Iterative Dichotomiser Posteriori Method Based Service Attack Detection in Cloud Computing

Cloud computing (CC) is an advanced technology that provides access to predictive resources and data sharing. The cloud environment represents the right type regarding cloud usage model ownership, size, and rights to access. It introduces the scope and nature of cloud computing. In recent times, all processes are fed into the system for which consumer data and cache size are required. One of the most security issues in the cloud environment is Distributed Denial of Service (DDoS) attacks, responsible for cloud server overloading. This proposed system ID3 (Iterative Dichotomiser 3) Maximum Multifactor Dimensionality Posteriori Method (ID3-MMDP) is used to overcome the drawback and a relatively simple way to execute and for the detection of (DDoS) attack. First, the proposed ID3-MMDP method calls for the resources of the cloud platform and then implements the attack detection technology based on information entropy to detect DDoS attacks. Since because the entropy value can show the discrete or aggregated characteristics of the current data set, it can be used for the detection of abnormal data flow, User-uploaded data, ID3-MMDP system checks and read risk measurement and processing, bug rating file size changes, or file name changes and changes in the format design of the data size entropy value. Unique properties can be used whenever the program approaches any data error to detect abnormal data services. Finally, the experiment also verifies the DDoS attack detection capability algorithm.     

基于轮换策略的异构云资源分配算法

云计算以其按需索取、按需付费、无需预先投资的优势给用户带来极大的便利,然而静态、单一的云计算环境容易成为网络攻击的目标,给用户带来较大的安全风险。动态的虚拟机部署策略和异构的云基础设施在提升云计算环境安全性的同时会降低资源利用率。提出一种针对虚拟机轮换时的资源分配算法,将不同类型的资源抽象成维度不同的向量,并通过求解装箱问题实现资源分配中的负载平衡,同时为每个虚拟机设定驻留时间,对当前服务器的负载状态进行轮换以提升虚拟机的安全性。实验结果表明,资源动态分配算法在提高虚拟机安全性能的同时,能够减小轮换带来的负载波动。     

基于云的计算机取证系统研究

云计算是目前最流行的互联网计算模式,它具有弹性计算、资源虚拟化、按需服务等特点。在云计算的环境中,云计算中心直接提供由基础设施、平台、应用等组成的各种服务,用户不再拥有自己的基础设施、软件和数据,而是共享整个云基础架构。这种方式直接影响了云计算环境的安全性和可用性,给云计算带来了巨大的隐患。在分析和研究云计算环境下的安全缺陷和安全威胁的前提下,提出了一种基于云的计算机取证系统的设计方案———利用计算机取证技术解决云计算环境的安全问题,同时利用云计算技术和超算技术满足传统取证对高性能计算的需求。     

Secure multi-server-aided data deduplication in cloud computing

Cloud computing enables on-demand and ubiquitous access to a centralized pool of configurable resources such as networks, applications, and services. This makes that huge of enterprises and individual users outsource their data into the cloud server. As a result, the data volume in the cloud server is growing extremely fast. How to efficiently manage the ever-increasing datum is a new security challenge in cloud computing. Recently, secure deduplication techniques have attracted considerable interests in the both academic and industrial communities. It can not only provide the optimal usage of the storage and network bandwidth resources of cloud storage providers, but also reduce the storage cost of users. Although convergent encryption has been extensively adopted for secure deduplication, it inevitably suffers from the off-line brute-force dictionary attacks since the message usually can be predictable in practice. In order to address the above weakness, the notion of DupLESS was proposed in which the user can generate the convergent key with the help of a key server. We argue that the DupLESS does not work when the key server is corrupted by the cloud server. In this paper, we propose a new multi-server-aided deduplication scheme based on the threshold blind signature, which can effectively resist the collusion attack between the cloud server and multiple key servers. Furthermore, we prove that our construction can achieve the desired security properties.     

