pTrace: A Counter Technology of DDoS Attack Source for Controllable Cloud Computing

Li Baohui; Xu Kefu; Zhang Peng; Guo Li

doi:10.7544/issn1000-1239.2015.20150577

Journal of Computer Research and Development > 2015 > 52(10): 2212-2223. > DOI: 10.7544/issn1000-1239.2015.20150577

Li Baohui, Xu Kefu, Zhang Peng, Guo Li. pTrace: A Counter Technology of DDoS Attack Source for Controllable Cloud Computing[J]. Journal of Computer Research and Development, 2015, 52(10): 2212-2223. DOI: 10.7544/issn1000-1239.2015.20150577

Citation:

PDF (2828 KB)

pTrace: A Counter Technology of DDoS Attack Source for Controllable Cloud Computing

Li Baohui^1,2,3,
Xu Kefu^2,3,
Zhang Peng^2,3,
Guo Li^2,3

¹(School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876)
²(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093)
³(National Engineering Laboratory for Information Security Technology (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)

More Information

Published Date: September 30, 2015

Graphical Abstract

Abstract

Abstract

Currently, a growing number of attack sources of distributed denial of service (DDoS) are migrating to cloud computing and bringing a greater security challenge to the whole cyberspace. However, the research on effectively suppressing these attack sources is still deficient. So, this paper proposes a method pTrace to defeat the DDoS attack sources in cloud, which comprising the packet filter module inFilter and the malicious process retroactive module mpTrace. inFilter mainly filters packets with forged source address. And, mpTrace firstly identifies attack streams and their corresponding source addresses, then trace malicious processes based on the obtained source addresses. We have implemented a prototype system under Openstack and Xen environment. Experimental results and analysis show that inFilter can prevent large-scale DDoS attack frombeing launched in cloud center with lower time consumption, and mpTrace can identify a attack flow correctly when its flow rate is about 2.5 times the normal traffic, tracing malicious processes in ms time level. At last, this method reduces the impact both on puppet cloud tenant and the victim outside cloud.
- controllable cloud computing,
- packets filtering,
- malicious program tracebacking,
- information entropy,
- virtual machine introspection

FullText(HTML)

References (0)

[1]	Jiang Yi, Yang Yong, Yin Jiali, Liu Xiaolei, Li Jiliang, Wang Wei, Tian Youliang, Wu Yingcai, Ji Shouling. A Survey on Security and Privacy Risks in Large Language Models[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440265
[2]	Li Nan, Ding Yidong, Jiang Haoyu, Niu Jiafei, Yi Ping. Jailbreak Attack for Large Language Models: A Survey[J]. Journal of Computer Research and Development, 2024, 61(5): 1156-1181. DOI: 10.7544/issn1000-1239.202330962
[3]	Chen Xuanting, Ye Junjie, Zu Can, Xu Nuo, Gui Tao, Zhang Qi. Robustness of GPT Large Language Models on Natural Language Processing Tasks[J]. Journal of Computer Research and Development, 2024, 61(5): 1128-1142. DOI: 10.7544/issn1000-1239.202330801
[4]	Zhang Mi, Pan Xudong, Yang Min. JADE-DB：A Universal Testing Benchmark for Large Language Model Safety Based on Targeted Mutation[J]. Journal of Computer Research and Development, 2024, 61(5): 1113-1127. DOI: 10.7544/issn1000-1239.202330959
[5]	Jin Dongming, Jin Zhi, Chen Xiaohong, Wang Chunhui. ChatModeler: A Human-Machine Collaborative and Iterative Requirements Elicitation and Modeling Approach via Large Language Models[J]. Journal of Computer Research and Development, 2024, 61(2): 338-350. DOI: 10.7544/issn1000-1239.202330746
[6]	Bao Yang, Yang Zhibin, Yang Yongqiang, Xie Jian, Zhou Yong, Yue Tao, Huang Zhiqiu, Guo Peng. An Automated Approach to Generate SysML Models from Restricted Natural Language Requirements in Chinese[J]. Journal of Computer Research and Development, 2021, 58(4): 706-730. DOI: 10.7544/issn1000-1239.2021.20200757
[7]	Wang Ye, Chen Junwu, Xia Xin, Jiang Bo. Intelligent Requirements Elicitation and Modeling: A Literature Review[J]. Journal of Computer Research and Development, 2021, 58(4): 683-705. DOI: 10.7544/issn1000-1239.2021.20200740
[8]	Tan Liang, Zhou Mingtian. XSSA/ADL: An XML-Based Security Requirement Architecture Description Language[J]. Journal of Computer Research and Development, 2007, 44(5): 737-747.
[9]	Yu Hao, Bu Fenglin, Gao Jianfeng. Perceptron for Language Modeling[J]. Journal of Computer Research and Development, 2006, 43(2): 260-267.
[10]	Li Jie, Qin Yanyan, Tian Feng, and Dai Guozhong. CoPenML: An XML-Based Component Architecture for Pen-Based User Interface[J]. Journal of Computer Research and Development, 2005, 42(7): 1143-1152.