A collaborative architecture against DDOS attacks for cloud computing systems.
Autor(a) principal: | |
---|---|
Data de Publicação: | 2018 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Biblioteca Digital de Teses e Dissertações da USP |
Texto Completo: | https://doi.org/10.11606/D.3.2019.tde-25032019-114624 |
Resumo: | Distributed attacks, such as Distributed Denial of Service (DDoS) ones, require not only the deployment of standalone security mechanisms responsible for monitoring a limited portion of the network, but also distributed mechanisms which are able to jointly detect and mitigate the attack before the complete exhaustion of network resources. This need led to the proposal of several collaborative security mechanisms, covering different phases of the attack mitigation: from its detection to the relief of the system after the attack subsides. It is expected that such mechanisms enable the collaboration among security nodes through the distributed enforcement of security policies, either by installing security rules (e.g., for packet filtering) and/or by provisioning new specialized security nodes on the network. Albeit promising, existing proposals that distribute security tasks among collaborative nodes usually do not consider an optimal allocation of computational resources. As a result, their operation may result in a poor Quality of Service for legitimate packet flows during the mitigation of a DDoS attack. Aiming to tackle this issue, this work proposes a collaborative solution against DDoS attacks with two main goals: (1) ensure an optimal use of resources already available in the attack\'s datapath in a proactive way, and (2) optimize the placement of security tasks among the collaborating security nodes. Regardless the characteristics of each main goal, legitimate traffic must be preserved as packet loss is reduced as much as possible. |
id |
USP_dbf23c03b80e372963081958edc15bfa |
---|---|
oai_identifier_str |
oai:teses.usp.br:tde-25032019-114624 |
network_acronym_str |
USP |
network_name_str |
Biblioteca Digital de Teses e Dissertações da USP |
repository_id_str |
2721 |
spelling |
info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesis A collaborative architecture against DDOS attacks for cloud computing systems. Uma arquitetura colaborativa contra ataques distribuídos de negação de serviço para sistemas de computação em nuvem. 2018-12-14Marcos Antonio Simplicio JuniorDaniel Macedo BatistaCharles Christian MiersThiago Rodrigues Meira de AlmeidaUniversidade de São PauloEngenharia ElétricaUSPBR Cloud computing Computação em nuvem DDOS SDN Security Segurança de redes SFC Distributed attacks, such as Distributed Denial of Service (DDoS) ones, require not only the deployment of standalone security mechanisms responsible for monitoring a limited portion of the network, but also distributed mechanisms which are able to jointly detect and mitigate the attack before the complete exhaustion of network resources. This need led to the proposal of several collaborative security mechanisms, covering different phases of the attack mitigation: from its detection to the relief of the system after the attack subsides. It is expected that such mechanisms enable the collaboration among security nodes through the distributed enforcement of security policies, either by installing security rules (e.g., for packet filtering) and/or by provisioning new specialized security nodes on the network. Albeit promising, existing proposals that distribute security tasks among collaborative nodes usually do not consider an optimal allocation of computational resources. As a result, their operation may result in a poor Quality of Service for legitimate packet flows during the mitigation of a DDoS attack. Aiming to tackle this issue, this work proposes a collaborative solution against DDoS attacks with two main goals: (1) ensure an optimal use of resources already available in the attack\'s datapath in a proactive way, and (2) optimize the placement of security tasks among the collaborating security nodes. Regardless the characteristics of each main goal, legitimate traffic must be preserved as packet loss is reduced as much as possible. Sem resumo https://doi.org/10.11606/D.3.2019.tde-25032019-114624info:eu-repo/semantics/openAccessengreponame:Biblioteca Digital de Teses e Dissertações da USPinstname:Universidade de São Paulo (USP)instacron:USP2023-12-21T20:06:42Zoai:teses.usp.br:tde-25032019-114624Biblioteca Digital de Teses e Dissertaçõeshttp://www.teses.usp.br/PUBhttp://www.teses.usp.br/cgi-bin/mtd2br.plvirginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.bropendoar:27212023-12-22T13:16:37.293898Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP)false |
