A collaborative architecture against DDOS attacks for cloud computing systems.

Detalhes bibliográficos
Ano de defesa: 2018
Autor(a) principal: Almeida, Thiago Rodrigues Meira de
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: eng
Instituição de defesa: Biblioteca Digitais de Teses e Dissertações da USP
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Cloud computing
Computação em nuvem
DDOS
SDN
Security
Segurança de redes
SFC
Link de acesso: http://www.teses.usp.br/teses/disponiveis/3/3141/tde-25032019-114624/
Resumo: Distributed attacks, such as Distributed Denial of Service (DDoS) ones, require not only the deployment of standalone security mechanisms responsible for monitoring a limited portion of the network, but also distributed mechanisms which are able to jointly detect and mitigate the attack before the complete exhaustion of network resources. This need led to the proposal of several collaborative security mechanisms, covering different phases of the attack mitigation: from its detection to the relief of the system after the attack subsides. It is expected that such mechanisms enable the collaboration among security nodes through the distributed enforcement of security policies, either by installing security rules (e.g., for packet filtering) and/or by provisioning new specialized security nodes on the network. Albeit promising, existing proposals that distribute security tasks among collaborative nodes usually do not consider an optimal allocation of computational resources. As a result, their operation may result in a poor Quality of Service for legitimate packet flows during the mitigation of a DDoS attack. Aiming to tackle this issue, this work proposes a collaborative solution against DDoS attacks with two main goals: (1) ensure an optimal use of resources already available in the attack\'s datapath in a proactive way, and (2) optimize the placement of security tasks among the collaborating security nodes. Regardless the characteristics of each main goal, legitimate traffic must be preserved as packet loss is reduced as much as possible.
id USP_dbf23c03b80e372963081958edc15bfa
oai_identifier_str oai:teses.usp.br:tde-25032019-114624
network_acronym_str USP
network_name_str Biblioteca Digital de Teses e Dissertações da USP
repository_id_str
spelling A collaborative architecture against DDOS attacks for cloud computing systems.Uma arquitetura colaborativa contra ataques distribuídos de negação de serviço para sistemas de computação em nuvem.Cloud computingComputação em nuvemDDOSSDNSecuritySegurança de redesSFCDistributed attacks, such as Distributed Denial of Service (DDoS) ones, require not only the deployment of standalone security mechanisms responsible for monitoring a limited portion of the network, but also distributed mechanisms which are able to jointly detect and mitigate the attack before the complete exhaustion of network resources. This need led to the proposal of several collaborative security mechanisms, covering different phases of the attack mitigation: from its detection to the relief of the system after the attack subsides. It is expected that such mechanisms enable the collaboration among security nodes through the distributed enforcement of security policies, either by installing security rules (e.g., for packet filtering) and/or by provisioning new specialized security nodes on the network. Albeit promising, existing proposals that distribute security tasks among collaborative nodes usually do not consider an optimal allocation of computational resources. As a result, their operation may result in a poor Quality of Service for legitimate packet flows during the mitigation of a DDoS attack. Aiming to tackle this issue, this work proposes a collaborative solution against DDoS attacks with two main goals: (1) ensure an optimal use of resources already available in the attack\'s datapath in a proactive way, and (2) optimize the placement of security tasks among the collaborating security nodes. Regardless the characteristics of each main goal, legitimate traffic must be preserved as packet loss is reduced as much as possible.Sem resumoBiblioteca Digitais de Teses e Dissertações da USPSimplicio Junior, Marcos AntonioAlmeida, Thiago Rodrigues Meira de2018-12-14info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://www.teses.usp.br/teses/disponiveis/3/3141/tde-25032019-114624/reponame:Biblioteca Digital de Teses e Dissertações da USPinstname:Universidade de São Paulo (USP)instacron:USPLiberar o conteúdo para acesso público.info:eu-repo/semantics/openAccesseng2024-10-09T12:45:40Zoai:teses.usp.br:tde-25032019-114624Biblioteca Digital de Teses e Dissertaçõeshttp://www.teses.usp.br/PUBhttp://www.teses.usp.br/cgi-bin/mtd2br.plvirginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.bropendoar:27212024-10-09T12:45:40Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP)false
dc.title.none.fl_str_mv A collaborative architecture against DDOS attacks for cloud computing systems.
