13 research outputs found
Conceptualization and cases of study on cyber operations against the sustainability of the tactical edge
The last decade consolidated the cyberspace as fifth domain of operations,
which extends its preliminarily intelligence and information exchange purposes
towards enabling complex offensive and defensive operations
supported/supportively of parallel kinetic domain actuations. Although there is
a plethora of well documented cases on strategic and operational interventions
of cyber commands, the cyber tactical military edge is still a challenge, where
cyber fires barely integrate to the traditional joint targeting cycle due among
others to long planning/development times, asymmetric effects, strict target
reachability requirements, or the fast propagation of collateral damage; the
latter rapidly deriving on hybrid impacts (political, economic, social, etc.)
and evidencing significant socio-technical gaps. In this context, it is
expected that tactical clouds disruptively facilitate cyber operations at the
edge while exposing the rest of the digital assets of the operation to them. On
these grounds, the main purpose of the conducted research is to review and in
depth analyze the risks and opportunities of jeopardizing the sustainability of
the military tactical clouds at the edge by cyber operations. Along with a 1)
comprehensively formulation of the researched problematic, the study 2)
formalizes the Tactical Denial of Sustainability (TDoS) concept; 3) introduces
the phasing, potential attack surfaces, terrains and impact of TDoS attacks; 4)
emphasizes the related human and socio-technical aspects; 5) analyzes the
threats/opportunities inherent to their impact on the cloud energy efficiency;
6) reviews their implications at the military cyber thinking for tactical
operations; 7) illustrates five extensive CONOPS that facilitate the
understanding of the TDoS concept; and given the high novelty of the discussed
topics, it 8) paves the way for further research and development actions
Machine learning-based EDoS attack detection technique using execution trace analysis
One of the most important benefits of using cloud computing is the benefit of on-demand services. Accordingly, the method of payment in the cloud environment is pay per use. This feature results in a new kind of DDOS attack called Economic Denial of Sustainability (EDoS), in which the customer pays extra to the cloud provider as a result of the attack. Similar to other DDoS attacks, EDoS attacks are divided into different types, such as (1) bandwidth-consuming attacks, (2) attacks that target specific applications, and 3) connection-layer exhaustion attacks. In this work, we propose a novel framework to detect different types of EDoS attacks by designing a profile that learns from and classifies the normal and abnormal behaviors. In this framework, the extra demanding resources are only allocated to VMs that are detected to be in a normal situation and therefore prevent the cloud environment from attack and resource misuse propagation
Detecting Specific Types of DDoS Attacks in Cloud Environment by Using Anomaly Detection
RÉSUMÉ
Un des avantages les plus importants de l'utilisation du cloud computing est d'avoir des services sur demande, et donc la méthode de paiement dans l'environnement du cloud est de type payer selon l'utilisation (pay per use). Cette caractéristique introduit un nouveau type d'attaque de déni des services appelée déni économique de la durabilité (Economic Denial of Sustainability EDoS) où le client paie des montants supplémentaires au fournisseur du cloud à cause de l'attaque. Les attaques DDoS avec leur nouvelle version sont divisées en trois catégories:
1) Les attaques de consommation de la bande passante.
2) Les attaques qui ciblent des applications spécifiques.
3) Les attaques d'épuisement sur la couche des connections.
Dans ce travail, nous avons proposé un nouveau modèle pour détecter précisément les différents types des attaques DDoS et EDoS en comparant le trafic et l'utilisation des ressources dans des situations normale et d'attaque. Des caractéristiques (features) qui sont liées au trafic et à l'utilisation des ressources dans le cas de chaque attaque ont été recueillies. Elles constituent les métriques de notre modèle de détection. Dans la conception de notre modèle, nous avons utilisé les caractéristiques liées à tous les 3 types d'attaques puisque les caractéristiques d'un type d'attaque jouent un rôle important pour détecter un autre type. En effet, pour trouver un point de changement dans l'utilisation des ressources et le comportement du trafic nous avons utilisé l'algorithme des sommes cumulées CUSUM. La précision de notre algorithme a ensuite été étudiée en comparant sa performance avec celle d'un travail populaire précédent. Le taux de détection du modele était élevé, Ce qui indique la haute précision de l'algorithme conçu.----------ABSTRACT
One of the most important benefits of using cloud computing is to have on-demand services; accordingly the method of payment in cloud environment is pay per use. This feature results in a new kind of DDOS attack called Economic Denial of Sustainability (EDoS) in which the customer pays extra to the cloud provider because of the attack. DDoS attacks and a new version of these attacks which called EDoS attack are divided into three different categories: 1) Bandwidth–consuming attacks, 2) Attacks which target specific applications and 3) Connection–layer exhaustion attacks. In this work we proposed a novel and inclusive model to precisely detect different types of DDoS and EDoS attacks by comparing the traffic and resource usage in normal and attack situations. Features which are related to traffic and resource usage in each attack were collected as the metrics of our detection model. In designing our model, we used the metrics related to all 3 types of attacks since features of one kind of attack play an important role to detect another type. Moreover, to find a change point in resource usage and traffic behavior we used CUSUM algorithm. The accuracy of our algorithm was then investigated by comparing its performance with one of the popular previous works. Achieving a higher rate of correct detection in our model proved the high accuracy of the designed algorithm
Adquisición de conocimiento para la gestión autónoma de redes en arquitecturas auto-organizadas emergentes
Los escenarios de red emergentes estan caracterizados por el acceso intensivo a una amplia gama de servicios y aplicaciones que han incrementado las exigencias de las redes de comunicacion. Los modelos de gestion de red tradicionales se han caracterizado a su vez por una alta dependencia del factor humano para llevar a cabo tareas de configuracion y mantenimiento de la red. Esta situacion se ha hecho menos sostenible en las redes moviles no solo por los costes operacionales y de inversion de capital asociados, sino tambien por la complejidad que estas han adquirido ante la inmersion exponencial de dispositivos moviles. Tales aspectos han motivado el surgimiento de la quinta generacion de redes moviles, caracterizadas por indicadores de desempeño ambiciosos que deben cumplirse para satisfacer los niveles de servicio acordados..