Saniee Monfared, Saman (2023) Mitigating Yo-Yo Attacks on Cloud Using Game-Theoretical Modelling and Learning-Based Approach. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
9MBSanieeMonfared_MA_S2024.pdf - Accepted Version Available under License Spectrum Terms of Access. |
Abstract
Cloud computing, a transformative paradigm, has ushered in an era of unparalleled convenience and economic efficiency for both service providers and users. Historically, before its widespread adoption, digital services were susceptible to Distributed Denial of Service (DDoS) attacks, which aimed to overwhelm server capacities. The advent of cloud computing has primarily mitigated these threats but, in doing so, has inadvertently introduced new vulnerabilities. In their relentless pursuit of exploitation, attackers have transitioned from targeting server performance to inflicting economic damages. A particularly insidious form of this is the Yo-Yo Attack, an Economic Denial of Sustainability (EDoS) strategy that manipulates the auto-scaling features inherent to cloud systems.
This thesis presents a novel mathematical framework to understand the ongoing tussle between cloud service providers and Yo-Yo Attackers. We conceptualize this conflict as a Repeated Dynamic Bayesian Stackelberg game. This approach is pioneering in capturing the Yo-Yo attacker's nuanced strategies, particularly their adeptness at exploiting the cloud's auto-scaling features. The Learning-Based Attackers’ Type Recognition and Defense Mechanism is central to our game model, which harnesses the power of one-class Support Vector Machine (SVM) to discern the modus operandi of various Yo-Yo attack types.
Our research further introduces an innovative machine-learning algorithm adept at recognizing and countering the unique attack patterns of individual bots. We delve deeper into a proposed defense mechanism, which recognizes different strategies of Yo-Yo attackers aiming to exploit different vulnerabilities of the cloud’s auto-scaling mechanism and thereby confound their efforts. Our empirical experiments underscore the efficacy of our solution. Our approach demonstrates superior reduced compromised services and overall efficiency compared to existing Yo-Yo detection and defense strategies.
In conclusion, as cloud computing continues to dominate the digital landscape, ensuring its security remains paramount. Our research offers a robust solution to a new generation of threats, setting a benchmark for future endeavors in cloud security.
| Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
|---|---|
| Item Type: | Thesis (Masters) |
| Authors: | Saniee Monfared, Saman |
| Institution: | Concordia University |
| Degree Name: | M.A. Sc. |
| Program: | Quality Systems Engineering |
| Date: | 8 December 2023 |
| Thesis Supervisor(s): | Bentahar, Jamal |
| ID Code: | 993229 |
| Deposited By: | Saman Saniee Monfared |
| Deposited On: | 05 Jun 2024 16:53 |
| Last Modified: | 05 Jun 2024 16:53 |
References:
[1] D. MacRae, “81% of firms have accelerated their cloud computing plans due to COVID-19,” Cloud Computing News. Accessed: Sep. 01, 2023. [Online]. Available: https://www.cloudcomputing-news.net/news/2021/jun/14/81-of-firms-have-accelerated-their-cloud-computing-plans-due-to-covid-19/[2] M. G. Avram, “Advantages and Challenges of Adopting Cloud Computing from an Enterprise Perspective,” Procedia Technol., vol. 12, pp. 529–534, Jan. 2014, doi: 10.1016/j.protcy.2013.12.525.
[3] R. Ravichandiran, H. Bannazadeh, and A. Leon-Garcia, “Anomaly Detection using Resource Behaviour Analysis for Autoscaling systems,” in 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), Jun. 2018, pp. 192–196. doi: 10.1109/NETSOFT.2018.8460025.
[4] D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring Internet denial-of-service activity,” ACM Trans. Comput. Syst., vol. 24, no. 2, pp. 115–139, May 2006, doi: 10.1145/1132026.1132027.
[5] B. B. Gupta and O. P. Badve, “Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment,” Neural Comput. Appl., vol. 28, no. 12, pp. 3655–3682, Dec. 2017, doi: 10.1007/s00521-016-2317-5.
