Presentation is loading. Please wait.

Presentation is loading. Please wait.

Minimizing the Impact of Denial of Service Attacks on a Virtualized Cloud Adel Abusitta, PhD Student (First year) Supervisors: Pr. Martine Bellaiche and.

Published byCamilla Jennings Modified over 9 years ago

Similar presentations

Presentation on theme: "Minimizing the Impact of Denial of Service Attacks on a Virtualized Cloud Adel Abusitta, PhD Student (First year) Supervisors: Pr. Martine Bellaiche and."— Presentation transcript:

1 Minimizing the Impact of Denial of Service Attacks on a Virtualized Cloud Adel Abusitta, PhD Student (First year) Supervisors: Pr. Martine Bellaiche and Pr. Michel Dagenais

2 Introduction The industry push is increasingly shifting towards cloud-based services and applications. The main reason for that is because cloud user can reduce spending on technology infrastructure.

3 Introduction(cont.) Virtualization has been proposed as an architecture to increase resource utilization, improving services and applications quality.

4 Problem statement Virtualized systems are vulnerable to different type of attacks such as: denial-of-service (DoS) attacks. DoS attacks in virtualization occurs when one VM drains all the available physical resources, such that the hypervisor can’t support more VMs, and availability is imperiled.

5 Problem statement (cont.) The existing approaches to prevent DoS attacks are based on limiting resource allocation using simple configurations.

6 Problem statement (cont.) However, these approaches are limited to understanding different behaviors of different applications.

7 Problem statement (cont.) A recent survey about applications behavior shows that busy applications are not always under attack but may be overwhelmed by a large number of legitimate clients.

8 Proposed Architecture

9 Data gathering component: obtaining information about virtual machines(e.g, workload, activities and events)

10 Proposed Architecture Learning component: aims to understand the behavior of the VMs (e.g, normal workload under different frames of time)

11 Proposed Architecture Detection component: Having learned the behavior of the VMs from the second component, the detection component identifies the suspicious VMs.

12 Proposed Architecture Negotiation Component : aims to find the optimal decision making strategy that minimizes the resources wasting during DoS attack.

13 Proposed Architecture The negotiation is made between the host and the suspicious VM. The host will decide whether to apply limitation directly on the VM shared resources or to give the suspicious VM some time hoping the abnormal behavior will be overcomed.

14 Proposed Architecture The decision will be taken based on several factors, such as: the workload history of the suspicious VM and the available resources on the host.

15 Conclusion  A denial-of-service (DoS) attack in virtualization occurs when one or more VM drain all the available physical resources, such that the hypervisor can’t support more VMs, and availability is imperiled.  The existing approaches to prevent DoS attacks are based on limiting resource allocation using simple configurations.  These approaches are limited to understanding different behaviors of different applications.  Busy applications are not always under attack but may be overwhelmed by a large number of legitimate clients.  An optimal decision making strategies are required to minimize the resources wasting during DoS attack.

16 References http://www.slideshare.net/LarryCover/baremetal-docker-containers-and-virtualization- the-growing-choices-for-cloud-applications https://www.acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http- server/ http://www.lookfordiagnosis.com/mesh_info.php?term=Behavior&lang=1 http://santaguidafinefoods.com/10292-2/http://santaguidafinefoods.com/10292-2/ http://www.hardwarezone.com.sg/feature-tech-trends08-virtualization/virtualizations- impact

17 Thank You… 17

Download ppt "Minimizing the Impact of Denial of Service Attacks on a Virtualized Cloud Adel Abusitta, PhD Student (First year) Supervisors: Pr. Martine Bellaiche and."

Similar presentations

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Application of Bayesian Network in Computer Networks Raza H. Abedi.

Application of Bayesian Network in Computer Networks Raza H. Abedi.
Kenichi Kourai (Kyushu Institute of Technology) Takeshi Azumi (Tokyo Institute of Technology) Shigeru Chiba (Tokyo University) A Self-protection Mechanism.

Kenichi Kourai (Kyushu Institute of Technology) Takeshi Azumi (Tokyo Institute of Technology) Shigeru Chiba (Tokyo University) A Self-protection Mechanism.
Green Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science and Technology,

Green Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science and Technology,
Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI.

Securing The Cloud What is the Cloud? How do you lock it down? Kevin King - Senior Technical Instructor ● Infrastructructure/Cloud Consulting | MCT CCSI.
Application Models for utility computing Ulrich (Uli) Homann Chief Architect Microsoft Enterprise Services.

Application Models for utility computing Ulrich (Uli) Homann Chief Architect Microsoft Enterprise Services.
Diagnosis on Computational Grids for Detecting Intelligent Cheating Nodes Felipe Martins Rossana M. Andrade Aldri L. dos Santos Bruno SchulzeJosé N. de.

Diagnosis on Computational Grids for Detecting Intelligent Cheating Nodes Felipe Martins Rossana M. Andrade Aldri L. dos Santos Bruno SchulzeJosé N. de.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
12/6/2010CS 591 - Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.

Agenda Who needs an Architect? Cloud and Security Key Security Differences in Private Cloud Cloud Security Challenges Secondary to Essential Characteristics.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
By- Jaideep Moses, Ravi Iyer , Ramesh Illikkal and

By- Jaideep Moses, Ravi Iyer , Ramesh Illikkal and
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Exploiting Virtualization for Delivering Cloud based IPTV Services 2012.03.23 Speaker : 吳靖緯 MA0G0101 2011 IEEE Conference on Computer Communications Workshops.

Exploiting Virtualization for Delivering Cloud based IPTV Services Speaker : 吳靖緯 MA0G IEEE Conference on Computer Communications Workshops.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Network Problems and Solutions M. Sc. Juan Carlos Olivares Rojas

Network Problems and Solutions M. Sc. Juan Carlos Olivares Rojas

Similar presentations

Ads by Google