Research On A Dynamic Network Structure Based Defense Technology Against Denial-of-service Attacks In A Cloud Environment

As a kind of common network attack,Denial-of-Service(DoS)attacks aim at making the loss of the quality of services of the target network applications and pose great threats to the stability of the Internet.As traditional DoS defense strategies mostly depend on the features of specific DoS attacks,in the face of the rapid development of DoS attacks,traditional defense strategies gradually fail to overcome the great threats brought by DoS attacks.Instead,the Moving Target Defense(MTD)strategies aim at making attackers lose their targets by continuously changing the systems' configurations or resource allocations,providing ideal solutions for the shortcomings of traditional defense strategies.The paper discusses a dynamic-network-structure-based DoS defense technology.When the system is under attack,the defense system dynamically changes the structure of the attacked cluster,shuffles all affected authenticated clients and reallocates them to newly initialized backup servers with secret network addresses to make them avoid being attacked and recover the quality of the network service.Since the attacker may control some legal client accounts,which are so-called ‘insiders',to collect information about the system,he can also trace the migration of insiders to discover the new servers and launch a new round of attack,on the basis of the current analysis,the paper improves the client reallocation algorithm by deploying the relations between the result of every client reallocation and the distribution of insiders among all clients to increase the proportion of innocent clients among all clients selected for the client reallocation to make more innocent clients isolated from insiders after the client reallocation.The results of the simulations show that when resources are limited,compared to the previous researches,the algorithm spends fewer shuffles to protect most of the innocent clients from insiders,which means it can recover most of the quality of services of the network application.The rapid development of cloud computing technologies provides faster and more convenient ways to deploy network applications.The resource elasticity of cloud computing platforms significantly reduces the cost and the difficulty of the deployment of the dynamic configuration based MTD systems,which makes cloud environment ideal platforms to implement MTD systems.Based on OpenStack,the currently most popular open source cloud computing platform,the paper discusses the implementation of the dynamic network structure based DoS defense systems on the cloud environment.