ddos in cloud computing b. cha. agenda ddos attacks ddos model in cloud computing –problem...
Post on 28-Dec-2015
224 Views
Preview:
TRANSCRIPT
DDoS in Cloud Computing
B. Cha
Agenda
• DDoS Attacks • DDoS Model in Cloud Computing
– Problem Definition– DDoS Solution 1
• DDoS in aspect of Cloud Computing Manager– DDoS Attack– DDoS Target
• Detection in aspect of Cloud Computing Man-ager– Attack Detection– Intrusion Detection
DDoS Attacks• DDoS Attacks
– 클라우드 컴퓨팅에서 가장 위협적이며 강력한 공격은 바로 DDoS 공격– 직접적으로는 클라우드 컴퓨팅 서비스의 가용성을 방해하거나 서비스에 대한 SLA을
위반– DoS (Denial of Service)
• 서비스 거부 공격의 형태는 주요 웹사이트나 DNS에 대한 공격처럼 국가나 인터넷 전체 기반체계를 대상으로 하는 형태의 조직적인 공격에서부터 시작하여 기업의 특정 사이트를 대상으로 한 공격까지 매우 광범위하게 전개
– DDoS (Distributed Denial of Service)• DDoS 공격은 DoS 공격으로부터 발전• 대량의 트래픽을 유발하는 플러딩 (Flooding)성 공격• 과도한 세션을 요구하는 커넥션 (Connection) 공격• 기타 애플리케이션 (Application) 특성을 활용한 공격
– DDoS 공격 탐지• IDS/IPS, DDoS 대응 시스템 , Netflow, ACL, MRTG or RRD, DNS 서버 , L7 스위치
(IPS)
– DDoS 공격 차단• URL 차단 , IP 차단 , Port and Protocol 차단
DDoS Model in Cloud Computing
• Assumption– Cloud Computing
Environment– Cloud 1, Cloud 2,
Manager of Cloud 1, and Malicious Client
Cloud Comput-ing
Malicious Client
Computing Clus-ters
Access
Manager
Access
DDoS in aspect of Cloud Comput-ing Manager
– DDoS Attack (Scenario 1)• Scanning of used resources and activity (Impossible)
– Privacy problem happened– need high tech.
• Measurement of used resources (Internal Inspectors and External In-spectors)– need Monitoring and ESM
– DDoS Target (Scenario 2)• Resources are divided into networking resource and computing re-
source.• Networking Virtualization and Computing Scaling• Networking Virtualization
– Restricted Network Access– 1st Resist Line
• Computing Scaling– Attack Tolerance– 2nd Resist Line
• Differences of Firewall Merits and Demerits
DDoS in aspect of Cloud Comput-ing Manager
Cloud Comput-ing
Malicious Client
Target System 1
Computing Clus-ters
Attacks
DDoS Scenario 1 & 2 using Cloud Computing
ManagerTarget System 2
Attacks
DDoS Attack 1
DDoS Attack 2
Internal
Exter-nal
Detection in aspect of Cloud Com-puting Manager
– Attack Detection• External Activity Detection• Traffic Monitoring• FrontEnd, Cloud Controller or Cluster Controller
– Intrusion Detection• Internal Activity Detection• Used Resources Monitoring• BackEnd, Cluster Controller or Node Controller
– Monitoring & ESM• Monitoring Resources
– Networking Resources– Computing Resources– Network, System and User Activity
• Various monitoring tools in clusters• Need integration/analysis tools for the various monitoring data • Decision system for attack, anomaly, and normal
Internal
Exter-nal
Detection in aspect of Cloud Com-puting Manager
Cloud Comput-ing
Malicious Client
Target System
Computing Clus-ters
DDoS Attack
Attacks
DDoS Scenario 1 using Cloud Computing
ESM
ESM
ESM
ESM
InternalInspec-
tors
ExternalInspec-
tors
Resources As-signment
top related