臺灣博碩士論文加值系統

雲端計算可以透過虛擬化技術共享軟硬體資源，但是使用者在使用虛擬化平台時可能會面臨額外的的安全威脅。共存攻擊是指攻擊者利用共享基礎設備的特性，來攻擊共存在同一實體機上的其他虛擬機。2017年Abazari等人提出了雲端共存攻擊多目標回應系統，考量到虛擬機共存時間，以最小成本和最小威脅為目標來回應共存攻擊。但我們發現實際上該系統的回應時間過長。因此在本論文中，我們使用機器學習來訓練入侵回應系統，我們使用Ridge Regression演算法，並進行一系列實驗證明模型的效果，實驗中也比較了我們的模型和Abazari等人的模型。實驗結果顯示，我們的模型具有 2000 倍加速比的效率提升，同時獲得 87.9% 高準確度的解答，在回應策略與時間效能取得平衡。

With cloud computing, we can share hardware and software resources through virtualization technology, while the users may face additional security threats when using virtualization platforms. Co-resident attack is one security problem when an attacker exploits the characteristics of a shared infrastructure and attacks other virtual machines co-located on the same physical machine. In 2017, Abazari et al. proposed a multi-objective response system to against co-resident attacks in cloud environment, considering the co-resident time of virtual machines, and responding to the attacks with the goal of minimum cost and minimum threat. Howeverwe found that the response time of their proposed system was actually too long for real-time applications.
In this thesis, we proposed to use machine learning to train the intrusion response system. We use the Ridge Regression algorithm and perform a series of experiments to prove the effect of the proposed model. In the experiments, we also compared our model with that of the Abazari’s. From the experimental results, we showed that our model can obtain a solution with efficiency improvement of 2000x speedup and 87.9% of high accuracy.

摘要 i
Abstract ii
目錄 iii
圖目錄 v
表目錄 vi
公式目錄 vii
Chaper 1 簡介 1
Chaper 2 背景知識與相關文獻 5
2.1 雲端概念 5
2.2 雲端共存攻擊 5
2.3 側通道攻擊 6
2.4 惡意軟體傳播 6
2.5 阻斷服務攻擊 7
2.6 虛擬機共存時間關係圖 7
2.7 回應對策表 8
2.8 機器學習 9
2.9 Scikit-learn 11
2.10 Ridge Regression 11
Chaper 3 研究方法 12
3.1 計算威脅等級 12
3.2 回應對策矩陣和成本向量 14
3.3 資料生成 15
Chaper 4 實驗分析與討論 17
4.1 實驗介紹 17
4.2 12個虛擬機的簡易雲端模擬環境 18
4.3 50個虛擬機的雲端模擬環境 19
4.4 雲端總威脅、總成本比較實驗 21
4.5 準確度及效能實驗 22
Chaper 5 結論 24
References 25

1.F. Abazari, M. Analoui, H. Takab: Multi-objective response to co-resident attacks in cloud environment. Int. J. Inf. Commun. Technol. Res. 9(3), 25–36 (2018)
2.M. Ali, S. U. Khan, and A. V. Vasilakos, "Security in cloud computing: Opportunities and challenges," Information Sciences, vol. 305, pp. 357–383, 2015.
3.Shahid Anwar et al., "Response option for attacks detected by intrusion detection system," in Software Engineering and Computer Systems (ICSECS), 2015 4th International Conference on, 2015, pp. 195-200.
4.Adam Bates et al., "On detecting co-resident cloud instances using network flow watermarking techniques," International Journal of Information Security, vol. 13, pp. 171-189, 2014
5."CVE-2015-3456," Technical Report 2015
6.Farzaneh Abazari, Morteza Analoui, and Hassan Takabi, "Effect of anti-malware software on infectious nodes in cloud environment," Computers & Security, 2016.
7.Candid Wueest, "Security for Virtualization: Finding the Right Balance," Kaspersky Lab, 2012.
8.Candid Wueest, "Threats to virtual environments," Symantec, 2014.
9.Ron C Chiang, Sundaresan Rajasekaran, Nan Zhang, and H Howie Huang, "Swiper: Exploiting virtual machine vulnerability in third-party clouds with competition for I/O resources," Parallel and Distributed Systems, IEEE Transactions on, vol. 26, pp. 1732-1742, 2015
10.Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart, and Michael M Swift, "Resource-freeing attacks: improve your cloud performance (at your neighbor's expense," in Proceedings of the 2012 ACM conference on Computer and communications security, 2012, pp. 281-292.
11.Wanchun Dou, Qi Chen, and Jinjun Chen, "A confidence-based filtering method for DdoS attack defense in cloud environment," Future Generation Computer Systems, vol. 29, pp. 1838-1850, 2013.
12.A. O. F. Atya, Z. Qian, S.V. Krishnamurthy, T. L. Porta, P. McDaniel, L. Marvel: Malicious co-residency on the cloud: attacks and defense. In: IEEE INFOCOM 2017 – IEEE Conference on Computer Communications, Atlanta, GA, pp. 1–9 (2017)
13.W. Zhang, X. Jia, C. Wang, S. Zhang, Q. Huang, M. Wang, P. Liu: A comprehensive study of co-residence threat in multi-tenant public PaaS clouds. In: Lam, K.Y., Chi, C.H., Qing, S. (eds.) Information and Communications Security, ICICS, Lecture Notes in Computer Science, vol. 9977. Springer, Cham (2016)
14.M. Altunay, S. Leyffer, J. T. Linderoth, Z. Xie: Optimal response to attacks on the open science grid. Comput. Netw. 55(1), 61–73 (2011)
15.F. Abazari, M. Analoui: Exploring the effects of virtual machine placement on the transmission of infections in cloud. In: 7th International Symposium on Telecommunications, Tehran, pp. 278–282 (2014)
16.Jingzheng Wu, Liping Ding, Yuqi Lin, Nasro Min-Allah, and Yongji Wang, "Xenpump: a new method to mitigate timing channel in cloud computing," in Cloud Computing (CLOUD), 2012 IEEE 5th International Conference on, 2012, pp. 678--685.
17.Chun-Jen Chung, Pankaj Khatkar, Tiany Xing, Jeongkeun Lee, and Dijiang Huang, "NICE: Network intrusion detection and countermeasure selection in virtual network systems," Dependable and Secure Computing, IEEE Transactions on, 2013.
18.Swaminathan Balasubramanian, Matthew M Lobbes, Brian M O'connell, and Brian J Snitzer, "Automated Response to Detection of Threat to Cloud Virtual Machine," US Patent 20,160,094,568, March 2016.
19.Scikit-learn https://scikit-learn.org/stable/tutorial/machine_learning_map/index.html
20.Smitha and Squcciarini, Anna C Sundareswaran, "Detecting malicious co-resident virtual machines indulging in load-based attacks," Information and Communications Security, pp. 113--124, 2013.