Abstract
Multimedia computing has evolved as a remarkable technology which provides services to view, create, edit, process, and search multimedia contents. All these multimedia services have high computational, bandwidth, and storage requirements. Therefore, multimedia cloud computing has gained appreciable popularity and acceptance in the past one decade. The convenience of cloud computing comes with financial burden. One of the fundamental features of cloud computing, which helps in reducing the financial worries of the multimedia service providers is the cloud’s pay-as-you-go pricing model. However, the cloud’s pricing model has also attracted adversaries that have hindered the migration of services and/or data by various organisations to the cloud. Through the cloud’s pay-as-you-go pricing model, attackers usually target the financial viability of the cloud customers. Therefore, such attacks are capable to affect the long term availability of multimedia-services hosted on the public cloud. These attacks are known as Fraudulent Resource Consumption (FRC) attack. Therefore, research in the area of FRC attack detection and mitigation is important in motivating the organisations to adopt the public cloud platform. In this paper, we propose a novel approach based on network flow analysis at the victim side to detect and mitigate the FRC attacks against cloud-based services. Experiments were conducted using real world benchmark datasets to evaluate the performance of the proposed approach. Experimental outcomes suggest that our proposed approach is able to detect and mitigate the FRC attacks with satisfactory accuracy and low overhead.
Similar content being viewed by others
References
Al-Haidari F, Sqalli MH, Salah K (2012) Enhanced EDoS-Shield for Mitigating EDoS Attacks Originating from Spoofed IP Addresses. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, pp 1167–1174
Arun P, Kumar R, Selvakumar S (2013) Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Comput Commun, Elsevier 36(3):303–319
Atat R, Liu L, Chen H, Wu J, Li H, Yi Y (2017) Enabling cyber-physical communication in 5G cellular networks: challenges, spatial spectrum sensing, and cyber-security. IET Cyber-Phys Syst: Theor Appl 2(1):49–54
Baig ZA, Sait SM, Binbeshr F (2016) Controlled access to cloud resources for mitigating Economic Denial of Sustainability (EDoS) attacks. Comput Netw, Elsevier 97:31–47
Bhushan K, Gupta BB (2017) A novel approach to defend multimedia flash crowd in cloud environment. Multimed Tools Appl 1–31. Springer
Bhuyan MH, Bhattacharyya DK, Kalita JK (2015) An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn Lett. Elsevier 51:1–7
Bushell D In Search of The Best CAPTCHA”, https://www.smashingmagazine.com/2011/03/in-search-of-the-perfect-captcha/. Accessed 3 Sept 2017
Buyya R, Broberg J, Goscinski A (2011) CLOUD COMPUTING: principles and paradigms. Wiley, Hoboken
Chang X, Yang Y (2017) Semisupervised feature analysis by mining correlations among multiple tasks. IEEE Trans Neural Netw Learn Syst 28(10):2294–2305
Chang X, Yu YL, Yang Y, Xing EP (2017) Semantic pooling for complex event analysis in untrimmed videos. IEEE Trans Pattern Anal Mach Intell 39(8):1617–1632
Chang X, Ma Z, Yang Y, Zeng Z, Hauptmann AG (2017) Bi-level semantic representation analysis for multimedia event detection. IEEE Trans Cybern 47(5):1180–1197
Chang X, Ma Z, Lin M, Yang Y, Hauptmann A (2017) Feature Interaction Augmented Sparse Learning for Fast Kinect Motion Detection. IEEE Trans Image Process 26(8):3911–3920
Chen Y, Hwang K (2006) Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. J Parallel Distrib Comput, Elsevier 66(9):1137–1151
DARPA Intrusion Detection Evaluation Data Set, MIT Lincoln Laboratory 1999 [Online]. https://ll.mit.edu/ideval/data/1999data.html. Accessed 3 Sept 2017
Feitosa E, Souto E, Sadok DH (2012) An orchestration approach for unwanted internet traffic identification. Comput Netw, Elsevier 56(12):2805–2831
Hoff C (2008) Cloud Computing Security: From DDoS (Distributed Denial Of Service) to EDoS (Economic Denial of Sustainability), http://www.rationalsurvivability.com/blog/2008/11/cloud-computing-security-from-ddos-distributed-denial-of-service-to-edos-economic-denial-of-sustainability/. Available online, Accessed on 16/08/2017]
Idziorek J, Tannian M (2011) Exploiting cloud utility models for profit and ruin. In: IEEE International Conference on Cloud Computing (CLOUD). Washington DC, pp 33–40
Idziorek J, Tannian M, Jacobson D (2011) Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM workshop on Cloud computing security workshop (CCSW '11), NY, USA, pp 61–72
Idziorek J, Tannian M, Jacobson D (2012) Attribution of Fraudulent Resource Consumption in the Cloud. In: IEEE Fifth International Conference on Cloud Computing, Honolulu, pp 99–106
