{"title":"云本地应用程序中应用层 DDoS 攻击效果评估","authors":"Kewei Wang;Changzhen Hu;Chun Shan","doi":"10.1109/TCC.2024.3374798","DOIUrl":null,"url":null,"abstract":"Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"522-538"},"PeriodicalIF":5.3000,"publicationDate":"2024-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluation of Application Layer DDoS Attack Effect in Cloud Native Applications\",\"authors\":\"Kewei Wang;Changzhen Hu;Chun Shan\",\"doi\":\"10.1109/TCC.2024.3374798\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.\",\"PeriodicalId\":13202,\"journal\":{\"name\":\"IEEE Transactions on Cloud Computing\",\"volume\":\"12 2\",\"pages\":\"522-538\"},\"PeriodicalIF\":5.3000,\"publicationDate\":\"2024-03-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Cloud Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10466506/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10466506/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Evaluation of Application Layer DDoS Attack Effect in Cloud Native Applications
Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.
期刊介绍:
The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.