( 您好!臺灣時間:2021/07/29 23:11
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::


研究生(外文):Yen-Fen Kao
論文名稱(外文):Minimization of Service Compromise Probability Using Resource Reallocation Strategies in a Cloud Computing Environment
外文關鍵詞:Resource ReallocationMathematical ProgrammingNetwork SurvivabilityCloud ComputingMonte Carlo SimulationOptimization
  • 被引用被引用:0
  • 點閱點閱:87
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
因此我們希望能夠提供一個方法,讓雲端服務的提供商能夠有效的佈建資安防禦措施來增加網路的存活度,加以抵抗外在環境的威脅。在本研究中,將會著重在資源重新分配的防禦機制去抵抗攻擊。研究問題會使用Monte Carlo simulation 來模擬結果。最後找出防禦者最好的防禦策略配置方式。

In the last few years, we have seen a dramatic growth in IT investments, and a new term has come on the surface which is cloud computing. Cloud Computing has been highly adopted by many enterprises and organizations. However, there are still a number of technical barriers that may prevent cloud computing from becoming a truly ubiquitous service. Especially where the customer has strict or complex requirements over the security of an infrastructure. The latest cyber-attacks on high profile firms (Amazon, Google and Sony’s PlayStation) and the predictions of more cyberattacks on cloud infrastructure are threatening to slow the take-off of cloud computing. The numbers of cyber-attacks are now extremely large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt first.
In contrast, the network defense mechanism is diverse development, so there have more defense alternative for defender to protect the network from external threats. The resource reallocation is the method to allocate the large-scale task to the available resource. The method considers a network state on the virtualization environments. When the service predicted high risk level, a VM will be switch off and withdraw the VM resources to strengthen defense capabilities.
Hence, we help the service provider to allocate their defense resource, in order to find the most efficient way against external attacks. In this thesis, we focus on resource reallocation to increasing the network survivability. And we use Monte Carlo to simulate the model of the network attack-defense scenario. Finally, the ultimate goal is to figure out the optimal defense strategy.

致謝 i
Thesis Abstract ii
論文摘要 iv
List of Figures viii
List of Tables ix
Chapter 1 Introduction 1
1.1 Background 1
1.2 Motivation 6
1.3 Literature Survey 9
1.3.1 Survivability 9
1.3.2 Information Warfare in Cloud 11
1.4 Thesis Organization 13
Chapter 2 Problem Formulation 14
2.1 Problem Description 14
2.1.1 Attacker Perspective 14
2.1.2 Attacker Optimization 18
2.1.3 Defender Perspective 22
2.2 Attack-Defense Scenarios 29
2.2.1 Contest Success Function 29
2.2.2 The Sight of the Network 30
2.3 Mathematical Formulation 36
Chapter 3 Solution Approach 41
3.1 Mathematical Programming 41
3.2 Monte Carlo Simulation 42
3.3 Problem Evaluation Process 44
3.4 Policy Enhancement 47
3.4.1 Defender Enhancement 47
Chapter 4 Computational Experiment 52
4.1 Experiment environment 52
4.2 Simulation Result 54
4.2.1 Convergence Evaluation Times 54
4.2.2 Topology robustness 55
4.2.3 Attack strategy analysis 56
4.2.4 Defense strategy analysis 57
4.2.5 Enhancement results 60
Chapter 5 Conclusion and Future Work 63
Reference 65

