DDoS in Cloud Computing

B. Cha

Agenda

• DDoS Attacks • DDoS Model in Cloud Computing

– Problem Definition– DDoS Solution 1

• DDoS in aspect of Cloud Computing Manager– DDoS Attack– DDoS Target

• Detection in aspect of Cloud Computing Man-ager– Attack Detection– Intrusion Detection

DDoS Attacks• DDoS Attacks

– 클라우드 컴퓨팅에서 가장 위협적이며 강력한 공격은 바로 DDoS 공격– 직접적으로는 클라우드 컴퓨팅 서비스의 가용성을 방해하거나 서비스에 대한 SLA을

위반– DoS (Denial of Service)

• 서비스 거부 공격의 형태는 주요 웹사이트나 DNS에 대한 공격처럼 국가나 인터넷 전체 기반체계를 대상으로 하는 형태의 조직적인 공격에서부터 시작하여 기업의 특정 사이트를 대상으로 한 공격까지 매우 광범위하게 전개

– DDoS (Distributed Denial of Service)• DDoS 공격은 DoS 공격으로부터 발전• 대량의 트래픽을 유발하는 플러딩 (Flooding)성 공격• 과도한 세션을 요구하는 커넥션 (Connection) 공격• 기타 애플리케이션 (Application) 특성을 활용한 공격

– DDoS 공격 탐지• IDS/IPS, DDoS 대응 시스템 , Netflow, ACL, MRTG or RRD, DNS 서버 , L7 스위치

(IPS)

– DDoS 공격 차단• URL 차단 , IP 차단 , Port and Protocol 차단

DDoS Model in Cloud Computing

• Assumption– Cloud Computing

Environment– Cloud 1, Cloud 2,

Manager of Cloud 1, and Malicious Client

Cloud Comput-ing

Malicious Client

Computing Clus-ters

Access

Manager

Access

DDoS in aspect of Cloud Comput-ing Manager

– DDoS Attack (Scenario 1)• Scanning of used resources and activity (Impossible)

– Privacy problem happened– need high tech.

• Measurement of used resources (Internal Inspectors and External In-spectors)– need Monitoring and ESM

– DDoS Target (Scenario 2)• Resources are divided into networking resource and computing re-

source.• Networking Virtualization and Computing Scaling• Networking Virtualization

– Restricted Network Access– 1st Resist Line

• Computing Scaling– Attack Tolerance– 2nd Resist Line

• Differences of Firewall Merits and Demerits

DDoS in aspect of Cloud Comput-ing Manager

Cloud Comput-ing

Malicious Client

Target System 1

Computing Clus-ters

Attacks

DDoS Scenario 1 & 2 using Cloud Computing

ManagerTarget System 2

Attacks

DDoS Attack 1

DDoS Attack 2

Internal

Exter-nal

Detection in aspect of Cloud Com-puting Manager

– Attack Detection• External Activity Detection• Traffic Monitoring• FrontEnd, Cloud Controller or Cluster Controller

– Intrusion Detection• Internal Activity Detection• Used Resources Monitoring• BackEnd, Cluster Controller or Node Controller

– Monitoring & ESM• Monitoring Resources

– Networking Resources– Computing Resources– Network, System and User Activity

• Various monitoring tools in clusters• Need integration/analysis tools for the various monitoring data • Decision system for attack, anomaly, and normal

Internal

Exter-nal

Detection in aspect of Cloud Com-puting Manager

Cloud Comput-ing

Malicious Client

Target System

Computing Clus-ters

DDoS Attack

Attacks

DDoS Scenario 1 using Cloud Computing

ESM

ESM

ESM

ESM

InternalInspec-

tors

ExternalInspec-

tors

Resources As-signment