Evaluation of Application Layer DDoS Attack Effect in Cloud Native Applications

IF 5.3 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Cloud Computing Pub Date : 2024-03-11 DOI:10.1109/TCC.2024.3374798

Kewei Wang;Changzhen Hu;Chun Shan

{"title":"Evaluation of Application Layer DDoS Attack Effect in Cloud Native Applications","authors":"Kewei Wang;Changzhen Hu;Chun Shan","doi":"10.1109/TCC.2024.3374798","DOIUrl":null,"url":null,"abstract":"Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"522-538"},"PeriodicalIF":5.3000,"publicationDate":"2024-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10466506/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.

查看原文本刊更多论文

云本地应用程序中应用层 DDoS 攻击效果评估

云本地应用程序特别容易受到应用层 DDoS 攻击。这是因为微服务之间通过内部服务调用进行合作和通信，从而扩大了应用层 DDoS 攻击的影响。由于不同的服务对攻击的敏感程度不同，因此老练的攻击者可以利用那些特别昂贵的 API 调用，轻而易举地对服务和应用程序的可用性造成严重破坏。为了更好地分析云原生应用中应用层 DDoS 攻击的严重性并减轻其影响，我们提出了一种评估应用层 DDoS 攻击影响的新方法，该方法能够定量描述应用系统复杂结构所带来的放大效应。我们首先介绍了场景的描述模型。然后，构建黎曼流形作为攻击场景的状态空间，其中的攻击被描述为同构。最后，我们运用微分几何原理定量计算攻击效果，攻击效果来自攻击动作及其在状态空间中产生的运动。我们在各种应用场景中对所提出的方法进行了验证。结果表明，我们的方法能提供准确的评估结果，并优于现有的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Cloud Computing Computer Science-Software

CiteScore

9.40

自引率

6.20%

发文量

167

期刊介绍： The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.