ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2021, Vol. 58 ›› Issue (4): 822-833.doi: 10.7544/issn1000-1239.2021.20200183

Previous Articles     Next Articles

A Trust-Based DDoS Discovery Approach for Encrypted Traffic in Cloud Environment

Pan Yuting, Lin Li   

  1. (College of Computer Science,Faculty of Information Technology,Beijing University of Technology,Beijing 100124) (Beijing Key Laboratory of Trusted Computing(Beijing University of Technology),Beijing 100124)
  • Online:2021-04-01
  • Supported by: 
    This work was supported by the National Natural Science Foundation of China (61502017) and the Scientific Research Common Program of Beijing Municipal Commission of Education (KM201710005024).

Abstract: In the cloud environment, DDoS(distributed denial of service) attacks may be more covert, easier to launch and potentially larger because data flow can be encrypted. A trust-based DDoS attack discovery approach for the encrypted traffic in the cloud environment called TruCTCloud is proposed. Firstly, a trust evaluation mechanism is introduced to filter the non-attack traffic of legitimate tenants by exploiting signature of the cloud service itself with the other environmental factors, and then the sensitive information contained in legitimate tenants’ traffic is guaranteed. Secondly, a traffic classification algorithm based on the kNN(k-nearest neighbors) is proposed to detect and identify for the filtered encrypted traffic and other unencrypted traffic, where five kinds of characteristics including flow median of packets per flow, flow median of bytes per flow, percentage of correlative flow, port growth rate and source IP growth rate are introduced to construct a Ball-tree data structure of characteristics. Finally, some experiments are conducted to evaluate the proposed method in the OpenStack cloud platform. The results suggest that our method can quickly detect the abnormal traffic or early traffic of DDoS attack and effectively protect the sensitive traffic information of legitimate users from the DDoS attack.

Key words: cloud environment, DDoS attack discovery, trust-based filtering, encrypted flow detection, kNN algorithm

CLC Number: