Electronics Phu Quoc island, Vietnam | Jan 13th – 15th, 2021 Economic Denial of Sustainability (EDoS) Detection Using GANs in SDN-based Cloud D. Phuc Trinh, Minho Park - Soongsil University, Seoul, South Korea [email protected]
Proposed Scheme V. Implemental Setup VI. Performance Evaluation VII. Conclusion & Future Work The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021
Kiah, M. A Manazir Ahsan - Published 2017, Computer Science, 2017 International Conference on Electrical Engineering and Computer Science (ICECOS) Figure 1: EDoS Attacks in Cloud Computing The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 Cloud Computing offers some of the exclusive features such as payment according to usage, elasticity, auto scalability, which are considered an opportune demand over traditional computing services. A cloud service provider generally auto-scales up the resources for a customer to satisfy the service level agreements (SLA) for the availability of the service for the customer and charges the customer for the use. EDoS attacks exploit this feature to make the cloud unsustainable by fading the cloud billing mechanism to charge the cloud user's bill for the attack's activities. 1/21
attack, the attacker’s goal is to disrupt the services offered by a cloud service provider. Therefore, in most of the cases, DDoS attackers irrationally launch an attack over a short amount of time with their maximum resources. • The purpose of such an attack is to shut down the service completely or significantly degrade the service quality. • Conversely, in EDoS attacks, attackers are typically more clever and highly rational. They particularly target an individual or specific group of cloud users. They gradually push illegitimate traffic over a longer period of time. Their motivation is to increase the financial cost incurred by the targeted cloud user through the over-provisioning of cloud resources. Figure 2. EDoS attack region with attack strength The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 2/21
functions are normally public to internet customers. Therefore, EDoS attackers exploit this to launch more VNFs or other reasons. • Existing solutions addressing EDoS attacks are mainly hard-threshold-based solutions which cause high false-alarm rates. Also, they work well only for a certain distribution of attack traffic, i.e. Poisson distribution. Moreover, they only focus on some specific types of attack, which are just temporary solutions. • There is still a trade-off between resource consumption and detection performance of an EDoS defender. Therefore, it is a tough challenge to find a solution that satisfies both resource usage and detection performance. The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 3/21
hybrid scheme to detect effectively such a stealthy attack as EDoS by leveraging the combination of GANs and LSTM-RNN, and then utilizing the Dynamic Error Threshold to dynamically set the optimal threshold to differentiate between normal and abnormal traffic. • We study common types of EDoS attacks in traditional clouds and introduce a new viewpoint of EDoS attacks in the SDN environment. • Our experiments are conducted in a real cloud computing environment using OpenStack integrated with the SDN environment using ONOS controller, but it can be easily applied to other controllers. The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 4/21
the SDN-based cloud, cloud consumers are typically monitored with multivariate time series, whose anomaly detection is critical for service quality management. • Networking metrics such as Memory usage, CPU load, TCP connections and etc are supervised by a network administrator, and when an EDoS attack is launched, one of the selected features will suddenly change their values. • Thus, we need an intelligent model to discover any changes in values of multiple time series simultaneously to detect EDoS. The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 5/21 Figure 3. Multivariate time-series detection
in our proposal, an algorithm called LSTM is adopted for multivariate time series anomaly detection. By learning from historical data and then using live data to predict future values, we compare the values with a dynamic error threshold to determine anomalies. • Because of that our proposed scheme is very a practical and effective approach to detect such a stealthy attack like EDoS. Figure 4. Conceptual Architecture of our proposed scheme The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 6/21
Conceptual Architecture of our proposed scheme in which SDN architecture synchronized with OpenStack controller and it is an extension in the Control Plane. The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 7/21
Detailed architecture modules synchronized OpenStack controller located in the SDN application layer. The 8th IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 8/21
IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 9/21 ➢ Data Collector: this module simply runs in the SDN controller. It collects data from both OpenFlow statistics and the utilization rate of the physical and virtual resources comprising deployed clouds.
IEEE ICCE, Phu Quoc island, Vietnam | Jan 13th – 15th , 2021 10/21 ➢ Feature Extractor: it extracts data information from Data Collector to take out several attributes, as shown in Table II. These features are key features which are selected by Recursive Feature Elimination (RFE) technique using Logistic Regression. 13/38 features are selected
Quoc island, Vietnam | Jan 13th – 15th , 2021 ➢ Feature Transformation & normalization: at this stage, all the categorical features, which are extracted in the previous stage, are transformed from categorical data into numeric by using One-Hot encoding technique. After the transformation, the data needs to be normalized, and its formula can be expressed as: z = (x − µ) / σ where • x is the value that is standardized • µ is the mean of the distribution • σ is the standard deviation of the distribution This module not only significantly improves the predictive power, but also offers a model training for faster to run and more easily understood. 12/21
Quoc island, Vietnam | Jan 13th – 15th , 2021 21/21 • In this paper, we propose a new approach - multivariate time series anomaly detection integrated with a dynamic error threshold, to mitigate EDoS attacks in SDN-based cloud environment. • The evaluation section shows that our proposed scheme is very efficient in both terms of accuracy and resource consumption. • As our future work, we expect to evaluate our proposed scheme and compare our proposal with other existing works using more evaluation criteria.
trinhdinhphuc
sofievl
nttcom
gpeyre
tsantalis
yuyay
ran350
comfortdesignlab
aiueola
kmorita1111
kingqwert
javiergs
smashingmag
dougneiner
holman
mongodb
paigeccino
reverentgeek
revolveconf
kevinliebholz
jcasabona
michaelherold
dotmariusz
denniskardys
