Shan et al., 2017 - Google Patents
Cloud-side shuffling defenses against ddos attacks on proxied multiserver systemsShan et al., 2017
View PDF- Document ID
- 4107215335087422859
- Author
- Shan Y
- Kesidis G
- Fleck D
- Publication year
- Publication venue
- Proceedings of the 2017 on Cloud Computing Security Workshop
External Links
Snippet
We consider a cloud based multiserver system, consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We address cloud-side proactive and reactive defenses to combat DDoS attacks …
- 230000004992 fission 0 abstract description 13
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
- H04L67/1002—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers, e.g. load balancing
- H04L67/1004—Server selection in load balancing
- H04L67/1008—Server selection in load balancing based on parameters of servers, e.g. available memory or workload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
- H04L67/1002—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers, e.g. load balancing
- H04L67/1004—Server selection in load balancing
- H04L67/1014—Server selection in load balancing based on the content of a request
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
- H04L67/1002—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers, e.g. load balancing
- H04L67/1004—Server selection in load balancing
- H04L67/1023—Server selection in load balancing based on other criteria, e.g. hash applied to IP address, specific algorithms or cost
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Programme initiating; Programme switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/485—Task life-cycle, e.g. stopping, restarting, resuming execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/44—Arrangements for executing specific programmes
- G06F9/455—Emulation; Software simulation, i.e. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11803766B1 (en) | Active scanning tool for identifying customer misconfigurations of virtual machine instances | |
| Somani et al. | Combating DDoS attacks in the cloud: requirements, trends, and future directions | |
| US10523748B2 (en) | Managing health status of network devices in a distributed global server load balancing system | |
| US9055095B2 (en) | DOS detection and mitigation in a load balancer | |
| Carlin et al. | Intrusion detection and countermeasure of virtual cloud systems-state of the art and current challenges | |
| Somani et al. | Service resizing for quick DDoS mitigation in cloud computing environment | |
| KR20190018162A (en) | Dynamic, load-based, autoscaling Network security Micro-service architecture | |
| US11374968B1 (en) | Detection of adversarial networks | |
| Connell et al. | Performance modeling of moving target defenses | |
| Somani et al. | DARAC: DDoS mitigation using DDoS aware resource allocation in cloud | |
| Cao et al. | Entropy‐based denial‐of‐service attack detection in cloud data center | |
| Liu et al. | A decentralized cloud firewall framework with resources provisioning cost optimization | |
| Zhang et al. | Verifying cloud service‐level agreement by a third‐party auditor | |
| Silva et al. | REPEL: A strategic approach for defending 5G control plane from DDoS signalling attacks | |
| Aishwarya et al. | Intrusion detection system-An efficient way to thwart against Dos/DDos attack in the cloud environment | |
| Doosthosseini et al. | Chat ai: A seamless slurm-native solution for hpc-based services | |
| Shan et al. | Cloud-side shuffling defenses against ddos attacks on proxied multiserver systems | |
| Kashi et al. | Mitigating Yo-Yo attacks on cloud auto-scaling | |
| Shan et al. | Preliminary study of fission defenses against low-volume DoS attacks on proxied multiserver systems | |
| Jermyn et al. | Improving readiness for enterprise migration to the cloud | |
| Panneerselvam et al. | An investigation of the effect of cloud computing on network management | |
| Liu et al. | A clusterized firewall framework for cloud computing | |
| Chin et al. | Dynamic generation containment systems (DGCS): A moving target defense approach | |
| Shan et al. | Numerical Evaluation of Cloud-Side Shuffling Defenses against DDoS Attacks on Proxied Multiserver Systems | |
| Kansal et al. | Proactive ddos attack mitigation in cloud-fog environment using moving target defense |