[6] M. Darwish, A. Ouda, and L. F. Capretz, “Cloud-based DDoS attacks and defenses,” in International Conference on Information Society (i-Society 2013), Jun. 2013, pp. 67–71. Accessed: Dec. 12, 2023. [Online]. Available: https://ieeexplore.ieee.org/document/6636342
[7] A. Bello Usman and J. Gutierrez, “Toward trust based protocols in a pervasive and mobile computing environment: A survey,” Ad Hoc Netw., vol. 81, pp. 143–159, Dec. 2018, doi: 10.1016/j.adhoc.2018.07.009.
[8] K. Singh, P. Singh, and K. Kumar, “Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges,” Comput. Secur., vol. 65, pp. 344–372, Mar. 2017, doi: 10.1016/j.cose.2016.10.005.
[9] A. Bonguet and M. Bellaiche, “A Survey of Denial-of-Service and Distributed Denial of Service Attacks and Defenses in Cloud Computing,” Future Internet, vol. 9, no. 3, Art. no. 3, Sep. 2017, doi: 10.3390/fi9030043.
[10] G. Sun et al., “Efficient location privacy algorithm for Internet of Things (IoT) services and applications,” J. Netw. Comput. Appl., vol. 89, pp. 3–13, Jul. 2017, doi: 10.1016/j.jnca.2016.10.011.
[11] M. A. S. Monge, J. M. Vidal, and L. J. G. Villalba, “Entropy-Based Economic Denial of Sustainability Detection,” Entropy, vol. 19, no. 12, Art. no. 12, Dec. 2017, doi: 10.3390/e19120649.
[12] M. Sides, A. Bremler-Barr, and E. Rosensweig, “Yo-Yo Attack: Vulnerability In Auto-scaling Mechanism,” ACM SIGCOMM Comput. Commun. Rev., vol. 45, no. 4, pp. 103–104, Sep. 2015, doi: 10.1145/2829988.2790017.
[13] S. Rajagopalan, D. Williams, H. Jamjoom, and A. Warfield, “Split/Merge: System Support for Elastic Execution in Virtual Middleboxes”.
[14] Z. A. Baig and F. Binbeshr, “Controlled Virtual Resource Access to Mitigate Economic Denial of Sustainability (EDoS) Attacks against Cloud Infrastructures,” in 2013 International Conference on Cloud Computing and Big Data, Dec. 2013, pp. 346–353. doi: 10.1109/CLOUDCOM-ASIA.2013.51.
[15] M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang, “Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs,” in IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications, May 2007, pp. 857–865. doi: 10.1109/INFCOM.2007.105.
[16] “Are You Protected Against Burst Attacks? – Radware Blog.” Accessed: Dec. 12, 2023. [Online]. Available: https://www.radware.com/blog/security/2018/02/burst-attack-protection/
[17] A. Bremler-Barr, E. Brosh, and M. Sides, “DDoS attack on cloud auto-scaling mechanisms,” in IEEE INFOCOM 2017 - IEEE Conference on Computer Communications, May 2017, pp. 1–9. doi: 10.1109/INFOCOM.2017.8057010.
[18] “AWS Best Practices for DDoS Resiliency - AWS Best Practices for DDoS Resiliency.” Accessed: Sep. 01, 2023. [Online]. Available: https://docs.aws.amazon.com/whitepapers/latest/aws-best-practices-ddos-resiliency/aws-best-practices-ddos-resiliency.html
[19] X. Xu, J. Li, H. Yu, L. Luo, X. Wei, and G. Sun, “Towards Yo-Yo attack mitigation in cloud auto-scaling mechanism,” Digit. Commun. Netw., vol. 6, no. 3, pp. 369–376, Aug. 2020, doi: 10.1016/j.dcan.2019.07.002.
[20] M. M. Kashi, A. Yazidi, and H. Haugerud, “Mitigating Yo-Yo attacks on cloud auto-scaling,” in 2022 14th IFIP Wireless and Mobile Networking Conference (WMNC), Oct. 2022, pp. 46–53. doi: 10.23919/WMNC56391.2022.9954300.