[1] Symantec (2015). Internet Security Threat Report, 2015 Trends, Volume 20. California.
[2] IBM Internet Security Systems X-Force research and development team (2015, September). IBM X-Force Threat Intelligence Quarterly,1Q 2015. New York.
[3] Cisco (2014). Cisco 2014 Annual Security Report. San Jose.
[4] Yu, S., Doss, R., Zhou, W., and Guo, S. (2013, June). A general cloud firewall framework with dynamic resource allocation. In Communications (ICC), 2013 IEEE International Conference on, pp. 1941-1945.
[5] Xing, T., Huang, D., Xu, L., Chung, C. J., and Khatkar, P. (2013, March). SnortFlow: A OpenFlow-Based Intrusion Prevention System in Cloud Environment. In Research and Educational Experiment Workshop (GREE), 2013 Second GENI (pp. 89-92).
[6] Yang, L., Zhang, T., Song, J., Wang, J. S., and Chen, P. (2012, May). Defense of DDoS attack for cloud computing. In Computer Science and Automation Engineering (CSAE), 2012 IEEE International Conference on (Vol. 2, pp. 626-629).
[7] Kumar, N., and Sharma, S. (2013, July). Study of intrusion detection system for DDoS attacks in cloud computing. In Wireless and Optical Communications Networks (WOCN), 2013 Tenth International Conference on (pp. 1-5).
[8] Moitra, S. D., and Konda, S. L. (2000). A simulation model for managing survivability of networked information systems (No. CMU/SEI-2000-TR-021). CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.
[9] Shi, J., and Fonseka, J. P. (1995, November). Traffic-based survivability analysis of telecommunications networks. In Global Telecommunications Conference, 1995. GLOBECOM''95., IEEE (Vol. 2, pp. 936-940).
[10] Wilson, M. R. (1998). The quantitative impact of survivable network architectures on service availability. Communications Magazine, IEEE, 36(5), 122-126.
[11] J.E. Eegleston, J.K. Mackie-Mason, M.P. Wellman, S. Jamin, T.P. Kelly, and W.E. Walsh. (2000, January). Survivability through Market Based Adaptivity: the MARX Project. In Proceedings of DARPA Information Survivability Conference and Exposition 2000. Volume 2, pp. 145-156.
[12] Westmark, V. R. (2004, January). A definition for information system survivability. In System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on (pp. 10-pp).
[13] A. Snow, G. Weckman, and P. Rastogi. (2005, October). Assessing Dependability of Wireless Networks Using Neural Networks. In IEEE Military Communications Conference, 2005. Volume 5, pp. 2809-2815.
[14] Al-Zahrani, F. A. (2006, April). Survivability performance evaluation of slotted multi-fiber optical packet switching networks with and without wavelength conversion. In Information and Communication Technologies, 2006. ICTTA''06. 2nd (Vol. 2, pp. 2242-2247).
[15] Zhang, L. J., Wang, W., Guo, L., Yang, W., and Yang, Y. T. (2007, August). A survivability quantitative analysis model for network system based on attack graph. In Machine Learning and Cybernetics, 2007 International Conference on (Vol. 6, pp. 3211-3216).
[16] Qian, Y., Lu, K., and Tipper, D. (2007). A design for secure and survivable wireless sensor networks. Wireless Communications, IEEE, 14(5), 30-37.
[17] Ma, Z. (2008, March). Survival analysis approach to reliability, survivability and prognostics and health management (phm). In Aerospace Conference, 2008 IEEE (pp. 1-20).
[18] Yallouz, J., and Orda, A. (2013, April). Tunable QoS-aware network survivability. In INFOCOM, 2013 Proceedings IEEE (pp. 944-952).
[19] Fox, A., Griffith, R., Joseph, A., Katz, R., Konwinski, A., and Lee, I. (2009). Above the clouds: A Berkeley view of cloud computing. Dept. Electrical Eng. and Comput. Sciences, University of California, Berkeley, Rep. UCB/EECS, 28, 13.
[20] Fan, G., Yu, H., Chen, L., and Liu, D. (2013, June). A Game Theoretic Method to Model and Evaluate Attack-Defense Strategy in Cloud Computing. In Services Computing (SCC), 2013 IEEE International Conference on (pp. 659-666).
[21] Wang, Q., and Jin, H. (2011, June). Data leakage mitigation for discretionary access control in collaboration clouds. In Proceedings of the 16th ACM symposium on Access control models and technologies (pp. 103-112).
[22] Grobauer, B., Walloschek, T., and Stocker, E. (2011). Understanding cloud computing vulnerabilities. Security & Privacy, IEEE, 9(2), 50-57.
[23] Subashini, S., and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), 1-11.
[24] Hwang, F. K., Richards, D. S., and Winter, P. (1992). The Steiner tree problem. Elsevier.
[25] Skaperdas, S. (1996). Contest success functions. Economic Theory, 7(2), 283-290.
[26] Peng, R., Levitin, G., Xie, M., and Ng, S. H. (2010). Optimal defence of single object with imperfect false targets. Journal of the Operational Research Society,62(1), 134-141.
[27] Hausken, K., and Levitin, G. (2008). Efficiency of even separation of parallel elements with variable contest intensity. Risk Analysis, 28(5), 1477-1486.
[28] Cobb, C. W., and Douglas, P. H. (1928). A theory of production. The American Economic Review, 18(1), 139-165.

第一頁 上一頁 下一頁 最後一頁 top