Eucalyptus 开源框架下云平台的构建与性能分析

基于Eucalyptus开源框架的云计算平台能够为用户提供硬件资源按需分配的服务。对云平台系统架构、网络及资源管理的解决方案进行了论述,并构筑了相应的云服务环境。通过对云环境下虚拟机实例与普通PC机在CPU、Memory、Disk I/O等性能的比较,验证了所构建云计算平台的可用性和可扩展性。     

一种防御DDoS攻击的软件定义安全网络机制

软件定义网络的出现为防御DDoS攻击提供了新的思路.首先,从网络体系结构角度建模分析了DDoS攻击所需的3个必要条件：连通性、隐蔽性与攻击性;然后,从破坏或限制这些必要条件的角度出发,提出了一种能够对抗DDoS攻击的软件定义安全网络机制SDSNM（software defined security networking mechanism）.该机制主要在边缘SDN网络实现,同时继承了核心IP网络体系架构,具有增量部署特性.利用云计算与Chord技术设计实现了原型系统,基于原型系统的测量结果表明,SDSNM具有很好的扩展性和可用性.     

云基础设施安全性研究综述

云计算是当今全球关注的热点,有可能引起信息技术新的变革,但同时也带来了新的安全问题。从云计算环境最基础的层次入手,对云基础设施的安全性进行研究,考察云基础设施安全性的研究状况,从全局角度分析云基础设施存在的安全问题,结合云基础设施的安全服务技术框架讨论云基础设施安全性的主要关键技术,旨在为云基础设施乃至整个云计算环境的安全问题的解决建立良好的基础。     

创建软件定义网络中的进程级纵深防御体系结构

云计算因其资源的弹性和可拓展性,在为用户提供各项服务时,相对于传统方式占据了先机。在用户考虑是否转向云计算时,一个极其重要的安全风险是：攻击者可以通过共享的云资源对云用户发起针对虚拟机的高效攻击。虚拟机作为云服务的基本资源,攻击者在攻击或者租用了某虚拟机之后,通过在其中部署恶意软件,并针对云内其他虚拟机发起更大范围的攻击行为,如分布式拒绝服务型攻击。为防止此种情况的发生,提出基于软件定义网络的纵深防御系统,以及时检测可疑虚拟机并控制其发出的流量,抑制来自该虚拟机的攻击行为并减轻因攻击所受到的影响。该系统以完全无代理的非侵入方式检测虚拟机状态,且基于软件定义网络,对同主机内虚拟机间或云主机间的网络流量进行进程级的监控。实验结果表明了该系统的有效性。     

Safeguarding Cloud Computing Infrastructure: A Security Analysis

Cloud computing is the provision of hosted resources, comprising software, hardware and processing over the World Wide Web. The advantages of rapid deployment, versatility, low expenses and scalability have led to the widespread use of cloud computing across organizations of all sizes, mostly as a component of the combination/multi-cloud infrastructure structure. While cloud storage offers significant benefits as well as cost-effective alternatives for IT management and expansion, new opportunities and challenges in the context of security vulnerabilities are emerging in this domain. Cloud security, also recognized as cloud computing security, refers to a collection of policies, regulations, systematic processes that function together to secure cloud infrastructure systems. These security procedures are designed to safeguard cloud data, to facilitate regulatory enforcement and to preserve the confidentiality of consumers, as well as to lay down encryption rules for specific devices and applications. This study presents an overview of the innovative cloud computing and security challenges that exist at different levels of cloud infrastructure. In this league, the present research work would be a significant contribution in reducing the security attacks on cloud computing so as to provide sustainable and secure services.     

云计算环境下的网络安全技术

云计算机具有强大的数据处理功能,能够满足安全高效信息服务及高吞吐率信息服务等多种应用需求,且可以根据需要对存储能力与计算能力进行扩展。但在网络环境下云计算机同样面临许多网络安全问题,因此本文对云计算机环境下常见的网络安全问题进行了探讨,包括拒绝服务安全攻击、中间人安全攻击、SQL注入安全攻击、跨站脚本安全攻击及网络嗅探;同时分析了云计算机环境下的网络安全技术,包括用户端安全技术,服务器端安全技术,用户端与云端互动时的安全技术。     

