Design Issues of Enhanced DDoS Protecting Scheme under the Cloud Computing Environment

• Main Authors: LI, YU-ZHAN, 李毓展
• Other Authors: YANG, SHIN-JER
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/74132183381232999660

碩士 === 東吳大學 === 資訊管理學系 === 104 === Due to the growth of the Internet and the increase of data, many companies have begun to migrate their data services from the Web to the Cloud, but it comes with many security issues, such as Distributed Denial of Service attack (DDoS) and Zero-day attack. However, the DDoS is a critical threat on the cloud computing environment, it attempts to make a machine or network unavailable to their cloud users. Confidence Based Filtering (CBF) is one of the conventional approaches to defending against DDoS under cloud computing environment. Practically, the CBF method is to collect the packets and extract attribute pairs for calculating the score of each packet, then it decides to discard it or not. However, the weight of each attribute pair and the threshold value in the calculation is static in the CBF method. Therefore, we propose a novel method called N-CBF that improves these drawbacks of the CBF method. First, the N-CBF scheme can dynamically adjust the weight values of each attribute pair. Second, each packet will have the unique threshold value. Third, we performed simulations to compare and analyze the effectiveness and efficiency of N-CBF scheme according to the KPIs. Finally, the simulation results indicate that the proposed N-CBF scheme can obtain higher detection and better accuracy ratios about average of 8.04% and 2.48% than CBF, respectively. But, we need to pay a little overhead in average processing time. Consequently, the N-CBF can support more refined and robust protection mechanisms against DDoS attacks and also provide a more secure cloud computing environment.