sesa 16(10): e2

Research Article

Evaluating the impact of eDoS attacks to cloud facilities

Download520 downloads
  • @ARTICLE{10.4108/eai.14-12-2015.2262650,
        author={Gian-Luca Dei Rossi and Mauro Iacono and Andrea Marin},
        title={Evaluating the impact of eDoS attacks to cloud facilities},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={3},
        number={10},
        publisher={ACM},
        journal_a={SESA},
        year={2016},
        month={1},
        keywords={security, energy denial of service, markovian models},
        doi={10.4108/eai.14-12-2015.2262650}
    }
    
  • Gian-Luca Dei Rossi
    Mauro Iacono
    Andrea Marin
    Year: 2016
    Evaluating the impact of eDoS attacks to cloud facilities
    SESA
    EAI
    DOI: 10.4108/eai.14-12-2015.2262650
Gian-Luca Dei Rossi1, Mauro Iacono2, Andrea Marin1,*
  • 1: Universit√† Ca' Foscari Venezia
  • 2: Seconda Universit√† di Napoli
*Contact email: marin@dsi.unive.it

Abstract

The complexity of modern cloud facilities requires attentive management policies that should encompass all aspects of the system. Security is a critical issue, as intrusions, misuse or denial of service attacks may damage both the users and the cloud provider including its reputation on the market. Disruptive attacks happen fast, cause evident and short term damages and are usually the result of operations that are hard to disguise. On the other hand, Energy oriented Denial of Service (eDoS) attacks aim at producing continuous minor damages, eventually with long term consequences. These long lasting attacks are difficult to detect. In this paper we model and analyse the behaviour of a system under eDoS attack. We study the impact in terms of cloud energy consumption of an attack strategy previously proposed in the literature and compare it with other strategies that we propose. Our findings show that the strategy previously proposed in the literature, based on keeping the cloud close to saturation, is not optimal (from the point of view of the attacker) in presence of non-constant workload and that there is a trade-off between the aggressiveness of the attacker and the duration of the attack in order to maximise the damage.