{"title":"通过微服务云架构减少分布式拒绝服务 (DDoS) 攻击造成的内部附带损害","authors":"Anmol Kumar;Mayank Agarwal","doi":"10.1109/TIFS.2024.3516560","DOIUrl":null,"url":null,"abstract":"Mitigating DDoS attacks poses a significant challenge for cyber security teams within victim organizations, as these attacks directly target service availability. Most DDoS mitigation solutions focus address the direct effects of DDoS attacks, such as service unavailability and network congestion, while the indirect effects, including collateral damage to legitimate users, receive substantially less attention in the present state-of-the-art. To address this gap, we propose a novel defense architecture designed to mitigate collateral damage and ensure service availability for legitimate users even under attack conditions. The proposed approach employs containerization, micro-services architecture, and traffic segmentation to enhance system resilience and fortify security. We send requests for two distinct services, namely an HTTP-based service and an SSH service, in order to analyze the collateral damage caused by the DDoS attack. The proposed architecture classifies incoming HTTP traffic into two categories: “benign traffic” and “suspicious traffic,” determined by the number of requests originating from the same source address. We tested this approach in three different scenarios (S-1, S-2, and S-3). Experimental results demonstrate that the proposed architecture effectively isolates suspicious traffic, mitigating its impact on benign services. This ensures the availability of critical services during a DDoS attack while minimizing collateral damage. In scenarios S-1, S-2, and S-3, it maintains service availability at 3%, 67%, and 98%, respectively, highlighting its efficacy in the face of varying levels of DDoS attack intensity. Furthermore, the architecture is extremely effective in reducing the collateral effects on SSH requests during a DDoS attack. In the S-1 scenario, SSH login time was reduced by 25%, 46%, and 27%, respectively. In the S-2 scenario, the reductions were 99%, 53%, and 29%. In the same vein, the system achieved reductions of 4%, 17%, and 99% in the S-3 scenario.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1081-1091"},"PeriodicalIF":6.3000,"publicationDate":"2024-12-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Reducing Internal Collateral Damage From DDoS Attacks Through Micro-Service Cloud Architecture\",\"authors\":\"Anmol Kumar;Mayank Agarwal\",\"doi\":\"10.1109/TIFS.2024.3516560\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mitigating DDoS attacks poses a significant challenge for cyber security teams within victim organizations, as these attacks directly target service availability. Most DDoS mitigation solutions focus address the direct effects of DDoS attacks, such as service unavailability and network congestion, while the indirect effects, including collateral damage to legitimate users, receive substantially less attention in the present state-of-the-art. To address this gap, we propose a novel defense architecture designed to mitigate collateral damage and ensure service availability for legitimate users even under attack conditions. The proposed approach employs containerization, micro-services architecture, and traffic segmentation to enhance system resilience and fortify security. We send requests for two distinct services, namely an HTTP-based service and an SSH service, in order to analyze the collateral damage caused by the DDoS attack. The proposed architecture classifies incoming HTTP traffic into two categories: “benign traffic” and “suspicious traffic,” determined by the number of requests originating from the same source address. We tested this approach in three different scenarios (S-1, S-2, and S-3). Experimental results demonstrate that the proposed architecture effectively isolates suspicious traffic, mitigating its impact on benign services. This ensures the availability of critical services during a DDoS attack while minimizing collateral damage. In scenarios S-1, S-2, and S-3, it maintains service availability at 3%, 67%, and 98%, respectively, highlighting its efficacy in the face of varying levels of DDoS attack intensity. Furthermore, the architecture is extremely effective in reducing the collateral effects on SSH requests during a DDoS attack. In the S-1 scenario, SSH login time was reduced by 25%, 46%, and 27%, respectively. In the S-2 scenario, the reductions were 99%, 53%, and 29%. In the same vein, the system achieved reductions of 4%, 17%, and 99% in the S-3 scenario.\",\"PeriodicalId\":13492,\"journal\":{\"name\":\"IEEE Transactions on Information Forensics and Security\",\"volume\":\"20 \",\"pages\":\"1081-1091\"},\"PeriodicalIF\":6.3000,\"publicationDate\":\"2024-12-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Forensics and Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10810456/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10810456/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
Reducing Internal Collateral Damage From DDoS Attacks Through Micro-Service Cloud Architecture
Mitigating DDoS attacks poses a significant challenge for cyber security teams within victim organizations, as these attacks directly target service availability. Most DDoS mitigation solutions focus address the direct effects of DDoS attacks, such as service unavailability and network congestion, while the indirect effects, including collateral damage to legitimate users, receive substantially less attention in the present state-of-the-art. To address this gap, we propose a novel defense architecture designed to mitigate collateral damage and ensure service availability for legitimate users even under attack conditions. The proposed approach employs containerization, micro-services architecture, and traffic segmentation to enhance system resilience and fortify security. We send requests for two distinct services, namely an HTTP-based service and an SSH service, in order to analyze the collateral damage caused by the DDoS attack. The proposed architecture classifies incoming HTTP traffic into two categories: “benign traffic” and “suspicious traffic,” determined by the number of requests originating from the same source address. We tested this approach in three different scenarios (S-1, S-2, and S-3). Experimental results demonstrate that the proposed architecture effectively isolates suspicious traffic, mitigating its impact on benign services. This ensures the availability of critical services during a DDoS attack while minimizing collateral damage. In scenarios S-1, S-2, and S-3, it maintains service availability at 3%, 67%, and 98%, respectively, highlighting its efficacy in the face of varying levels of DDoS attack intensity. Furthermore, the architecture is extremely effective in reducing the collateral effects on SSH requests during a DDoS attack. In the S-1 scenario, SSH login time was reduced by 25%, 46%, and 27%, respectively. In the S-2 scenario, the reductions were 99%, 53%, and 29%. In the same vein, the system achieved reductions of 4%, 17%, and 99% in the S-3 scenario.
期刊介绍:
The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
