Nasim Beigi Mohammadi, C. Barna, Mark Shtern, Hamzeh Khazaei, Marin Litoiu
{"title":"CAAMP:混合云中完全自动化的DDoS攻击缓解平台","authors":"Nasim Beigi Mohammadi, C. Barna, Mark Shtern, Hamzeh Khazaei, Marin Litoiu","doi":"10.1109/CNSM.2016.7818409","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service (DDoS) attacks are one of the main concerns for online service providers because of their impact on cost/revenue and reputation. This paper presents Completely Automated DDoS Attack Mitigation Platform (CAAMP), a novel platform to mitigate DDoS attacks on public cloud applications using capabilities of software defined infrastructure and network function virtualization techniques. When suspicious traffic is identified, CAAMP deploys a copy of the application's topology on-the-fly (a shark tank) on an isolated environment in a private cloud. It then creates a virtual network that will host the shark tank. Software defined networking (SDN) controller programs the virtual switches dynamically to redirect the suspicious traffic to the shark tank until final decision is made. If traffic is proved to be non-malicious, SDN controller installs flow rules on the switches to redirect the traffic back to the original application. Thus, CAAMP autonomically protects applications against potential DDoS threats and lowers the false positives associated with common detection mechanisms by leveraging resources from a private cloud.","PeriodicalId":334604,"journal":{"name":"2016 12th International Conference on Network and Service Management (CNSM)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"CAAMP: Completely automated DDoS attack mitigation platform in hybrid clouds\",\"authors\":\"Nasim Beigi Mohammadi, C. Barna, Mark Shtern, Hamzeh Khazaei, Marin Litoiu\",\"doi\":\"10.1109/CNSM.2016.7818409\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed Denial of Service (DDoS) attacks are one of the main concerns for online service providers because of their impact on cost/revenue and reputation. This paper presents Completely Automated DDoS Attack Mitigation Platform (CAAMP), a novel platform to mitigate DDoS attacks on public cloud applications using capabilities of software defined infrastructure and network function virtualization techniques. When suspicious traffic is identified, CAAMP deploys a copy of the application's topology on-the-fly (a shark tank) on an isolated environment in a private cloud. It then creates a virtual network that will host the shark tank. Software defined networking (SDN) controller programs the virtual switches dynamically to redirect the suspicious traffic to the shark tank until final decision is made. If traffic is proved to be non-malicious, SDN controller installs flow rules on the switches to redirect the traffic back to the original application. Thus, CAAMP autonomically protects applications against potential DDoS threats and lowers the false positives associated with common detection mechanisms by leveraging resources from a private cloud.\",\"PeriodicalId\":334604,\"journal\":{\"name\":\"2016 12th International Conference on Network and Service Management (CNSM)\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 12th International Conference on Network and Service Management (CNSM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CNSM.2016.7818409\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 12th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CNSM.2016.7818409","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CAAMP: Completely automated DDoS attack mitigation platform in hybrid clouds
Distributed Denial of Service (DDoS) attacks are one of the main concerns for online service providers because of their impact on cost/revenue and reputation. This paper presents Completely Automated DDoS Attack Mitigation Platform (CAAMP), a novel platform to mitigate DDoS attacks on public cloud applications using capabilities of software defined infrastructure and network function virtualization techniques. When suspicious traffic is identified, CAAMP deploys a copy of the application's topology on-the-fly (a shark tank) on an isolated environment in a private cloud. It then creates a virtual network that will host the shark tank. Software defined networking (SDN) controller programs the virtual switches dynamically to redirect the suspicious traffic to the shark tank until final decision is made. If traffic is proved to be non-malicious, SDN controller installs flow rules on the switches to redirect the traffic back to the original application. Thus, CAAMP autonomically protects applications against potential DDoS threats and lowers the false positives associated with common detection mechanisms by leveraging resources from a private cloud.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
