues and challenges: A survey. J. Netw. Comput. Appl. 2017, 79, 88–115. [Google Scholar] [CrossRef]
- Berezinski, P.; Jasiul, B.; Szpyrka, M. An entropy-based network anomaly detection method. Entropy. 2015, 17, 2367–2408. [Google Scholar] [CrossRef]
- Bawa, P.S.; Manickam, S. Critical Review of Economical Denial of Sustainability (EDoS) Mitigation Techniques. J. Comput. Sci. 2015, 11, 855–862. [Google Scholar] [CrossRef]
- Idziorek, J.; Tannian, M.; Jacobson, D. Attribution of fraudulent resource consumption in the cloud. In Proceedings of the IEEE 5th International Conference on Cloud Computing, Honolulu, HI, USA, 24–29 June 2012; pp. 99–106. [Google Scholar]
- Koduru, A.; Neelakantam, T.; Bhanu, S.M.S. Detection of Economic Denial of Sustainability Using Time Spent on a Web Page in Cloud. In Proceedings of the IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), Bangalore, India, 16–18 October 2013; pp. 1–4. [Google Scholar]
- Al-Haidari, F.; Sqalli, M.H.; Salah, K. Enhanced EDoS-Shield for Mitigating EDoS Attacks Originating from Spoofed IP Addresses. In Proceedings of the IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, UK, 25–27 June 2012; pp. 1167–1174. [Google Scholar]
- Singh, K.J.; Thongam, K.; De, T. Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks. Entropy 2016, 18, 350. [Google Scholar] [CrossRef]
- Idziorek, J.; Tannian, M. Exploiting Cloud Utility Models for Profit and Ruin. In Proceedings of the IEEE International Conference on Cloud Computing (CLOUD), Washington, DC, USA, 4–9 July 2011; pp. 33–40. [Google Scholar]
- Yu, S.; Tian, Y.; Guo, S.; Wu, D.O. Can We Beat DDoS Attacks in Clouds? IEEE Trans. Parallel Distrib. Syst. 2014, 25, 2245–2254. [Google Scholar] [CrossRef]
- Masood, M.; Anwar, Z.; Raza, S.A.; Hur, M.A. EDoS armor: A cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In Proceedings of the IEEE 16th International Multi Topic Conference (INMIC), Lahore, Pakistan, 19–20 December 2013; pp. 37–42. [Google Scholar]
- Khor, H.; Nakao, A. Spow: On-demand cloud-based eDDoS mitigation mechanism. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks (DSN), Lisbon, Portugal, 29 June–2 July 2009. [Google Scholar]
- Kumar, M.N.; Sujatha, P.; Kalva, V.; Nagori, R.; Katukojwala, A.K.; Kumar, M. Mitigating Economic Denial of Sustainability (EDoS) in Cloud Computing Using In-Cloud Scrubber Service. In Proceedings of the IEEE 4th International Conference on Computational Intelligence and Communication Networks (CICN), Mathura, India, 3–5 November 2012; pp. 535–539. [Google Scholar]
- Alosaimi, W.; Al-Begain, K. A new method to mitigate the impacts of the economical denial of sustainability attacks against the cloud. In Proceedings of the 14th Annual Post Graduates Symposium on the convergence of Telecommunication, Networking and Broadcasting (PGNet), Liverpool, UK, 24–25 June 2013; pp. 116–121. [Google Scholar]
- Liu, J.K.; Au, M.H.; Huang, X.; Lu, R.; Li, J. Fine-Grained Two-Factor Access Control for Web-Based Cloud Computing Services. IEEE Trans. Inf. Forensics Secur. 2016, 11, 484–497. [Google Scholar] [CrossRef]
- Yan, Q.; Yu, F.R.; Gong, Q.; Li, J. Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges. IEEE Commun. Surv. Tutor. 2016, 18, 602–622. [Google Scholar] [CrossRef]
- Alenezi, N.M.; Reed, M.J. Uniform DoS traceback. Comput. Secur. 2014, 45, 17–26. [Google Scholar] [CrossRef]
- Yao, G.; Bi, J.; Vasilakos, A.V. Passive IP traceback: Disclosing the locations of IP spoofers from path backscatter. IEEE Trans. Inf. Forensics Secur. 2015, 10, 471–484. [Google Scholar] [CrossRef]
- Jeong, E.; Lee, B. An IP traceback protocol using a compressed hash table, a sinkhole router and data mining based on network forensics against network attacks. Futur. Gener. Comput. Syst. 2014, 33, 42–52. [Google Scholar] [CrossRef]
- Wang, K.; Du, M.; Maharjan, S.; Sun, Y. Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid. IEEE Trans. Smart Grid, 2017, 8, 2474–2482. [Google Scholar] [CrossRef]
