云环境下Web服务应用层DDoS攻击检测系统
|
摘要
针对云计算环境中的Web服务应用层容易遭受攻击的问题,提出一种用来检测XML和HTTP层分布式拒绝服务(DDo S)攻击的防御系统,并嵌入到云环境中,实现对云中介和云服务提供商的保护。从属于特定简单对象访问协议(SOAP)正常操作中提取数据集的特征值,构建相应的高斯请求模型;对Web服务的网络服务描述语言(WSDL)中的一些属性进行设置,实现对攻击的初步过滤;对服务请求的HTTP头部和XML内容进行检查,并与模型数据比较,进一步实现攻击检测。实验结果表明,该系统能够有效地预防多种DDo S攻击,且消耗较少的响应时间。
For the issues that the Web service application layer is easy to be attacked in cloud computing environment,this paper proposed a kind of defense system used to detect XML and HTTP distributed denial of service( DDo S) attack,and embedded in the cloud environment to achieve the protection of cloud intermediary and cloud service providers. First,the system extracted the feature of data set which belonged to the particular SOAP normal operation and built the corresponding Gaussian request model. Then,it set some properties in the network service description language( WSDL) of Web services to achieve the initial filtering of the attack. Finally,it checked the HTTP headers and XML body data,and compared with model data to detect the attacks. Experimental results show that the system can effectively prevent many DDo S attacks,and consume less response time.
For the issues that the Web service application layer is easy to be attacked in cloud computing environment,this paper proposed a kind of defense system used to detect XML and HTTP distributed denial of service( DDo S) attack,and embedded in the cloud environment to achieve the protection of cloud intermediary and cloud service providers. First,the system extracted the feature of data set which belonged to the particular SOAP normal operation and built the corresponding Gaussian request model. Then,it set some properties in the network service description language( WSDL) of Web services to achieve the initial filtering of the attack. Finally,it checked the HTTP headers and XML body data,and compared with model data to detect the attacks. Experimental results show that the system can effectively prevent many DDo S attacks,and consume less response time.
引文
[1]魏春霞,张琳琳,赵楷.基于源地址伪造的Web服务Do S攻击防御方法[J].计算机工程与设计,2014,35(9):35-43.
[2]Salas M I P,Martins E.Security testing methodology for vulnerabilities detection of XSS in Web services and WS-security[J].Electronic Notes in Theoretical Computer Science,2014,30(2):133-154.
[3]王风宇,曹首峰,肖军,等.一种基于Web群体外联行为的应用层DDo S检测方法[J].软件学报,2013,24(6):1263-1273.
[4]Sarhadi R M,Ghafori V.New approach to mitigate XML-DOS and HTTP-DOS attacks for cloud computing[J].International Journal of Computer Applications,2013,72(16):27-31.
[5]Tiwari S,Singh P.Survey of potential attacks on web services and web service compositions[C]//Proc of the 3rd International Conference on Electronics Computer Technology.2011:47-51.
[6]黄康宇,贺正求,赖海光,等.Web服务攻击技术研究综述[J].计算机应用研究,2010,27(1):17-22.
[7]Pinzón C I,Bajo J,Paz J F D,et al.S-MAS:an adaptive hierarchical distributed multiagent architecture for blocking malicious SOAP messages within web services environments[J].Expert Systems with Applications,2011,38(5):5486-5499.
[8]Chonka A,Xiang Y,Zhou W,et al.Cloud security defence to protect cloud computing against HTTP-Do S and XML-Do S attacks[J].Journal of Network&Computer Applications,2011,34(4):1097-1107.
[9]Kedjar S,Tari A.The hybrid model for Web services security access control and information flow control[C]//Proc of the 8th International Conference for Internet Technology and Secured Transactions.2013:194-202.
[10]王进,阳小龙,隆克平.基于大偏差统计模型的Http-Flood DDo S检测机制及性能分析[J].软件学报,2013,34(5):1272-1280.
[11]Karnwal T,Sivakumar T,Aghila G.A comber approach to protect cloud computing against XML DDo S and HTTP DDo S attack[C]//Proc of IEEE Students’Conference on Electrical,Electronics and Computer Science.2012:1-5.
[12]Masood A.Cyber security for service oriented architectures in a Web2.0 world:an overview of SOA vulnerabilities in financial services[C]//Proc of IEEE International Conference on Technologies for Homeland Security.2013:1-6.
