云本地应用程序中应用层 DDoS 攻击效果评估

IF 5.3 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Kewei Wang;Changzhen Hu;Chun Shan
{"title":"云本地应用程序中应用层 DDoS 攻击效果评估","authors":"Kewei Wang;Changzhen Hu;Chun Shan","doi":"10.1109/TCC.2024.3374798","DOIUrl":null,"url":null,"abstract":"Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"522-538"},"PeriodicalIF":5.3000,"publicationDate":"2024-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluation of Application Layer DDoS Attack Effect in Cloud Native Applications\",\"authors\":\"Kewei Wang;Changzhen Hu;Chun Shan\",\"doi\":\"10.1109/TCC.2024.3374798\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.\",\"PeriodicalId\":13202,\"journal\":{\"name\":\"IEEE Transactions on Cloud Computing\",\"volume\":\"12 2\",\"pages\":\"522-538\"},\"PeriodicalIF\":5.3000,\"publicationDate\":\"2024-03-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Cloud Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10466506/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10466506/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

云本地应用程序特别容易受到应用层 DDoS 攻击。这是因为微服务之间通过内部服务调用进行合作和通信,从而扩大了应用层 DDoS 攻击的影响。由于不同的服务对攻击的敏感程度不同,因此老练的攻击者可以利用那些特别昂贵的 API 调用,轻而易举地对服务和应用程序的可用性造成严重破坏。为了更好地分析云原生应用中应用层 DDoS 攻击的严重性并减轻其影响,我们提出了一种评估应用层 DDoS 攻击影响的新方法,该方法能够定量描述应用系统复杂结构所带来的放大效应。我们首先介绍了场景的描述模型。然后,构建黎曼流形作为攻击场景的状态空间,其中的攻击被描述为同构。最后,我们运用微分几何原理定量计算攻击效果,攻击效果来自攻击动作及其在状态空间中产生的运动。我们在各种应用场景中对所提出的方法进行了验证。结果表明,我们的方法能提供准确的评估结果,并优于现有的解决方案。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Evaluation of Application Layer DDoS Attack Effect in Cloud Native Applications
Cloud native application is especially susceptible to application layer DDoS attack. This attributes to the internal service calls, by which microservices cooperate and communicate with each other, amplifying the effect of application layer DDoS attack. Since different services have varying degrees of sensitivity to an attack, a sophisticated attacker can take advantage of those especially expensive API calls to produce serious damage to the availability of services and applications with ease. To better analyze the severity of and mitigate application layer DDoS attacks in cloud native applications, we propose a novel method to evaluate the effect of application layer DDoS attack, that is able to quantitatively characterize the amplifying effect introduced by the complex structure of application system. We first present the descriptive model of the scenario. Then, Riemannian manifolds are constructed as the state spaces of the attack scenarios, in which attacks are described as homeomorphisms. Finally, we apply differential geometry principles to quantitatively calculate the attack effect, which is derived from the action of an attack and the movement it produces in the state spaces. The proposed method is validated in various application scenarios. We show that our approach provides accurate evaluation results, and outperforms existing solutions.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
IEEE Transactions on Cloud Computing
IEEE Transactions on Cloud Computing Computer Science-Software
CiteScore
9.40
自引率
6.20%
发文量
167
期刊介绍: The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信