Visible to the public Dolus: Cyber Defense Using Pretense Against DDoS Attacks in Cloud Platforms

TitleDolus: Cyber Defense Using Pretense Against DDoS Attacks in Cloud Platforms
Publication TypeConference Paper
Year of Publication2018
AuthorsNeupane, Roshan Lal, Neely, Travis, Chettri, Nishant, Vassell, Mark, Zhang, Yuanxun, Calyam, Prasad, Durairajan, Ramakrishnan
Conference NameProceedings of the 19th International Conference on Distributed Computing and Networking
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-6372-3
KeywordsCloud services protection, composability, DDoS attack mitigation, DDoS Defense, Human Behavior, Metrics, Pretense theory, pubcrawl, resilience, Software-defined infrastructure
AbstractCloud-hosted services are being increasingly used in online businesses in e.g., retail, healthcare, manufacturing, entertainment due to benefits such as scalability and reliability. These benefits are fueled by innovations in orchestration of cloud platforms that make them totally programmable as Software Defined everything Infrastructures (SDxI). At the same time, sophisticated targeted attacks such as Distributed Denial-of-Service (DDoS) are growing on an unprecedented scale threatening the availability of online businesses. In this paper, we present a novel defense system called Dolus to mitigate the impact of DDoS attacks launched against high-value services hosted in SDxI-based cloud platforms. Our Dolus system is able to initiate a 'pretense' in a scalable and collaborative manner to deter the attacker based on threat intelligence obtained from attack feature analysis in a two-stage ensemble learning scheme. Using foundations from pretense theory in child play, Dolus takes advantage of elastic capacity provisioning via 'quarantine virtual machines' and SDxI policy co-ordination across multiple network domains to deceive the attacker by creating a false sense of success. From the time gained through pretense initiation, Dolus enables cloud service providers to decide on a variety of policies to mitigate the attack impact, without disrupting the cloud services experience for legitimate users. We evaluate the efficacy of Dolus using a GENI Cloud testbed and demonstrate its real-time capabilities to: (a) detect DDoS attacks and redirect attack traffic to quarantine resources to engage the attacker under pretense, and (b) coordinate SDxI policies to possibly block DDoS attacks closer to the attack source(s).
URLhttp://doi.acm.org/10.1145/3154273.3154346
DOI10.1145/3154273.3154346
Citation Keyneupane_dolus:_2018