Idziorek J, Tannian MF, Jacobson D (2013) The Insecurity of Cloud Utility Models. IT Prof IEEE 15(2):22–27
Jouini M, Rabai LBA (2016) A Security Framework for Secure Cloud Computing Environments. Int J Cloud Appl Comput (IJCAC) 6(3):32–44
Khor SH, Nakao A (2009) spow: On-demand cloud-based eddos mitigation mechanism. HotDep (Fifth Workshop on Hot Topics in System Dependability), Lisbon
Koduru A, Neelakantam T, Saira Bhanu SM (2013) Detection of Economic Denial of Sustainability Using Time Spent on a Web Page in Cloud. In: IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), Bangalore, pp 1–4
Kumar MN et al (2012) Mitigating Economic Denial of Sustainability (EDoS) in Cloud Computing Using In-cloud Scrubber Service. In: Fourth International Conference on Computational Intelligence and Communication Networks, Mathura, pp 535–539
Li J, Li YK, Chen X, Lee PPC, Lou W (2015) A Hybrid Cloud Approach for Secure Authorized Deduplication. IEEE Trans Parallel Distrib Syst 26(5):1206–1216
Li J, Liu Z, Chen X, Xhafa F, Tan X, Wong DS (2015) L-EncDB: a lightweight framework for privacy preserving data queries in cloud computing. Knowl-Based Syst, Elsevier 79:18–26
Li J, Li J, Chen X, Jia C, Lou W (2015) Identity-based Encryption with Outsourced Revocation in Cloud Computing. IEEE Trans Comput 64(2):425–437
Li P, Li J, Huang Z, Li T, Gao C-Z, Yiu S-M, Chen K (2017) Multi-key privacy-preserving deep learning in cloud computing. Futur Gener Comput Syst 74:76–85
Li P, Li J, Huang Z, Gao C-Z, Chen W-B, Chen K (2017) Privacy-preserving outsourced classification in cloud computing. Clust Comput:1–10. https://doi.org/10.1007/s10586-017-0849-9
Li J, Zhang Y, Chen X, Yang X (2018) Secure attribute-based data sharing for resource-limited users in cloud computing. Comput Secur 72:1–12. https://doi.org/10.1016/j.cose.2017.08.007
Luo H, Lin Y, Zhang H, Zukerman M (2013) Preventing DDoS attacks by identifier/locator separation. IEEE Netw 27(6):60–65
Maciá-Fernández G, Rodríguez-Gómez RA, Díaz-Verdejo JE (2010) Defense techniques for low-rate DoS attacks against application servers. Comput Netw. Elsevier 54(15):2711–2727
Maksoudian YL (1969) Probability and statistics with applications. International textbook company, Pennsylvania
Masood M, Anwar Z, Raza SA, Hur MA (2013) EDoS Armor: A cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. INMIC, Lahore, pp 37–42
Mell P, Grance T (2011) SP 800-145. the NIST Definition of Cloud Computing. Technical Report, NIST, Gaithersburg
Moore D et al (2006) Inferring internet denial-of-service activity. ACM Trans Comput Syst (TOCS) 24(2):115–139
Ouf S, Nasr M (2015) Cloud Computing: The Future of Big Data Management. Int J Cloud Appl Comput (IJCAC) 5(2):53–61
Ratten V (2015) Cloud Computing Technology Innovation Advances: A Set of Research Propositions. Int J Cloud Appl Comput (IJCAC) 5(1):69–76
Sqalli MH, Al-Haidari F, Salah K (2011) EDoS-Shield - A Two-Steps Mitigation Technique against EDoS Attacks in Cloud Computing. In: Fourth IEEE International Conference on Utility and Cloud Computing. Victoria, NSW, pp 49–56
The CAIDA UCSD (2007) DDoS Attack. Dataset [Online]. http://www.caida.org/data/passive/ddos-20070804_dataset.xml. Accessed 3 Sept 2017
Wu J, Guo S, Li J, Zeng D (2016) Big data meet green challenges: Big data toward green applications. IEEE Syst J 10(3):888–900
Wu J, Guo S, Li J, Zeng D (2016) Big data meet green challenges: Greening big data. IEEE Syst J 10(3):873–887
Xiang Y, Li K, Zhou W (2011) Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics. IEEE Trans Inf Forensics Secur 6(2):426–437
Yang T et al (2017) A secure smart card authentication and authorization framework using in multimedia cloud. Multimed Tools Appl 76(9):11715–11737. Springer
Yu S, Zho W, Jia W, Guo S, Xiang Y, Tang F (2012) Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE Trans Parallel Distrib Syst 23(6):1073–1080
Zhang C, Cai Z, Chen W, Luo X, Yin J (2012) Flow level detection and filtering of low-rate DDoS. Comput Netw. Elsevier 56(15):3417–3431
Zhu W, Luo C, Wang J, Li S (2011) Multimedia Cloud Computing. IEEE Signal Process Mag 28(3):59–69
Zhu W, Jiang H, Zhou S, Addison M (2017) An optimal resources scheduling strategy on multimedia cloud computing under multi-device constraint. Multimed Tools Appl Springer 76(19):19429–19444
Acknowledgements
This research work is being supported by Project grant (SB/FTP/ETA-131/2014) from SERB, DST, Government of India.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bhushan, K., Gupta, B.B. Network flow analysis for detection and mitigation of Fraudulent Resource Consumption (FRC) attacks in multimedia cloud computing. Multimed Tools Appl 78, 4267–4298 (2019). https://doi.org/10.1007/s11042-017-5522-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-5522-z