ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (8): 1873-1882.doi: 10.7544/issn1000-1239.2015.20140608

• 信息安全 • 上一篇    下一篇



  1. 1(西安理工大学计算机科学与工程学院 西安 710048); 2(西安电子科技大学计算机学院 西安 710071)(
  • 出版日期: 2015-08-01
  • 基金资助: 

Game Optimization for Internal DDoS Attack Detection in Cloud Computing

Wang Yichuan1,2, Ma Jianfeng2, Lu Di2,Zhang Liumei2,Meng Xianjia2   

  1. 1(Faculty of Computer Science and Engineering, Xi’an University of Technology, Xi’an 710048); 2(School of Computer Science and Technology, Xidian University, Xi’an 710071)
  • Online: 2015-08-01

摘要: 结合传统基于虚拟机内省(virtual machine introspection-based, VMI)和基于网络(network-based)入侵检测系统(intrusion detection system, IDS)的特点,提出一种部署在云服务器集群内部的协同入侵检测系统(virtual machine introspection & network-based IDS, VMI-N-IDS)来抵御云环境内部分布式拒绝服务攻击(distributed denial of service, DDoS)攻击威胁,比如“云滴冻结”攻击.将入侵检测系统和攻击者看作是博弈的双方,提出一种针对云服务器集群内部DDoS攻击与检测的博弈论模型;分别给出博弈双方的效用函数,并证明了该模型子博弈精炼纳什均衡;给出了权衡误报率和恶意软件规模控制的最佳防御策略,解决了动态调整云环境内部入侵检测策略的问题.实验表明,VMI-N-IDS能够有效抵御云环境内部DDoS攻击威胁.

关键词: 云计算, 网络安全, 入侵检测, DDoS攻击, 博弈论

Abstract: A collaborative intrusion detection system (IDS) model, entitled virtual machine introspection & network-based IDS (VMI-N-IDS) is proposed, which is based on traditional introspection-based IDS and network-based IDS, for the defense of internal distributed denial of service (DDoS) attack threat of cloud cluster ( droplets freezing, CDF Attack). The CDF attack can exhaust the internal bandwidth of the cluster, the CPU and the memory resources of physical servers. Based on the game theory, IDS and attacker are treated as the two game parties in the VMI-N-IDS model. Utility functions of the two parties are supported, and it is proved that the game model is a non-cooperative and repeated game of incomplete information, and the subgame perfect Nash equilibrium is existent. Finally, the optimal defense strategy is proposed, which is the tradeoff between the false alarm rate and the malicious software size control, for solving the problem of dynamical adjustment strategy of internal intrude detection. The best strategy for the stages of IDS is to increase the threshold value β when the mathematical expectation of the suspicious value is greater than the load of server resources, and to reduce such value conversely. Experimental result shows that the proposed method can effectively defense the internal DDoS attack threat in the cloud environment.

Key words: cloud computing, network security, intrusion detection, DDoS attack, game theory