HTTP Slow DDoS攻擊機理分析及針對OpenStack云平臺的防御策略與架構研究
信息技術與網(wǎng)絡安全
白翼銘,,燕 瑋,,許鳳凱,,郝 帥,范春雷
(華北計算機系統(tǒng)工程研究所,,北京100083)
摘要: 針對基于OpenStack開源云平臺的應用服務易受HTTP Slow DDoS攻擊的安全問題,,對其攻擊的機理進行詳細分析,并以基于OpenStack架構搭建的云平臺為基礎環(huán)境,,構建Web試驗服務器環(huán)境,,同時創(chuàng)建Docker模擬“肉雞”(指被攻擊者遠程控制的計算機),通過使用Python庫中urllib庫和socket編程的方法,,實現(xiàn)對三種常見HTTP Slow DDoS攻擊的模擬,,通過對攻擊產生的流量和數(shù)據(jù)包內容進行分析,,研究HTTP Slow DDoS攻擊機理,。結果表明,三種攻擊方式均可以使云平臺中的Web服務器連接失敗,。HTTP Slow DDoS攻擊方式對基礎帶寬不足或未部署相關防御策略的私有云平臺威脅更大,,可使其無法正常提供服務。最后針對文中的三種HTTP Slow DDoS攻擊方式,,提出了相應的防御策略,,并通過攻擊防御試驗證實了這些策略的有效性,。
中圖分類號: TP309.5
文獻標識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.01.004
引用格式: 白翼銘,燕瑋,,許鳳凱,,等。 HTTP Slow DDoS攻擊機理分析及針對OpenStack云平臺的防御策略與架構研究[J].信息技術與網(wǎng)絡安全,,2021,,40(1):21-25.
文獻標識碼: A
DOI: 10.19358/j.issn.2096-5133.2021.01.004
引用格式: 白翼銘,燕瑋,,許鳳凱,,等。 HTTP Slow DDoS攻擊機理分析及針對OpenStack云平臺的防御策略與架構研究[J].信息技術與網(wǎng)絡安全,,2021,,40(1):21-25.
Analysis of HTTP Slow DDoS attack mechanism and research on defense strategy and architecture of OpenStack cloud platform
Bai Yiming,Yan Wei,,Xu Fengkai,,Hao Shuai,F(xiàn)an Chunlei
(National Computer System Engineering Research Institute of China,,Beijing 100083,,China)
Abstract: Aiming at the security problem that OpenStack-based open source cloud application services are susceptible to HTTP Slow DDoS attacks, this article analyzes the mechanism of the attack in detail, and builds a web test server environment based on the OpenStack-based cloud platform, at the same time,creates Docker simulation'poultry‘(computers remotely controlled by the attacker),, through the use of urllib library and socket programming method in Python library, three common HTTP slow DDoS attacks are simulated. Then, the mechanism of HTTP Slow DDoS attack is studied by analyzing the traffic and packet content generated by the attack. The results show that all the three attacks can make the connection of the Web server in the cloud platform fail. HTTP Slow DDoS attacks are a kind of greater threat to private cloud platforms that have insufficient underlying bandwidth or have not deployed relevant defense policies, making them unable to provide services properly. Finally, this paper proposes corresponding defense strategies for the three attack modes of HTTP Slow DDoS in this paper, and proves the effectiveness of these strategies through attack and defense experiments.
Key words : HTTP Slow DDoS,;OpenStack;cloud plantform,;defense strategy
0 引言
近年來,,云計算的概念逐漸普及,同時其面臨的威脅也與日俱增,。由于現(xiàn)在云服務的應用越來越廣泛,,基于B/S架構的網(wǎng)頁應用形式逐漸代替?zhèn)鹘y(tǒng)桌面應用,部署在云平臺上的Web應用越來越多,,導致部署在云平臺上的Web服務器逐漸成為攻擊者的目標,,因此對其防御策略的研究迫在眉睫[1]。而對攻擊者而言,,對云平臺中提供網(wǎng)頁服務的Web服務器進行HTTP Slow DDoS攻擊是一種非常有效的攻擊手段,。針對這一問題,本文通過對HTTP Slow DDoS攻擊的模擬和研究,,提出了相應的防御策略并對其有效性進行驗證,。
本文詳細內容請下載:http://forexkbc.com/resource/share/2000003312
作者信息:
白翼銘,燕 瑋,,許鳳凱,,郝 帥,范春雷
(華北計算機系統(tǒng)工程研究所,,北京100083)
此內容為AET網(wǎng)站原創(chuàng),,未經(jīng)授權禁止轉載。