[21] T. Lorido-Botrán, J. Miguel-Alonso, and J. Lozano, “A Review of Auto-scaling Techniques for Elastic Applications in Cloud Environments,” J. Grid Comput., vol. 12, Dec. 2014, doi: 10.1007/s10723-014-9314-7.
[22] O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad, “Resource-Aware Detection and Defense System against Multi-Type Attacks in the Cloud: Repeated Bayesian Stackelberg Game,” IEEE Trans. Dependable Secure Comput., vol. 18, no. 2, pp. 605–622, Mar. 2021, doi: 10.1109/TDSC.2019.2907946.
[23] O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad, “Optimal Load Distribution for the Detection of VM-Based DDoS Attacks in the Cloud,” IEEE Trans. Serv. Comput., vol. 13, no. 1, pp. 114–129, Jan. 2020, doi: 10.1109/TSC.2017.2694426.
[24] M. Ranganath and M. Keating, “How to detect suspicious activity in your AWS account by using private decoy resources | AWS Security Blog.” Accessed: Dec. 12, 2023. [Online]. Available: https://aws.amazon.com/blogs/security/how-to-detect-suspicious-activity-in-your-aws-account-by-using-private-decoy-resources/
[25] R. N. Calheiros, R. Ranjan, A. Beloglazov, C. A. F. De Rose, and R. Buyya, “CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithms,” Softw. Pract. Exp., vol. 41, no. 1, pp. 23–50, 2011, doi: 10.1002/spe.995.
[26] O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad, “I Know You Are Watching Me: Stackelberg-Based Adaptive Intrusion Detection Strategy for Insider Attacks in the Cloud,” in 2017 IEEE International Conference on Web Services (ICWS), Jun. 2017, pp. 728–735. doi: 10.1109/ICWS.2017.88.
[27] A. Hota, A. Clements, S. Sundaram, and S. Bagchi, “Optimal and Game-Theoretic Deployment of Security Investments in Interdependent Assets,” Nov. 2016, pp. 101–113. doi: 10.1007/978-3-319-47413-7_6.
[28] A. Clark, K. Sun, L. Bushnell, and R. Poovendran, “A Game-Theoretic Approach to IP Address Randomization in Decoy-Based Cyber Defense,” Nov. 2015, pp. 3–21. doi: 10.1007/978-3-319-25594-1_1.
[29] M. Irvine, “Average Cost per Click by Country [DATA],” WordStream. Accessed: Dec. 12, 2023. [Online]. Available: https://www.wordstream.com/blog/average-cost-per-click
[30] P. Paruchuri, J. P. Pearce, J. Marecki, M. Tambe, F. Ordonez, and S. Kraus, “Playing games for security: an efficient exact algorithm for solving Bayesian Stackelberg games,” in Proceedings of the 7th international joint conference on Autonomous agents and multiagent systems - Volume 2, in AAMAS ’08. Richland, SC: International Foundation for Autonomous Agents and Multiagent Systems, May 2008, pp. 895–902.
[31] M. R. Watson, N. Shirazi, A. K. Marnerides, A. Mauthe, and D. Hutchison, “Malware Detection in Cloud Computing Infrastructures,” IEEE Trans. Dependable Secure Comput., vol. 13, no. 2, pp. 192–205, Mar. 2016, doi: 10.1109/TDSC.2015.2457918.
[32] “Change the desired capacity of an existing Auto Scaling group - Amazon EC2 Auto Scaling.” Accessed: Dec. 12, 2023. [Online]. Available: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-manual-scaling.html
[33] “Dynamic scaling for Amazon EC2 Auto Scaling - Amazon EC2 Auto Scaling.” Accessed: Dec. 12, 2023. [Online]. Available: https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-scale-based-on-demand.html
Repository Staff Only: item control page
Download Statistics
Download Statistics