A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack

Karnwal, Tarun; Sivakumar, T.; Aghila, G.

doi:10.1109/sceecs.2012.6184829

Cited by 70 publications

(36 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are many taxonomies detailing cloud vulnerabilities and attacks (Khajeh-Hosseini et al, 2010;Karnwal et al, 2012;Chonka and Abawajy, 2012;Aliyev et al, 2013;Dahbur et al, 2011;Grobauer et al, 2011). As such, it can be inferred that as the use of the cloud in organisations develops, so will the rate of DDoS attacks.…”

Section: Methods For Intrusion Detection In the Cloud Environmentmentioning

confidence: 99%

Hosting critical infrastructure services in the cloud environment considerations

MacDermott

Shi

Merabti

et al. 2015

IJCIS

View full text Add to dashboard Cite

Hosting critical infrastructure services in the cloud environment considerations http://researchonline.ljmu.ac.uk/6934/ Article LJMU has developed LJMU Research Online for users to access the research output of the University more effectively. Copyright © and Moral Rights for the papers on this site are retained by the individual authors and/or other copyright owners. Users may download and/or print one copy of any article(s) in LJMU Research Online to facilitate their private study or for non-commercial research. You may not engage in further distribution of the material or use it for any profit-making activities or any commercial gain.The version presented here may differ from the published version or from the version of the record. Please see the repository URL above for details on accessing the published version and note that access may require a subscription. Abstract: Critical infrastructure technology vendors will inevitability take advantage of the benefits offered by the cloud computing paradigm. While this may offer improved performance and scalability, the associated security threats impede this progression. Hosting critical infrastructure services in the cloud environment may seem inane to some, but currently remote access to the control system over the internet is commonplace. This shares the same characteristics as cloud computing, i.e., on-demand access and resource pooling. There is a wealth of data used within critical infrastructure. There needs to be an assurance that the confidentiality, integrity and availability of this data remains. Authenticity and non-repudiation are also important security requirements for critical infrastructure systems. This paper provides an overview of critical infrastructure and the cloud computing relationship, whilst detailing security concerns and existing protection methods. Discussion on the direction of the area is presented, as is a survey of current protection methods and their weaknesses. Finally, we present our observation and our current research into hosting critical infrastructure services in the cloud environment, and the considerations for detecting cloud attacks.

show abstract

Section: Methods For Intrusion Detection In the Cloud Environmentmentioning

confidence: 99%

Hosting critical infrastructure services in the cloud environment considerations

MacDermott

Shi

Merabti

et al. 2015

IJCIS

View full text Add to dashboard Cite

show abstract

“…Due to the distributed nature of the Cloud environment, attacks such as Denial of Service (DoS) which are distributed (DDoS), HTTP and XML-based DDoS are found to be more destructive than the traditional DDoS [23]. These research have found that traditional firewalls, network intrusion detection and prevention (IDP) systems are not adequate to defend against DDoS, XMLDoS and HTTP-DoS attacks.…”

Section: -Y Chan Et Al / Intrusion Detection and Prevention Of Web mentioning

confidence: 99%

“…While PaaS and IaaS inherit mainly the systems and networks' vulnerabilities, intrusion detection research has focused on addressing HTTP anomalies, HTTP-DoS and DDoS using host and network-based Table 1a provides further details [5,7,12,17,19,23,25]. There are other research [2-4, 6, 8, 14] that have demonstrated and validated the capabilities of their Cloud-based ID systems with satisfactory results in detecting mainly network DoS and DDoS.…”

Section: Related Workmentioning

confidence: 99%

“…It is mentioned in [23] that Cloud hosted Web application crashes at approximately 3000 concurrent user sessions under a DDoS attack in about 20 minutes. Our experimental results as mentioned above has proven that even with a work load of 5000 concurrent users submitting transactions with some of the transactions being malicious or suspiciously malicious within 300 seconds, our FAR IDP system can still perform and normal transactions are protected against attacks with a success rate of close to 95%.…”

Section: Performance Of the Idp Systems In The Cloud Platform With Timentioning

confidence: 99%

See 1 more Smart Citation

Intrusion detection and prevention of web service attacks for software as a service: Fuzzy association rules vs fuzzy associative patterns

Chan

Chua

Lee

2016

IFS

View full text Add to dashboard Cite

“…The main technology of web services is XML that can be understood by web service IDSs, meaning that, web services are considered as the main parts of today's web applications and hence, intrusion detection systems are helpful in protecting the web services (Najjar and Azgomi, 2010). Firewalls can secure the organizations network, but they have two open TCP ports that are utilized for transmitting requests in web services (for HTTP port 80 and for HTTPS port 447) (Karnwal et al, 2012). Data mining approaches for intrusion detection system is designed as in-depth defense mechanism and acts behind the firewalls within the security structure of an enterprise.…”

Section: Intrusion Detection System (Ids) and Web Servicesmentioning

confidence: 99%

A Survey of Anomaly Detection Using Data Mining Methods for Hypertext Transfer Protocol Web Services

Kakavand

Mustapha

Abdullah

et al. 2015

Journal of Computer Science

View full text Add to dashboard Cite

Abstract:In contrast to traditional Intrusion Detection Systems (IDSs), data mining anomaly detection methods/techniques has been widely used in the domain of network traffic data for intrusion detection and cyber threat. Data mining is widely recognized as popular and important intelligent and automatic tools to assist humans in big data security analysis and anomaly detection over IDSs. In this study we discuss our review in data mining anomaly detection methods for HTTP web services. Today, many online careers and actions including online shopping and banking are running through web-services. Consequently, the role of Hypertext Transfer Protocol (HTTP) in web services is crucial, since it is the standard facilitator for communication protocol. Hence, among the intruders that bound attacks, HTTP is being considered as a vital middle objective. In the recent years, an effective system that has attracted the attention of the researchers is the anomaly detection which is based on data mining methods. We provided an overview on four general data mining techniques such as classification, clustering, semi-supervised and association rule mining. These data mining anomaly detection methods can be used to computing intelligent HTTP request data, which are necessary in describing user behavior. To meet the challenges of data mining techniques, we provide challenges and issues section for intrusion detection systems in HTTP web services.

show abstract

A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack

Cited by 70 publications

References 10 publications

Hosting critical infrastructure services in the cloud environment considerations

Hosting critical infrastructure services in the cloud environment considerations

Intrusion detection and prevention of web service attacks for software as a service: Fuzzy association rules vs fuzzy associative patterns

A Survey of Anomaly Detection Using Data Mining Methods for Hypertext Transfer Protocol Web Services

Contact Info

Product

Resources

About