| dc.description.abstract | In recent years, global business has witnessed significant cloud adoption, which provides considerable value over traditional datacenters—achieving greater scalability, cost efficiency, and improved performance. Cloud auto-scaling is a cloud service feature to react to the variation in the live traffic load by spinning up or down instances on the fly. This new feature may also introduce new security threats. For example, DDoS attacks utilize multiple distributed attack resources to exploit resources such as cloud services. Auto-scaling mechanism transforms the DDoS attacks into Economic Denial of Sustainability attack (EDoS) or an emerging new type of attack called Yo-Yo attack. Yo-Yo attack is a newly disclosed attack, according to which attackers send a burst of traffic periodically to oscillate the auto-scaling system between scale-out and scale-in status.
In this thesis, we present a solution to detect a Yo-Yo attack and mitigate it in the cloud auto-scaling mechanism. The study shows to which extent the Yo-Yo attack differs from traditional DoS/DDoS attacks in cloud auto-scaling. An approach called Trust-based Adversarial Scanner Delaying (TASD), which is introduced by [ref] is implemented and tested under real cloud settings. The TASD system is deployed on Amazon Web Services (AWS). In TASD, the detection module uses a trust value algorithm to assign a Quality of Service (QoS) value to each user, and the mitigation module controls the flow of the traffic base on the trust value number of each user.
The experimental results show that the Yo-Yo attack causes significant performance degradation in addition to economic damage, while the attack is more difficult to detect and requires fewer resources from the attacker compared with traditional DDoS. Moreover, auto-scaling policy configuration is a key to minimizing the effect of Yo-Yo attacks. The experiment evaluations show that the TASD system can detect and mitigate Yo-Yo attacks in a real cloud application. | en_US |
