Detection And Filtration Of Attack For Distributed Denial Of Service In OpenStack

As an open source cloud computing framework,OpenStack provides computing,storage,and network services.It has gradually become the de facto standard in Infrastructure as a Service,and its security has also received increasing attention.External penetration,worms,and distributed denial of service(DDoS)pose huge threats to cloud platforms.A lot of research has been done on the traditional floodbased high-rate DDoS attacks,but the low-rate DDoS attacks that have appeared in recent years have the characteristics of small traffic and strong concealment,and present a greater threat to cloud platforms.Therefore,an effective defense mechanism must be established to resist these two attacks.Based on the OpenStack architecture and security mechanism,this article analyzes DDoS attack methods against OpenStack,and proposes algorithms and models that can effectively detect and filter mixed high-rate and low-rate DDoS attacks.The main research works are as follows:(1)Analysis of DDoS attack behavior for OpenStack cloud platform.Perform attack experiments on clusters with and without high availability mechanism and Zookeeper configuration,analyze the impact of different deployment modes on their response mechanism when they are under DDoS attacks,summarize the most effective attack methods against OpenStack,and combine this attack method in the following.Then carry out research on DDoS attack detection technology for OpenStack.(2)DDoS attack detection modeling.Based on the experimental results of DDoS attack behavior,a detection modeling method based on Quantum Particle Swarm Optimization(QPSO)and Directed Acyclic Graph Support Vector Machine(DAGSVM)is proposed.This model combines several SVM two-classifiers through a directed acyclic graph structure.The input of each two-classifier is a set of features based on entropy,and the output is label of normal,high-rate or low-rate DDoS.Each classifier of SVM is trained using the corresponding training set separately.After that,the QPSO algorithm is used to optimize the scale parameters and penalty parameters in the SVM classifier to obtain better SVM initialization parameters in the global search space.(3)Research on filtering methods for hybrid DDoS attacks.Based on in-depth research on the principles of high-rate and low-rate DDoS attacks,a two-layer hybrid DDoS attack traffic filtering model is proposed.The model consists of feature extractors,high-rate and low-rate attack traffic filters.The feature extractor is responsible for extracting the traffic characteristics.For high-rate DDoS attack traffic,the number of packets is used as detection feature,and a traffic filtering algorithm based on the maximum inter-class variance is proposed.For low-rate DDoS attack traffic,the incremental time of data packet is used as detection feature,and a traffic filtering algorithm based on fast Hartley transform is proposed.(4)The design and implement of DDoS attack detection and filtering system.According to the workflow of DDoS detection and filtering,the system can be divided into five modules: data collection,data storage,attack detection,traffic filtering and visualization.The system is tested by simulating different types of DDoS attacks in the OpenStack experimental platform.