A Trust-Based DDoS Discovery Approach for Encrypted Traffic in Cloud Environment

In the cloud environment, DDoS(distributed denial of service) attacks may be more covert, easier to launch and potentially larger because data flow can be encrypted. A trust-based DDoS attack discovery approach for the encrypted traffic in the cloud environment called TruCTCloud is proposed. Firstly, a trust evaluation mechanism is introduced to filter the non-attack traffic of legitimate tenants by exploiting signature of the cloud service itself with the other environmental factors, and then the sensitive information contained in legitimate tenants’ traffic is guaranteed. Secondly, a traffic classification algorithm based on the kNN(k-nearest neighbors) is proposed to detect and identify for the filtered encrypted traffic and other unencrypted traffic, where five kinds of characteristics including flow median of packets per flow, flow median of bytes per flow, percentage of correlative flow, port growth rate and source IP growth rate are introduced to construct a Ball-tree data structure of characteristics. Finally, some experiments are conducted to evaluate the proposed method in the OpenStack cloud platform. The results suggest that our method can quickly detect the abnormal traffic or early traffic of DDoS attack and effectively protect the sensitive traffic information of legitimate users from the DDoS attack.