基于Spark平台的网络攻击检测系统

随着计算机技术和通信技术的飞速发展,网络安全形势也越来越严峻,如何在海量日志中发现安全攻击是个值得研究的问题,传统的日志分析方法效率低,难以发现一些高级的网络安全威胁。针对该问题,提出了基于分布式存储和Spark框架的网络日志分析系统架构,不仅有效利用了云环境中的计算存储资源,同时还大大提高了计算效率。     

Fitness rate-based rider optimization enabled for optimal task scheduling in cloud

ABSTRACT

Not long ago, there has been a dramatic augment in the attractiveness of cloud computing systems that depends computing resources on-demand, bill on a pay-as-you-go basis, and multiplex many users on the same physical infrastructure. It is considered as an essential pool of resources, which are offered to users through Internet. Without troubling the fundamental infrastructure, pay-per-use computing resources are provided to the users by the cloud computing technology. Scheduling is a significant dilemma in cloud computing as a cloud provider has to serve multiple users in cloud environment. This proposal plans to implement an optimal task scheduling model in cloud sector as a challenge over the existing technologies. The proposed model solves the task scheduling problem using an improved meta-heuristic algorithm called Fitness Rate-based Rider Optimization Algorithm (FR-ROA), which is the advanced form of conventional Rider Optimization Algorithm (ROA). The objective constraints considered for optimal task scheduling are the maximum makespan or completion time, and the sum of the completion times of entire tasks. Since the proposed FR-ROA has attained the advantageous part of reaching the convergence in a small duration, the proposed model will outperform the other conventional algorithms for accomplishing the optimal task scheduling in cloud environment.     

Extensive Study of Cloud Computing Technologies,Threats and Solutions Prospective

Infrastructure as a Service (IaaS) provides logical separation between data, network, applications and machines from the physical constrains of real machines. IaaS is one of the basis of cloud virtualization. Recently, security issues are also gradually emerging with virtualization of cloud computing. Different security aspects of cloud virtualization will be explored in this research paper, security recognizing potential threats or attacks that exploit these vulnerabilities, and what security measures are used to alleviate such threats. In addition, a discussion of general security requirements and the existing security schemes is also provided. As shown in this paper, different components of virtualization environment are targets to various attacks that in turn leads to security issues compromising the whole cloud infrastructure. In this paper an overview of various cloud security aspects is also provided. Different attack scenarios of virtualization environments and security solutions to cater these attacks have been discussed in the paper. We then proceed to discuss API security concerns, data security, hijacking of user account and other security concerns. The aforementioned discussions can be used in the future to propose assessment criteria, which could be useful in analyzing the efficiency of security solutions of virtualization environment in the face of various virtual environment attacks.     

Multi-tenant intrusion detection system for public cloud (MTIDS)

Cloud computing is an innovative paradigm technology that is known for its versatility. It provides many creative services as requested, and it is both cost efficient and reliable. More specifically, cloud computing provides an opportunity for tenants to reduce cost and raise effectiveness by offering an alternative method of service utilization. Although these services are easily provided to tenants on demand with minor infrastructure investment, they are significantly exposed to intrusion attempts since the services are offered under the administration of diverse supervision over the Internet. Moreover, the security mechanisms offered by cloud providers do not take into consideration the variation of tenants’ needs as they provide the same security mechanism for all tenants. So, meeting tenants’ security requirements are still a major challenge for cloud providers. In this paper, we concentrate on the security service offered to cloud tenants and service providers and their infrastructure to restrain intruders. We intend to provide a flexible, on-demand, scalable, and pay-as-you-go multi-tenant intrusion detection system as a service that targets the security of the public cloud. Further, it is designed to deliver appropriate and optimized security taking into consideration the tenants’ needs in terms of security service requirements and budget.     

DoS-DDoS: TAXONOMIES OF ATTACKS,COUNTERMEASURES, AND WELL-KNOWN DEFENSE MECHANISMS IN CLOUD ENVIRONMENT

Cloud computing has become a suitable provider of services for organizations as well as individuals through the Internet. Generally, these services become unavailable because of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks that can deny the legitimate users access to the service delivered by cloud. Taxonomy is an important opportunity for researchers and cloud service providers. Therefore, it provides researchers with a general view about some contributions to understand and ameliorate their limitations and helps cloud service providers to select the best defense strategy to protect their cloud service against DoS and DDoS attacks. In this article, we present taxonomies of DoS and DDoS attacks in cloud environment, countermeasures, and highlight their solutions with another taxonomy of well-known defense mechanisms.     

