Abstract
Virtual machines (VM) migration can improve availability, manageability, performance and fault tolerance of systems. Current migration researches mainly focus on the promotion of the efficiency by using shared storage, priority-based policy etc.. But the effect of migration is not well concerned. In fact, once physical servers are overloaded from denial-of-service attack (DDoS) attack, a hasty migration operation not only unable to alleviate the harm of the attack, but also increases the harmfulness. In this paper, a novel DDoS attack, Cloud-Droplet-Freezing (CDF) attack, is described according to the characteristics of cloud computing cluster. Our experiments show that such attack is able to congest internal network communication of cloud server cluster, whilst consume resources of physical server. Base on the analysis of CDF attack, we highlight the method of evaluating potential threats hidden behind the normal VM migration and analyze the flaws of existing intrusion detection systems/prevention system for defensing the CDF attack.
Similar content being viewed by others
References
Alliance, C.: Security Guidance for Critical Areas of Focus in Cloud Computing v3. 0. Cloud Security Alliance (2011)
Amazon: Amazon EC2 Pricing. (2014). http://aws.amazon.com/en/ec2/pricing/
Bakshi, A., Yogesh, B.: Securing cloud from ddos attacks using intrusion detection system in virtual machine. In: Communication Software and Networks, 2010. ICCSN’10. Second International Conference on, pp. 260–264. IEEE (2010)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)
Bradford, R., Kotsovinos, E., Feldmann, A., Schiöberg, H.: Live wide-area migration of virtual machines including local persistent state. In: Proceedings of the 3rd international conference on Virtual execution environments, pp. 169–179. ACM (2007)
Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic. Comput. Netw. 56(1), 20–33 (2012)
Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation-Volume 2, pp. 273–286. USENIX Association (2005)
Dhage, S.N., Meshram, B.: Intrusion detection system in cloud computing environment. Int. J. Cloud Comput. 1(2), 261–282 (2012)
Fraser, K., Hand, S., Neugebauer, R., Pratt, I., Warfield, A., Williamson, M.: Safe hardware access with the Xen virtual machine monitor. In: 1st Workshop on Operating System and Architectural Support for the on Demand IT InfraStructure (OASIS) (2004)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed Systems Security Symposium, pp. 191–206 (2003)
Hacker, T.J., Romero, F., Nielsen, J.J.: Secure live migration of parallel applications using container-based virtual machines. Int. J. Space-Based Situat. Comput. 2(1), 45–57 (2012)
IBM: Cloud Computing Security. http://www.zurich.ibm.com/csc/security/securevirt.html. IBM Research-Zurich
Jiang, B., Wu, J., Zhu, X., Hu, D.: Priority-based live migration of virtual machine. In: Park, J.J., Arabnia, H.R., Kim, C., Shi, W., Gil. J.-M. (eds.) Grid and Pervasive Computing, pp. 376–385. Springer, Berlin (2013)
Jo, C., Gustafsson, E., Son, J., Egger, B.: Efficient live migration of virtual machines using shared storage. In: Proceedings of the 9th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 41–50. ACM (2013)
Laureano, M., Maziero, C., Jamhour, E.: Intrusion detection in virtual machine environments. In: Euromicro Conference, 2004. Proceedings. 30th, pp. 520–525. IEEE (2004)
Liu, C.L., Layland, J.W.: Scheduling algorithms for multiprogramming in a hard-real-time environment. J. ACM (JACM) 20(1), 46–61 (1973)
Liu, J., Huang, W., Abali, B., Panda, D.K.: High performance VMM-bypass I/O in virtual machines. Proc. Annu. Conf. USENIX 6, 3–3 (2006)
Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEEE Commun. Mag. 40(10), 76–82 (2002)
Milojičić, D.S., Douglis, F., Paindaveine, Y., Wheeler, R., Zhou, S.: Process migration. ACM Comput. Surv. (CSUR) 32(3), 241–299 (2000)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)
Networks, A.: Anatomy of a Botnet. Tech. rep., Arbor Networks (2010)
OpenStack: OpenStack Installation Guide for Red Hat Enterprise Linux, CentOS, and Fedora. (2012). http://docs.openstack.org/icehouse/install-guide/install/yum/content/index.html
Popa, L., Kumar, G., Chowdhury, M., Krishnamurthy, A., Ratnasamy, S., Stoica, I.: FairCloud: sharing the network in cloud computing. In: Proceedings of the ACM SIGCOMM 2012 conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 187–198. ACM (2012)
Roschke, S., Cheng, F., Meinel, C.: An extensible and virtualization-compatible IDS management architecture. In: Information Assurance and Security, 2009. IAS’09. Fifth International Conference on, vol. 2, pp. 130–134. IEEE (2009)
Shetty, J., MR, A., et al.: A survey on techniques of secure live migration of virtual machine. Int. J. Comput. Appl. 39(12), 34–39 (2012)
Shieh, A., Kandula, S., Greenberg, A., Kim, C., Saha, B.: Sharing the data center network. In: Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, pp. 23–23. USENIX Association (2011)
Slaviero, M.: BlackHat presentation demo vids: Amazon, part 4 of 5, AMIBomb, August 8, 2009 (2009)
Stoica, I., Shenker, S., Zhang, H.: Core-Stateless Fair Queueing: Achieving Approximately Fair Bandwidth Allocations in High Speed Networks. In: SIGCOMM, pp. 118–130 (1998)
Studer, A., Perrig, A.: The coremelt attack. In: Backes, M., Ning, P. (eds.) Computer Security-ESORICS, pp. 37–52. Springer, Berlin (2009)
Sugerman, J., Venkitachalam, G., Lim, B.H.: Virtualizing I/O devices on VMware workstation’s hosted virtual machine monitor. In: USENIX Annual Technical Conference, General Track, pp. 1–14 (2001)
Voorsluys, W., Broberg, J., Venugopal, S., Buyya, R.: Cost of virtual machine live migration in clouds: a performance evaluation. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing, pp. 254–265. Springer, Berlin (2009)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 3, pp. 1530–1539. IEEE (2002)
Acknowledgments
This paper is supported by Program for Changjiang Scholars and Innovative Research Team in University (IRT1078), The Key Program of NSFC-Guangdong Union Foundation (U1135002), Major national S & T program (2011ZX03005-002), and the Fundamental Research Funds for the Central Universities (JY0900120301).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, Y., Ma, J., Lu, D. et al. From high-availability to collapse: quantitative analysis of “Cloud-Droplet-Freezing” attack threats to virtual machine migration in cloud computing. Cluster Comput 17, 1369–1381 (2014). https://doi.org/10.1007/s10586-014-0388-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-014-0388-6