Skip to main content
Log in

From high-availability to collapse: quantitative analysis of “Cloud-Droplet-Freezing” attack threats to virtual machine migration in cloud computing

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Virtual machines (VM) migration can improve availability, manageability, performance and fault tolerance of systems. Current migration researches mainly focus on the promotion of the efficiency by using shared storage, priority-based policy etc.. But the effect of migration is not well concerned. In fact, once physical servers are overloaded from denial-of-service attack (DDoS) attack, a hasty migration operation not only unable to alleviate the harm of the attack, but also increases the harmfulness. In this paper, a novel DDoS attack, Cloud-Droplet-Freezing (CDF) attack, is described according to the characteristics of cloud computing cluster. Our experiments show that such attack is able to congest internal network communication of cloud server cluster, whilst consume resources of physical server. Base on the analysis of CDF attack, we highlight the method of evaluating potential threats hidden behind the normal VM migration and analyze the flaws of existing intrusion detection systems/prevention system for defensing the CDF attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Alliance, C.: Security Guidance for Critical Areas of Focus in Cloud Computing v3. 0. Cloud Security Alliance (2011)

  2. Amazon: Amazon EC2 Pricing. (2014). http://aws.amazon.com/en/ec2/pricing/

  3. Bakshi, A., Yogesh, B.: Securing cloud from ddos attacks using intrusion detection system in virtual machine. In: Communication Software and Networks, 2010. ICCSN’10. Second International Conference on, pp. 260–264. IEEE (2010)

  4. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)

    Article  Google Scholar 

  5. Bradford, R., Kotsovinos, E., Feldmann, A., Schiöberg, H.: Live wide-area migration of virtual machines including local persistent state. In: Proceedings of the 3rd international conference on Virtual execution environments, pp. 169–179. ACM (2007)

  6. Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic. Comput. Netw. 56(1), 20–33 (2012)

    Article  Google Scholar 

  7. Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation-Volume 2, pp. 273–286. USENIX Association (2005)

  8. Dhage, S.N., Meshram, B.: Intrusion detection system in cloud computing environment. Int. J. Cloud Comput. 1(2), 261–282 (2012)

    Article  Google Scholar 

  9. Fraser, K., Hand, S., Neugebauer, R., Pratt, I., Warfield, A., Williamson, M.: Safe hardware access with the Xen virtual machine monitor. In: 1st Workshop on Operating System and Architectural Support for the on Demand IT InfraStructure (OASIS) (2004)

  10. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed Systems Security Symposium, pp. 191–206 (2003)

  11. Hacker, T.J., Romero, F., Nielsen, J.J.: Secure live migration of parallel applications using container-based virtual machines. Int. J. Space-Based Situat. Comput. 2(1), 45–57 (2012)

    Article  Google Scholar 

  12. IBM: Cloud Computing Security. http://www.zurich.ibm.com/csc/security/securevirt.html. IBM Research-Zurich

  13. Jiang, B., Wu, J., Zhu, X., Hu, D.: Priority-based live migration of virtual machine. In: Park, J.J., Arabnia, H.R., Kim, C., Shi, W., Gil. J.-M. (eds.) Grid and Pervasive Computing, pp. 376–385. Springer, Berlin (2013)

  14. Jo, C., Gustafsson, E., Son, J., Egger, B.: Efficient live migration of virtual machines using shared storage. In: Proceedings of the 9th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 41–50. ACM (2013)

  15. Laureano, M., Maziero, C., Jamhour, E.: Intrusion detection in virtual machine environments. In: Euromicro Conference, 2004. Proceedings. 30th, pp. 520–525. IEEE (2004)

  16. Liu, C.L., Layland, J.W.: Scheduling algorithms for multiprogramming in a hard-real-time environment. J. ACM (JACM) 20(1), 46–61 (1973)

    Article  MATH  MathSciNet  Google Scholar 

  17. Liu, J., Huang, W., Abali, B., Panda, D.K.: High performance VMM-bypass I/O in virtual machines. Proc. Annu. Conf. USENIX 6, 3–3 (2006)

    Google Scholar 

  18. Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEEE Commun. Mag. 40(10), 76–82 (2002)

    Article  Google Scholar 

  19. Milojičić, D.S., Douglis, F., Paindaveine, Y., Wheeler, R., Zhou, S.: Process migration. ACM Comput. Surv. (CSUR) 32(3), 241–299 (2000)

    Article  Google Scholar 

  20. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  21. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)

    Article  Google Scholar 

  22. Networks, A.: Anatomy of a Botnet. Tech. rep., Arbor Networks (2010)

  23. OpenStack: OpenStack Installation Guide for Red Hat Enterprise Linux, CentOS, and Fedora. (2012). http://docs.openstack.org/icehouse/install-guide/install/yum/content/index.html

  24. Popa, L., Kumar, G., Chowdhury, M., Krishnamurthy, A., Ratnasamy, S., Stoica, I.: FairCloud: sharing the network in cloud computing. In: Proceedings of the ACM SIGCOMM 2012 conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 187–198. ACM (2012)

  25. Roschke, S., Cheng, F., Meinel, C.: An extensible and virtualization-compatible IDS management architecture. In: Information Assurance and Security, 2009. IAS’09. Fifth International Conference on, vol. 2, pp. 130–134. IEEE (2009)

  26. Shetty, J., MR, A., et al.: A survey on techniques of secure live migration of virtual machine. Int. J. Comput. Appl. 39(12), 34–39 (2012)

  27. Shieh, A., Kandula, S., Greenberg, A., Kim, C., Saha, B.: Sharing the data center network. In: Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, pp. 23–23. USENIX Association (2011)

  28. Slaviero, M.: BlackHat presentation demo vids: Amazon, part 4 of 5, AMIBomb, August 8, 2009 (2009)

  29. Stoica, I., Shenker, S., Zhang, H.: Core-Stateless Fair Queueing: Achieving Approximately Fair Bandwidth Allocations in High Speed Networks. In: SIGCOMM, pp. 118–130 (1998)

  30. Studer, A., Perrig, A.: The coremelt attack. In: Backes, M., Ning, P. (eds.) Computer Security-ESORICS, pp. 37–52. Springer, Berlin (2009)

  31. Sugerman, J., Venkitachalam, G., Lim, B.H.: Virtualizing I/O devices on VMware workstation’s hosted virtual machine monitor. In: USENIX Annual Technical Conference, General Track, pp. 1–14 (2001)

  32. Voorsluys, W., Broberg, J., Venugopal, S., Buyya, R.: Cost of virtual machine live migration in clouds: a performance evaluation. In: Jaatun, M.G., Zhao, G., Rong, C. (eds.) Cloud Computing, pp. 254–265. Springer, Berlin (2009)

  33. Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: INFOCOM 2002. Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 3, pp. 1530–1539. IEEE (2002)

Download references

Acknowledgments

This paper is supported by Program for Changjiang Scholars and Innovative Research Team in University (IRT1078), The Key Program of NSFC-Guangdong Union Foundation (U1135002), Major national S & T program (2011ZX03005-002), and the Fundamental Research Funds for the Central Universities (JY0900120301).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Yichuan Wang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, Y., Ma, J., Lu, D. et al. From high-availability to collapse: quantitative analysis of “Cloud-Droplet-Freezing” attack threats to virtual machine migration in cloud computing. Cluster Comput 17, 1369–1381 (2014). https://doi.org/10.1007/s10586-014-0388-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-014-0388-6

Keywords

Navigation