边缘计算环境下基于深度学习的DDos检测

边缘计算作为一种用于降低中心节点计算压力,更靠近终端设备和数据源头的新计算范式,满足了计算业务下沉的需求,也带来了安全问题;其中,对边缘计算安全威胁最大、造成过巨大经济损失和安全事故的当属分布式拒绝服务攻击（DDos）;边缘计算环境下由于算力受限、存储空间有限等原因,传统的防御手段难以应用;因此,提出了一种适用于边缘计算环境下的基于深度学习的轻量级DDos检测框架;采用CIC-DDos-2019数据集来模拟边缘计算环境下的遭受DDos攻击的网络流量,针对数据集进行了适应性强的预处理技术和相似性标签融合,运用SMOTE算法解决了数据集类别不平衡问题,采用一维卷积技术和BiLSTM技术搭建了模型并进行了模型剪枝,构建了一个轻量级模型。结果表明,其针对DDos攻击类别的八分类实验准确率达到了96.8%,二分类实验准确率达到了99.8%。     

基于盲签名的云共享数据完整性审计方案

云端共享数据完整性审计用来验证一个用户群组共享在云端的数据的完整性。传统方式下,成员用户需要为每一个数据块生成认证器,再将数据块和对应的认证器上传到云服务器中保存。然而用户的计算资源有限且计算能力不高,由用户产生数据块认证器需要消耗用户很大的计算开销。为了节省用户的计算资源,提高认证器生成的效率,提出基于盲签名算法的云共享数据完整性审计方案。用户先对数据块进行盲化再发送到认证器生成中心生成相应的认证器,此外,方案中对第三方审计者TPA进行审计授权,有效地避免了攻击者对于云服务器的DDoS攻击。安全性分析和实验结果表明该方案是安全、高效的。     

Cloud Computing: An Examination of Factors Impacting Users’ Adoption

With a rapid growth in technology, cloud computing has become increasingly popular among individual users and businesses around the world. This computing technology continues to attract attention in both academic and business settings. The popularity of cloud computing is due to its ability to provide faster on-demand infrastructure, self-service, and independent ability to contribute to, and access, resources. Despite many potential benefits of cloud computing usage, there are certain aspects that have prohibited some consumers to accept this technology and remain reserved toward its adoption. There are some crucial factors to consider before cloud computing can be accepted entirely by the individual, larger business, or academic groups. This study thus aims at investigating how cloud computing is perceived by potential users and which factors have a tendency to encourage or discourage them to adopt cloud computing.     

剖析DDoS攻击对抗技术

由于目前Internet的体系结构、认证机制的缺乏等多方面原因使得DDoS攻击很容易发生,而且僵尸网络的快速发展也为DDoS攻击提供了强大的工具。DDoS(Distributed Denial of Service)攻击一直是网络安全的主要威胁之一,如何对抗DDoS攻击成为网络安全研究的热点之一。在对DDoS攻击模型、产生原因进行分析的基础上,从攻击预防、攻击检测、攻击响应和攻击源追踪四个方面对现有的DDoS攻击对抗技术进行综述,并提出了值得研究的方向建议。     

云计算环境安全综述

伴随云计算技术的飞速发展,其所面临的安全问题日益凸显,在工业界和学术界引起了广泛的关注.传统的云基础架构中存在较高安全风险,攻击者对虚拟机的非法入侵破坏了云服务或资源的可用性,不可信的云存储环境增大了用户共享、检索私有数据的难度,各类外包计算和云应用需求带来了隐私泄露的风险.该文从云计算环境下安全与隐私保护技术的角度出发,通过介绍云虚拟化安全、云数据安全以及云应用安全的相关研究进展,分析并对比典型方案的特点、适用范围及其在安全防御和隐私保护方面的不同效用,讨论已有工作的局限性,进而指出未来发展趋势和后续研究方向.