STEALTHY DENIAL OF SERVICE STRATEGY IN CLOUD COMPUTING

ABSTRACT

The success of the Cloud Computing paradigm is due to its on-demand, self-service, and pay-by-use nature. According to this paradigm, the effects of Denial of Service (DoS) attacks involve not only the quality of the delivered service, but also the service maintenance costs in terms of resource consumption. Specifically, the longer the detection delay is, the higher the costs to be incurred. Therefore, a particular attention has to be paid for stealthy DoS attacks. They aim at minimizing their visibility, and at the same time, they can be as harmful as the brute-force attacks. They are sophisticated attacks tailored to leverage the worst-case performance of the target system through specific periodic, pulsing, and low-rate traffic patterns. In this paper, we propose a strategy to orchestrate stealthy attack patterns, which exhibit a slowly-increasing-intensity trend designed to inflict the maximum financial cost to the cloud customer, while respecting the job size and the service arrival rate imposed by the detection mechanisms. We describe both how to apply the proposed strategy, and its effects on the target system deployed in the cloud.

AIM

They aim at minimizing their visibility, and at the same time, they can be as harmful as the brute-force attacks.

SCOPE

It focuses on one of the most serious threats to Cloud Computing, which comes from XML based DoS (X-DoS) attacks to the Web-based systems.

SYNOPSYS

According to the role of the auditor, these auditing protocols can be divided into two categories: private verification and public verification. In an auditing protocol with private verifiability, the auditor is provided with a secret that is not known to the prover or other parties. Only the auditor can verify the integrity of the data. In contrast, the verification algorithm does not need a secret key from the auditor in an auditing protocol with public verifiability. Therefore, any third party can play the role of the auditor in this kind of auditing protocols.

EXISTING SYSTEM

A side effect of such a model is that, it is prone to DoS and Distributed DoS (DDoS), which aim at reducing the service availability and performance by exhausting the resources of the service’s host system (including memory, processing resources, and network bandwidth) . Such attacks have special effects in the cloud due to the adopted pay-by-use business model. Specifically, in Cloud Computing also a partial service degradation due to an attack has direct effect on the service costs, and not only on the performance and availability perceived by the customer. The delay of the cloud service provider to diagnose the causes of the service degradation (i.e., if it is due to either an attack or an overload) can be considered as a security vulnerability. It can be exploited by attackers that aim at exhausting the cloud resources (allocated to satisfy the negotiated QoS), and seriously degrading the QoS, as happened to the BitBucket Cloud, which went down for 19h . Therefore, the cloud management system has to implement specific countermeasures in order to avoid paying credits in case of accidental or deliberate intrusion that cause violations of QoS guarantees.

DISADVANTAGES:

•  In order to elude the security mechanisms, by orchestrating and timing attack patterns that leverage specific weaknesses of target systems
•  The amount of time that the ongoing attack to the system has been undetected

PROPOSED SYSTEM

This paper presents a sophisticated strategy to orchestrate stealthy attack patterns against applications running in the cloud. Instead of aiming at making the service unavailable, the proposed strategy aims at exploiting the cloud flexibility, forcing the application to consume more resources than needed, affecting the cloud customer more on financial aspects than on the service availability. The attack pattern is orchestrated in order to evade, or however, greatly delay the techniques proposed in the literature to detect low-rate attacks. It does not exhibit a periodic waveform typical of low-rate exhausting attacks. In contrast with them, it is an iterative and incremental process. In particular, the attack potency (in terms of service requests rate and concurrent attack sources) is slowly enhanced by a patient attacker, in order to inflict significant financial losses, even if the attack pattern is performed in accordance to the maximum job size and arrival rate of the service requests allowed in the system. Using a simplified model empirically designed, we derive an expression for gradually increasing the potency of the attack, as a function of the reached service degradation (without knowing in advance the target system capability). We show that the features offered by the cloud provider, to ensure the SLA negotiated with the customer (including the load balancing and auto-scaling mechanisms), can be maliciously exploited by the proposed stealthy attack, which slowly exhausts the resources provided by the cloud provider, and increases the costs incurred by the customer.

ADVANTAGES:

• We are able to automatically scale the application when the virtual node is overloaded
•  We are able to evaluate the resource consumption of each involved VM and the number of retrieved messages (XML documents) to be processed.

SYSTEM ARCHITECTURE:-

 SYSTEM CONFIGURATION:-

HARDWARE REQUIREMENTS:-

• Processor   -   Pentium –III

•  Speed                -    1.1 Ghz
•  RAM                 -    256 MB(min)
•  Hard Disk         -   20 GB
•  Floppy Drive      -    1.44 MB
•  Key Board         -    Standard Windows Keyboard
• Mouse               -    Two or Three Button Mouse
•  Monitor             -    SVGA

SOFTWARE REQUIREMENTS:-

•   Operating System          : Windows  7                                  
•   Front End                               : JSP,SERVLET
•   Database                                : MYSQL

REFERENCES

Ficco, M. Rak, M.“ STEALTHY DENIAL OF SERVICE STRATEGY IN CLOUD COMPUTING,” IEEE TRANSACTIONS ON CLOUD COMPUTING, VOL 3, ISS 1, JULY 2014.