[13]江先亮,金光,杨建刚,等.面向自治域的Do S攻击流抑制模型[J].通信学报,2013,34(9):132-141.
[14]Wei C,Zhang L,Zhao K,et al.MAC token based on WSS defending Web service Do S attacks[C]//Proc of International Conference on Mechatronic Sciences,Electric Engineering and Computer.2013:2452-2455.
[15]Saleh M A,Manaf A A.Protective frameworks and schemes to detect and prevent high rate Do S/DDo S and flash crowd attacks:a comprehensive review[J].Communications in Computer&Information Science,2014,28(2):145-152.
[16]莫秀良,常畅,王春东.基于活跃熵的Web应用入侵检测模型[J].武汉大学学报:理学版,2014,60(6):543-547.
[17]吴志军,崔奕,岳猛.基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDo S攻击法[J].通信学报,2015,36(1):30-37.
[18]Little Proxy[EB/OL].https://github.com/adamfisk/Little Proxy.
[2]Salas M I P,Martins E.Security testing methodology for vulnerabilities detection of XSS in Web services and WS-security[J].Electronic Notes in Theoretical Computer Science,2014,30(2):133-154.
[3]王风宇,曹首峰,肖军,等.一种基于Web群体外联行为的应用层DDo S检测方法[J].软件学报,2013,24(6):1263-1273.
[4]Sarhadi R M,Ghafori V.New approach to mitigate XML-DOS and HTTP-DOS attacks for cloud computing[J].International Journal of Computer Applications,2013,72(16):27-31.
[5]Tiwari S,Singh P.Survey of potential attacks on web services and web service compositions[C]//Proc of the 3rd International Conference on Electronics Computer Technology.2011:47-51.
[6]黄康宇,贺正求,赖海光,等.Web服务攻击技术研究综述[J].计算机应用研究,2010,27(1):17-22.
[7]Pinzón C I,Bajo J,Paz J F D,et al.S-MAS:an adaptive hierarchical distributed multiagent architecture for blocking malicious SOAP messages within web services environments[J].Expert Systems with Applications,2011,38(5):5486-5499.
[8]Chonka A,Xiang Y,Zhou W,et al.Cloud security defence to protect cloud computing against HTTP-Do S and XML-Do S attacks[J].Journal of Network&Computer Applications,2011,34(4):1097-1107.
[9]Kedjar S,Tari A.The hybrid model for Web services security access control and information flow control[C]//Proc of the 8th International Conference for Internet Technology and Secured Transactions.2013:194-202.
[10]王进,阳小龙,隆克平.基于大偏差统计模型的Http-Flood DDo S检测机制及性能分析[J].软件学报,2013,34(5):1272-1280.
[11]Karnwal T,Sivakumar T,Aghila G.A comber approach to protect cloud computing against XML DDo S and HTTP DDo S attack[C]//Proc of IEEE Students’Conference on Electrical,Electronics and Computer Science.2012:1-5.
[12]Masood A.Cyber security for service oriented architectures in a Web2.0 world:an overview of SOA vulnerabilities in financial services[C]//Proc of IEEE International Conference on Technologies for Homeland Security.2013:1-6.
[13]江先亮,金光,杨建刚,等.面向自治域的Do S攻击流抑制模型[J].通信学报,2013,34(9):132-141.
[14]Wei C,Zhang L,Zhao K,et al.MAC token based on WSS defending Web service Do S attacks[C]//Proc of International Conference on Mechatronic Sciences,Electric Engineering and Computer.2013:2452-2455.
[15]Saleh M A,Manaf A A.Protective frameworks and schemes to detect and prevent high rate Do S/DDo S and flash crowd attacks:a comprehensive review[J].Communications in Computer&Information Science,2014,28(2):145-152.
[16]莫秀良,常畅,王春东.基于活跃熵的Web应用入侵检测模型[J].武汉大学学报:理学版,2014,60(6):543-547.
[17]吴志军,崔奕,岳猛.基于虚拟散列安全访问路径VHSAP的云计算路由平台防御DDo S攻击法[J].通信学报,2015,36(1):30-37.
[18]Little Proxy[EB/OL].https://github.com/adamfisk/Little Proxy.