dc.title.en.fl_str_mv |
A collaborative architecture against DDOS attacks for cloud computing systems. |
dc.title.alternative.pt.fl_str_mv |
Uma arquitetura colaborativa contra ataques distribuídos de negação de serviço para sistemas de computação em nuvem. |
title |
A collaborative architecture against DDOS attacks for cloud computing systems. |
spellingShingle |
A collaborative architecture against DDOS attacks for cloud computing systems. Thiago Rodrigues Meira de Almeida |
title_short |
A collaborative architecture against DDOS attacks for cloud computing systems. |
title_full |
A collaborative architecture against DDOS attacks for cloud computing systems. |
title_fullStr |
A collaborative architecture against DDOS attacks for cloud computing systems. |
title_full_unstemmed |
A collaborative architecture against DDOS attacks for cloud computing systems. |
title_sort |
A collaborative architecture against DDOS attacks for cloud computing systems. |
author |
Thiago Rodrigues Meira de Almeida |
author_facet |
Thiago Rodrigues Meira de Almeida |
author_role |
author |
dc.contributor.advisor1.fl_str_mv |
Marcos Antonio Simplicio Junior |
dc.contributor.referee1.fl_str_mv |
Daniel Macedo Batista |
dc.contributor.referee2.fl_str_mv |
Charles Christian Miers |
dc.contributor.author.fl_str_mv |
Thiago Rodrigues Meira de Almeida |
contributor_str_mv |
Marcos Antonio Simplicio Junior Daniel Macedo Batista Charles Christian Miers |
description |
Distributed attacks, such as Distributed Denial of Service (DDoS) ones, require not only the deployment of standalone security mechanisms responsible for monitoring a limited portion of the network, but also distributed mechanisms which are able to jointly detect and mitigate the attack before the complete exhaustion of network resources. This need led to the proposal of several collaborative security mechanisms, covering different phases of the attack mitigation: from its detection to the relief of the system after the attack subsides. It is expected that such mechanisms enable the collaboration among security nodes through the distributed enforcement of security policies, either by installing security rules (e.g., for packet filtering) and/or by provisioning new specialized security nodes on the network. Albeit promising, existing proposals that distribute security tasks among collaborative nodes usually do not consider an optimal allocation of computational resources. As a result, their operation may result in a poor Quality of Service for legitimate packet flows during the mitigation of a DDoS attack. Aiming to tackle this issue, this work proposes a collaborative solution against DDoS attacks with two main goals: (1) ensure an optimal use of resources already available in the attack\'s datapath in a proactive way, and (2) optimize the placement of security tasks among the collaborating security nodes. Regardless the characteristics of each main goal, legitimate traffic must be preserved as packet loss is reduced as much as possible. |
publishDate |
2018 |
dc.date.issued.fl_str_mv |
2018-12-14 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://doi.org/10.11606/D.3.2019.tde-25032019-114624 |
url |
https://doi.org/10.11606/D.3.2019.tde-25032019-114624 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.publisher.none.fl_str_mv |
Universidade de São Paulo |
dc.publisher.program.fl_str_mv |
Engenharia Elétrica |
dc.publisher.initials.fl_str_mv |
USP |
dc.publisher.country.fl_str_mv |
BR |
publisher.none.fl_str_mv |
Universidade de São Paulo |
dc.source.none.fl_str_mv |
reponame:Biblioteca Digital de Teses e Dissertações da USP instname:Universidade de São Paulo (USP) instacron:USP |
instname_str |
Universidade de São Paulo (USP) |
instacron_str |
USP |
institution |
USP |
reponame_str |
Biblioteca Digital de Teses e Dissertações da USP |
collection |
Biblioteca Digital de Teses e Dissertações da USP |
repository.name.fl_str_mv |
Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP) |
repository.mail.fl_str_mv |
virginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.br |
_version_ |
1794503036051128320 |