Uma arquitetura colaborativa contra ataques distribuídos de negação de serviço para sistemas de computação em nuvem.
title A collaborative architecture against DDOS attacks for cloud computing systems.
spellingShingle A collaborative architecture against DDOS attacks for cloud computing systems.
Almeida, Thiago Rodrigues Meira de
Cloud computing
Computação em nuvem
DDOS
SDN
Security
Segurança de redes
SFC
title_short A collaborative architecture against DDOS attacks for cloud computing systems.
title_full A collaborative architecture against DDOS attacks for cloud computing systems.
title_fullStr A collaborative architecture against DDOS attacks for cloud computing systems.
title_full_unstemmed A collaborative architecture against DDOS attacks for cloud computing systems.
title_sort A collaborative architecture against DDOS attacks for cloud computing systems.
author Almeida, Thiago Rodrigues Meira de
author_facet Almeida, Thiago Rodrigues Meira de
author_role author
dc.contributor.none.fl_str_mv Simplicio Junior, Marcos Antonio
dc.contributor.author.fl_str_mv Almeida, Thiago Rodrigues Meira de
dc.subject.por.fl_str_mv Cloud computing
Computação em nuvem
DDOS
SDN
Security
Segurança de redes
SFC
topic Cloud computing
Computação em nuvem
DDOS
SDN
Security
Segurança de redes
SFC
description Distributed attacks, such as Distributed Denial of Service (DDoS) ones, require not only the deployment of standalone security mechanisms responsible for monitoring a limited portion of the network, but also distributed mechanisms which are able to jointly detect and mitigate the attack before the complete exhaustion of network resources. This need led to the proposal of several collaborative security mechanisms, covering different phases of the attack mitigation: from its detection to the relief of the system after the attack subsides. It is expected that such mechanisms enable the collaboration among security nodes through the distributed enforcement of security policies, either by installing security rules (e.g., for packet filtering) and/or by provisioning new specialized security nodes on the network. Albeit promising, existing proposals that distribute security tasks among collaborative nodes usually do not consider an optimal allocation of computational resources. As a result, their operation may result in a poor Quality of Service for legitimate packet flows during the mitigation of a DDoS attack. Aiming to tackle this issue, this work proposes a collaborative solution against DDoS attacks with two main goals: (1) ensure an optimal use of resources already available in the attack\'s datapath in a proactive way, and (2) optimize the placement of security tasks among the collaborating security nodes. Regardless the characteristics of each main goal, legitimate traffic must be preserved as packet loss is reduced as much as possible.
publishDate 2018
dc.date.none.fl_str_mv 2018-12-14
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://www.teses.usp.br/teses/disponiveis/3/3141/tde-25032019-114624/
url http://www.teses.usp.br/teses/disponiveis/3/3141/tde-25032019-114624/
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv
dc.rights.driver.fl_str_mv Liberar o conteúdo para acesso público.
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Liberar o conteúdo para acesso público.
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.coverage.none.fl_str_mv
dc.publisher.none.fl_str_mv Biblioteca Digitais de Teses e Dissertações da USP
publisher.none.fl_str_mv Biblioteca Digitais de Teses e Dissertações da USP
dc.source.none.fl_str_mv
reponame:Biblioteca Digital de Teses e Dissertações da USP
instname:Universidade de São Paulo (USP)
instacron:USP
instname_str Universidade de São Paulo (USP)
instacron_str USP
institution USP
reponame_str Biblioteca Digital de Teses e Dissertações da USP
collection Biblioteca Digital de Teses e Dissertações da USP
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da USP - Universidade de São Paulo (USP)
repository.mail.fl_str_mv virginia@if.usp.br|| atendimento@aguia.usp.br||virginia@if.usp.br
_version_ 1818279231730221056

Registros relacionados