اسم الباحث :
Sameer Al-Haj Ibrahim Ahmed Al-Baltah
Abstract This paper represents the concept of cloud distributed denial of service (CDDoS) with software defined network (SDN), editing its components that motivated the development of it. One of the critical issues of cloud computing is distributed denial of service (DDoS). Decoupling the package of network data and control functions have been simplified by SDN, which facilities dealing with various attacks of denial of service that can exhaust the resources of the network by spoofed flows. The aim of this paper is to propose a model that supports fair sharing of controller’s resources in SDN with cloud computing by organizing queues’ layers, depending on controller load the system expand dynamically. Keywords: Denial of Service (DoS), Cloud Distributed Denial of Service (CDDoS), Software Defined Network (SDN), Network Management. One of the domains that have appeared as a main aspect of cloud computing development is security. In cloud computing, dealing with security requirements are represented by availability, privacy, and integrity in order to offer various levels of services [1]. Desirable advantages of SDN produce new chances for avoiding being victim in the environment of cloud computing. Cloud computing appears as disputed issue in both practical and academic field according to its characteristics such as software as a service, infrastructure as a service and platform as a service. Recently, cloud computing has required security that has been regarded as an issue of the development [2]. It includes four types: private, public, hybrid and community cloud. Hybrid cloud has contained between the private and public cloud; this technique is used in this work for giving integrated vision. Recently, security systems have been high interesting with its problems, looking at the current works many researchers have concentrate on denial of service, which affect the performance of the system. The process of investigating how DoS should be scheduled by an attacker, as a result of being attacked the performance of the system will full down or might be null [4]. A framework for analyzing and identifying the vulnerability of the systems formulating convenient strategies to minimize the loss of balance is required [5]. One kind of DoS is the system of radio-frequency identification (RFID), coming and leaving items marked at constant speed. The utility of marks leaving in the verification section which are not identified, called tag loss. So the purpose of enhancing some frames of that to minimize the ratio of the tag loss of DoS attacks [6]. In designing and analyzing of networks systems security has got more common. Analyzing control systems of networked in DoS attacks which attack the network by preventing transmission. Identifying duration and frequency of DoS attacks under the stability of input-to-state that can be recorded by the system of closed-loop [7]. One of the hardest obstacles in the network security is DoS attack, particularly distributed denial of service (DDoS) attacks. The issues of networks security have been classified according to three objectives: availability, integrity and confidentiality [8]. Smart grid has different kinds of threats; DDoS tends to attack the resources of the communication network concentrate on the availability. As a result of DDoS attacks can exhaust the victim resources either systems or communication networks, that can denial the services for a period of time. Meanwhile, working for avoiding this attack is still moving toward, but not that much. Because of the effect of DDoS attacks various technics have been processed. Developing a structural method for defending DDoS attacks is highly required. In addition, valuable characteristics of each defense with the attack and the system classification have been proposed to describe the pros and cons of each class [9]. Furthermore, reorganizing and understanding DDoS by achieving more professional techniques and efficient algorithms. The development of DDoS attacks has targeted many advantages related to distributed services such as cooperation, sharing and positive communication among specialists and researchers which can treat vulnerabilities in the domain of DDoS. Some work has been done with the aim of decouple DDoS attacks against wireless networks. Furthermore, [10] considers the problem of anti-honeypot as attackers’ perspective. Recently, DDoS has been common as challenged manner with the effects of multi-level network [11]. DDoS attack banks on a collaborative distributed large-scale of DoS. The consequences on the network are either bandwidth or a computer configuration [12]. Exploiting the network resources of the victim in the internet is the main propose of DDoS that is different from DoS. Using many-to-one attack that target the victim can block the level of its defense and leave it irrelevant [13]. The process of DDoS attack is by overflow the victim with a huge quantity of packets by various hosts, key resources or consuming the bandwidth of the system has flowed the attack which deny the services to be accessible form the users. Using a strategy of network resilience is existed and depends on policies of event-condition-action (ECA) to face DDoS attacks. In addition, the requirements should be used to determine the aspect that have to concatenated agents’ interaction which has the ability to detect and treat DDoS threats by flexible method [14]. Nowadays, a high interest is noted of using the mechanism of path identifiers (PIDs). The existing approaches of IPDs are fixed that can facilitate the adversaries to start DDoS flooding attacks. Making the design presenting, evaluation of D-PID, and implementation, PIDs are used to negotiate between domains of neighbors in the framework as routing objects of inter-domain which is a path of two domains. The flooding of DDoS attacks has a strong pad effect to the internet. For making a DDoS attack, sending a huge traffic by using distributed zombies from the attacker, this traffic cannot be handled on the target system. Therefore, a legitimate access is blocked to the resources of the network [15]. Destroying availability of the cloud computing can be by either Denial of Service (DoS) or Distributed Denial of Service (DDoS) [16]. DDoS attacks are defined as attempts for making the resources of the system or the network inaccessible to its planned users. The attacks of DDoS are sent by at least two persons, or bot [17], as one system sends DoS attacks, a bot is a traded off gadget created when a PC is entered by the programming of a malware code. Cloud computing is a developing worldview that enables clients to get cloud resources and services that depend on self-administration, action plan of pay-by utilize, and on-demand. Service Level Agreements (SLA) manages the expenses that the cloud clients need to pay for the offered Quality of Service (QoS) [18]. Cloud computing has not been in real without the base of networking support [19]. Nowadays, a new worldview in networking because of the great interest which attracted by SDN. The data plane and control functions are decoupled in SDN, the network intelligence is logically centralized, and abstracting the basic infrastructure of the network from the applications [20]. Basically, SDN technology has been integrated with cloud computing, that can enormously enhance scalability, dynamism, controllability, and cloud manageability [21]. A new type of cloud is SDN-based cloud in which SDN technology is utilized to get control on the network infrastructure and to give networking-as-a-service (NaaS) in the environment of cloud computing [22]. Security has been viewed as the require boundary of the improvement of cloud computing [23]. Good characteristics of SDN provide new chances to overcome attacks in the environment of cloud computing [24]. Investigating a strategy for mitigation DoS attacks, focusing on the most critical distributed energy resource (DER) in an isolated micro-grid characterizes a high entrance of renewable. The operation of energy storage system (ESS) has been isochronous generator that structures and manages the micro-grid frequency and voltage. A fallback of a rule-based control technique is proposed to improve the resiliency of the micro-grid to the attacks of DoS by dealing with the ESS state-of-charge (SOC) in a decentralized way, such that it can keep on working as the isochronous DER, while dispatching the rest of DERs in a centralized way [25]. Dynamically allocating the resources of the channels in wireless network to enhance spectral efficiency, being a way of collisions, and participating a medium access control (MAC) protocol among its users with each other utilization. An attacker that traded off the network can dispatch wrecking DoS attacks more than a network outsider by sending excessive reservation requests to waste bandwidth, by providing power-efficient jamming and receiving control messages, by misrepresenting data to manipulate the network control, and so on [26]. Tow type of modes of switching in which rules can be installed:
سنة النشر :
2017
ملخص البحث :
رجوع