- Al-Salah, T.; Hong, L.; Shetty, S. Attack Surface Expansion Using Decoys to Protect Virtualized Infrastructure. In Proceedings of the 2017 IEEE International Conference on Edge Computing (EDGE), Honolulu, HI, USA, 25–30 June 2017; pp. 216–219. [Google Scholar]
- Shannon, C.E. A mathematical theory of communication. Bell Syst. Tech. J. 1948, 27, 379–656. [Google Scholar] [CrossRef]
- Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K. An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 2015, 51, 1–7. [Google Scholar] [CrossRef]
- Pimentel, M.A.F.; Clifton, D.A.; Clifton, L.; Tarassenko, L. A review on novelty detection. Signal Process. 2014, 99, 215–249. [Google Scholar] [CrossRef]
- Hillmer, S.C.; Tiao, G.C. An ARIMA-Model-Based Approach to Seasonal Adjustment. J. Am. Stat. Assoc. 1980, 77, 63–70. [Google Scholar] [CrossRef]
- Ong, C.S.; Huang, J.J.; Tzeng, G.H. Model identification of ARIMA family using genetic algorithms. Appl. Math. Comput. 2005, 164, 885–912. [Google Scholar] [CrossRef]
- Hyndman, R.J.; Koehler, A.B.; Ord, J.K.; Snyder, R.D. Prediction intervals for exponential smoothing state space models. J. Forecast. 2005, 24, 17–37. [Google Scholar] [CrossRef]
- Chandola, V.; Banerjee, A.; Kumar, V. Anomaly Detection : A Survey. ACM Comput. Surv. 2009, 41. [Google Scholar] [CrossRef]
- Open Source Sotware for Creating Private and Public Clouds. Available online: https://www.openstack.org (accessed on 28 November 2017).
- Kang, S.; Lee, K. Auto-scaling of Geo-based image processing in an OpenStack cloud computing environment. Remote Sens. 2016, 8, 662. [Google Scholar] [CrossRef]
- Krieger, M.T.; Torreno, O.; Trelles, O.; Kranzlmuller, D. Building an open source cloud environment with auto-scaling resources for executing bioinformatics and biomedical workflows. Futur. Gener. Comput. Syst. 2017, 67, 329–340. [Google Scholar] [CrossRef]
- Flask-A Python Microframework. Available online: http://flask.pocoo.org (accessed on 28 November 2017).
- Schnase, J.L.; Duffy, D.Q.; Tamkin, G.S.; Nadeau, D.; Thompson, J.H.; Grieg, C.M.; Mclnerney, M.A.; Webster, W.P. MERRA analytic services: Meeting the big data challenges of climate science through cloud-enabled climate analytics-as-a-service. Comput. Environ. Urban Syst. 2017, 61, 198–211. [Google Scholar] [CrossRef]
- Fielding, R.T.; Taylor, R.N.; Erenkrantz, J.R.; Gorlick, M.M.; Whitehead, J.; Khare, R.; Oreizy, P. Reflections on the REST architectural style and principled design of the modern web architecture (impact paper award). In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering, Paderborn, Germany, 4–8 September 2017; pp. 4–14. [Google Scholar]
- Barakat, C.; Thiran, P.; Iannaccone, G.; Diot, C.; Owezarski, P. Modeling Internet backbone traffic at the flow level. IEEE Trans. Signal Process. 2003, 51, 2111–2124. [Google Scholar] [CrossRef]
|URI||Parameters||Average CPU Time in Second (1000 exec.)|
|Web clients (C)||500|
|Expected requests per second (ERS)||60|
|Total web requests (TR)||10,000|
|Malicious Triggering Request (MTR)||5000|
|Malicious Request Rate (MRR)||1%||5%||10%||15%||20%|
|Attacker Clients (AC)||5||25||50||75||100|
|Total number of malicious requests||150||250||500||750||1000|
© 2017 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Monge, M.A.S.; Vidal, J.M.; Villalba, L.J.G. Entropy-Based Economic Denial of Sustainability Detection. Entropy 2017, 19, 649. https://doi.org/10.3390/e19120649
Monge MAS, Vidal JM, Villalba LJG. Entropy-Based Economic Denial of Sustainability Detection. Entropy. 2017; 19(12):649. https://doi.org/10.3390/e19120649Chicago/Turabian Style
Monge, Marco Antonio Sotelo, Jorge Maestre Vidal, and Luis Javier García Villalba. 2017. "Entropy-Based Economic Denial of Sustainability Detection" Entropy 19, no. 12: 649. https://doi.org/10.3390/e19120649