國立高雄大學圖資館 |

語系: 繁體中文

說明(常見問題)

圖資館首頁

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FAPA: Flooding Attack Protection Arc...

The University of Alabama.

FAPA: Flooding Attack Protection Architecture in a cloud system.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	FAPA: Flooding Attack Protection Architecture in a cloud system.
作者:	Zunnurhain, Kazi.
面頁冊數:	167 p.
附註:	Source: Dissertation Abstracts International, Volume: 76-02(E), Section: B.
附註:	Advisers: Susan Vrbsky; Ragib Hasan.
Contained By:	Dissertation Abstracts International76-02B(E).
標題:	Computer science.
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3639339
ISBN:	9781321236675

FAPA: Flooding Attack Protection Architecture in a cloud system.
Zunnurhain, Kazi.

FAPA: Flooding Attack Protection Architecture in a cloud system. - 167 p.

Source: Dissertation Abstracts International, Volume: 76-02(E), Section: B.

Thesis (Ph.D.)--The University of Alabama, 2014.

This item must not be sold to any third party vendors.

The rate of acceptance of clouds each year is making cloud computing the leading IT computational technology. While cloud computing can be productive and economical, it is still vulnerable to different types of external threats, one of which is a Denial of Service (DoS) attack. DoS attacks have long been an open security problem of the internet. Most proposed solutions to address DoS attacks require upgrades in routers, modification in the BGP (Border Gateway Protocol), usage of additional control bits in the IP packets, or adjustments to legacy routers in the routing path. It is extremely difficult to manipulate all these criteria, considering that the internet, and potentially a cloud, consists of a very large number of autonomous systems with routers from different vendors deployed over decades. Authentication protocols are typically implemented by some of the leading companies manufacturing DoS prevention routers. However, authentication protocols and embedded digital signatures are very expensive and vulnerable. This is contrary to the benefits of renting a cloud system, which is to save capital expenditure as well as operational expenditure.

ISBN: 9781321236675Subjects--Topical Terms:

199325
Computer science.

FAPA: Flooding Attack Protection Architecture in a cloud system.
LDR:04896nmm a2200313 4500 001 457712
005 20150805065224.5
008 150916s2014 ||||||||||||||||| ||eng d
020 $a 9781321236675
035 $a (MiAaPQ)AAI3639339
035 $a AAI3639339
040 $a MiAaPQ $c MiAaPQ
100 1 $a Zunnurhain, Kazi. $3 708754
245 1 0 $a FAPA: Flooding Attack Protection Architecture in a cloud system.
300 $a 167 p.
500 $a Source: Dissertation Abstracts International, Volume: 76-02(E), Section: B.
500 $a Advisers: Susan Vrbsky; Ragib Hasan.
502 $a Thesis (Ph.D.)--The University of Alabama, 2014.
506 $a This item must not be sold to any third party vendors.
520 $a The rate of acceptance of clouds each year is making cloud computing the leading IT computational technology. While cloud computing can be productive and economical, it is still vulnerable to different types of external threats, one of which is a Denial of Service (DoS) attack. DoS attacks have long been an open security problem of the internet. Most proposed solutions to address DoS attacks require upgrades in routers, modification in the BGP (Border Gateway Protocol), usage of additional control bits in the IP packets, or adjustments to legacy routers in the routing path. It is extremely difficult to manipulate all these criteria, considering that the internet, and potentially a cloud, consists of a very large number of autonomous systems with routers from different vendors deployed over decades. Authentication protocols are typically implemented by some of the leading companies manufacturing DoS prevention routers. However, authentication protocols and embedded digital signatures are very expensive and vulnerable. This is contrary to the benefits of renting a cloud system, which is to save capital expenditure as well as operational expenditure.
520 $a Rather than depending on cloud providers, we proposed a model, called FAPA (Flooding Attack Protection Architecture), to detect and filter packets when DoS attacks occur. FAPA can be deployed at different levels of the system, such as at the user's end. FAPA can run locally on top of the client's terminal and is independent of the provider's cloud machine. There is no need to deploy any expensive packet capturing tools nor does it require any embedded digital signature inside the packets. There is no additional charge from the provider's end since the application runs in the customer's end. Moreover, automatic message propagation invokes the cloud server to trace the source or adversary.
520 $a In FAPA, detection of denial of service is handled by the periodic analysis of the traffic behavior from the raw packets. It generates an alarm if any DoS attack is detected and removes flooding by filtering. Because FAPA is employed on the client's side, customers have control over traffic trends, which is absent in other DoS prevention approaches. FAPA is comprised of five individual modules, where each module has an assigned task in detecting DoS attacks and removing threats by filtering the spoof packets. A module fetches the traffic packets and does the unwrapping. Another module records the pertinent parameters of network packets.
520 $a Implementation of a FAPA prototype and experimental results has demonstrated the feasibility of FAPA. From our initial experiments we observed that in the event of a DoS attack, some of the network parameters change. Hence, in FAPA a separate module is dedicated for storing information about traffic behavior. If FAPA observes any inconsistent traffic behavior, it invokes the filtering modules to remove the compromised network packets. FAPA filtering detects the threat by using previously recorded information. FAPA filtering was implemented for a cluster environment and we ran experiments to determine its effectiveness. The filtering module was then modified to run in a cloud environment and was able to handle a large set of network packets. We investigated the impact of DDoS attacks on co-resident virtual machines and their neighbors. Later we conducted DDoS attacks from a commercially launched public cloud onto private cloud instances to observe the amplification of an attack and checked the efficiency of FAPA in terms of filtering those non legitimate packets. We also measured FAPA performance in terms of false positive and false negative rates. We deployed several commercially used stress testing tools to observe FAPA's performance. Both in the cloud and on the cluster, our experimental results demonstrated that FAPA was able to detect and filter packets to successfully remove a DoS attack.
590 $a School code: 0004.
650 4 $a Computer science. $3 199325
690 $a 0984
710 2 $a The University of Alabama. $b Computer Science. $3 708755
773 0 $t Dissertation Abstracts International $g 76-02B(E).
790 $a 0004
791 $a Ph.D.
792 $a 2014
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=3639339