Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems. / Alarifi, Suaad; Wolthusen, Stephen D.

Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014). Springer-Verlag, 2014. p. 73.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems. / Alarifi, Suaad; Wolthusen, Stephen D.

Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014). Springer-Verlag, 2014. p. 73.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Alarifi, S & Wolthusen, SD 2014, Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems. in Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014). Springer-Verlag, pp. 73. https://doi.org/10.1007/978-3-662-44885-4_6

APA

Alarifi, S., & Wolthusen, S. D. (2014). Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems. In Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014) (pp. 73). Springer-Verlag. https://doi.org/10.1007/978-3-662-44885-4_6

Vancouver

Alarifi S, Wolthusen SD. Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems. In Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014). Springer-Verlag. 2014. p. 73 https://doi.org/10.1007/978-3-662-44885-4_6

Author

Alarifi, Suaad ; Wolthusen, Stephen D. / Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems. Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014). Springer-Verlag, 2014. pp. 73

BibTeX

@inproceedings{3f9b878c752a445494f33c908338c00e,
title = "Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems",
abstract = "Public IaaS cloud environments are vulnerable to misbehaving applications and virtual machines. Moreover, cloud service availability, reliability, and ultimately reputation is specifically at risk from Denial of Service forms as it is based on resource over-commitment.In this paper, we describe a stealthy randomised probing strategy to learn thresholds used in the process of taking migration decisions in the cloud (i.e. reverse engineering of migration algorithms). These discovered thresholds are used to design a more efficient, harder to detect, and robust cloud DoS attack family. A sequence of tests is designed to extract and reveal these thresholds; these are performed by coordinating stealthily increased resource consumption among attackers whilst observing cloud management reactions to the increased demand. We can learn the required parameters by repeating the tests, observing the cloud reactions, and analysing the observations statistically. Revealing these hidden parameters is a security breach by itself; furthermore, they can be used to design a hard-to-detect DoS attack by stressing the host resources using a precise amount of workload to trigger migration. We design a formal model for migration decision processes, create a dynamic algorithm to extract the required hidden parameters, and demonstrate the utility with a specimen DoS attack.",
author = "Suaad Alarifi and Wolthusen, {Stephen D.}",
year = "2014",
doi = "10.1007/978-3-662-44885-4_6",
language = "English",
pages = "73",
booktitle = "Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)",
publisher = "Springer-Verlag",

}

RIS

TY - GEN

T1 - Dynamic Parameter Reconnaissance for Stealthy DoS Attack within Cloud Systems

AU - Alarifi, Suaad

AU - Wolthusen, Stephen D.

PY - 2014

Y1 - 2014

N2 - Public IaaS cloud environments are vulnerable to misbehaving applications and virtual machines. Moreover, cloud service availability, reliability, and ultimately reputation is specifically at risk from Denial of Service forms as it is based on resource over-commitment.In this paper, we describe a stealthy randomised probing strategy to learn thresholds used in the process of taking migration decisions in the cloud (i.e. reverse engineering of migration algorithms). These discovered thresholds are used to design a more efficient, harder to detect, and robust cloud DoS attack family. A sequence of tests is designed to extract and reveal these thresholds; these are performed by coordinating stealthily increased resource consumption among attackers whilst observing cloud management reactions to the increased demand. We can learn the required parameters by repeating the tests, observing the cloud reactions, and analysing the observations statistically. Revealing these hidden parameters is a security breach by itself; furthermore, they can be used to design a hard-to-detect DoS attack by stressing the host resources using a precise amount of workload to trigger migration. We design a formal model for migration decision processes, create a dynamic algorithm to extract the required hidden parameters, and demonstrate the utility with a specimen DoS attack.

AB - Public IaaS cloud environments are vulnerable to misbehaving applications and virtual machines. Moreover, cloud service availability, reliability, and ultimately reputation is specifically at risk from Denial of Service forms as it is based on resource over-commitment.In this paper, we describe a stealthy randomised probing strategy to learn thresholds used in the process of taking migration decisions in the cloud (i.e. reverse engineering of migration algorithms). These discovered thresholds are used to design a more efficient, harder to detect, and robust cloud DoS attack family. A sequence of tests is designed to extract and reveal these thresholds; these are performed by coordinating stealthily increased resource consumption among attackers whilst observing cloud management reactions to the increased demand. We can learn the required parameters by repeating the tests, observing the cloud reactions, and analysing the observations statistically. Revealing these hidden parameters is a security breach by itself; furthermore, they can be used to design a hard-to-detect DoS attack by stressing the host resources using a precise amount of workload to trigger migration. We design a formal model for migration decision processes, create a dynamic algorithm to extract the required hidden parameters, and demonstrate the utility with a specimen DoS attack.

U2 - 10.1007/978-3-662-44885-4_6

DO - 10.1007/978-3-662-44885-4_6

M3 - Conference contribution

SP - 73

BT - Proceedings of the 15th Joint IFIP TC6/TC11 Conference on Communications and Multimedia Security (CMS 2014)

PB - Springer-Verlag

ER -