Wanchun Dou

CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment

Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected at non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet at attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.

Predicted Packet Padding for Anonymous Web Browsing Against Traffic Analysis Attacks

Anonymous communication has become a hot research topic in order to meet the increasing demand for web privacy protection. However, there are few such systems which can provide high level anonymity for web browsing. The reason is the current dominant dummy packet padding method for anonymization against traffic analysis attacks. This method inherits huge delay and bandwidth waste, which inhibits its use for web browsing. In this paper, we propose a predicted packet padding strategy to replace the dummy packet padding method for anonymous web browsing systems. The proposed strategy mitigates delay and bandwidth waste significantly on average. We formulated the traffic analysis attack and defense problem, and defined a metric, cost coefficient of anonymization (CCA), to measure the performance of anonymization. We thoroughly analyzed the problem with the characteristics of web browsing and concluded that the proposed strategy is better than the current dummy packet padding strategy in theory. We have conducted extensive experiments on two real world data sets, and the results confirmed the advantage of the proposed method.

A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Optimization

Cloud computing is becoming popular as the next infrastructure of computing platform. Despite the promising model and hype surrounding, security has become the major concern that people hesitate to transfer their applications to clouds. Concretely, cloud platform is under numerous attacks. As a result, it is definitely expected to establish a firewall to protect cloud from these attacks. However, setting up a centralized firewall for a whole cloud data center is infeasible from both performance and financial aspects. In this paper, we propose a decentralized cloud firewall framework for individual cloud customers. We investigate how to dynamically allocate resources to optimize resources provisioning cost, while satisfying QoS requirement specified by individual customers simultaneously. Moreover, we establish novel queuing theory based model M/Geo/1 and M/Geo/m for quantitative system analysis, where the service times follow a geometric distribution. By employing Z-transform and embedded Markov chain techniques, we obtain a closed-form expression of mean packet response time. Through extensive simulations and experiments, we conclude that an M/Geo/1 model reflects the cloud firewall real system much better than a traditional M/M/1 model. Our numerical results also indicate that we are able to set up cloud firewall with affordable cost to cloud customers.

WSRank: A Method for Web Service Ranking in Cloud Environment

For services that have similar functionalities, if they are published by different cloud platforms, it is a challenge to evaluate them, for satisfying different end users personal preferences. In view of this challenge, a method for web service ranking, named WSRank, is investigated in cloud environment in this paper. It aims at ranking different Web services published by different cloud platforms, taking advantage of Page Rank principle. At last, a case study and experiment are presented to demonstrate the feasibility of the method.

A scalable and automatic mechanism for resource allocation in self-organizing cloud

Taking advantage of the huge potential of consumers’ untapped computing power, self-organizing cloud is a novel computing paradigm where the consumers are able to contribute/sell their computing resources. Meanwhile, host machines held by the consumers are connected by a peer-to-peer (P2P) overlay network on the Internet. In this new architecture, due to large and varying multitudes of resources and prices, it is inefficient and tedious for consumers to select the proper resource manually. Thus, there is a high demand for a scalable and automatic mechanism to accomplish resource allocation. In view of this challenge, this paper proposes two novel economic strategies based on mechanism design. Concretely, we apply the Modified Vickrey Auction (MVA) mechanism to the case where the resource is sufficient; and the Continuous Double Auction (CDA) mechanism is employed when the resource is insufficient. We also prove that aforementioned mechanisms have dominant strategy incentive compatibility. Finally, extensive experiment results are conducted to verify the performance of the proposed strategies in terms of procurement cost and execution efficiency.

Personalized Searching for Web Service Using User Interests

Users usually have different prospective even they input a same keyword to search Web services. It is a challenge to personalize web service search engine as more and more keyword-like Web services becoming available on Internet. User interest plays an important role in personalizing search result. Therefore, through interest extraction, Web service search engine is personalized. At last, an experiment is presented to demonstrate the feasibility of the method.

Data Placement for Privacy-Aware Applications over Big Data in Hybrid Clouds

Nowadays, a large number of groups choose to deploy their applications to cloud platforms, especially for the big data era. Currently, the hybrid cloud is one of the most popular computing paradigms for holding the privacy-aware applications driven by the requirements of privacy protection and cost saving. However, it is still a challenge to realize data placement considering both the energy consumption in private cloud and the cost for renting the public cloud services. In view of this challenge, a cost and energy aware data placement method, named CEDP, for privacy-aware applications over big data in hybrid cloud is proposed. Technically, formalized analysis of cost, access time, and energy consumption is conducted in the hybrid cloud environment. Then a corresponding data placement method is designed to accomplish the cost saving for renting the public cloud services and energy savings for task execution within the private cloud platforms. Experimental evaluations validate the efficiency and effectiveness of our proposed method.

A clusterized firewall framework for cloud computing

Cloud computing is becoming popular as the next infrastructure of computing platform. However, with data and business applications outsourced to a third party, how to protect cloud data centers from numerous attacks has become a critical concern. In this paper, we propose a clusterized framework of cloud firewall, which characters performance and cost evaluation. To provide quantitative performance analysis of the cloud firewall, a novel M/Geo/1 analytical model is established. The model allows cloud defenders to extract key system measures such as request response time, and determine how many resources are needed to guarantee quality of service (QoS). Moreover, we give an insight into financial cost of the proposed cloud firewall. Finally, our analytical results are verified by simulation experiments.

A personalised search approach for web service recommendation

It is a challenge to recommend services according to users interests when search systems return plenty of keyword-like services. We propose a personalised search approach for web service recommendation. First, interests are extracted from users records. Second, interest-similar users are selected using the criterion of cosine distance. Third, services are ranked in decreasing order based on the recommendation from interest-similar users. At the end of this paper, we conduct three groups experiments to verify the effect of this approach.

Why it is Hard to Fight against Cyber Criminals

We are witnessing numerous cyber attacks every day, however, we do not see many cyber criminals are brought to justice. One reason is that it is technically hard to identify and trace cyber criminals. One reason for this passive situation is our limited or even inappropriate understanding of the cyber space. In this paper, we survey the challenges and opportunities in this research field for interested readers. We also list promising tools and directions based on our understanding.