TY - JOUR
T1 - Detection of economic denial of sustainability (EDoS) threats in self-organizing networks
AU - Sotelo Monge, Marco Antonio
AU - Maestre Vidal, Jorge
AU - Martínez Pérez, Gregorio
N1 - Publisher Copyright:
© 2019 Elsevier B.V.
PY - 2019/9
Y1 - 2019/9
N2 - This paper reviews the threat of economic denial of sustainability on recent communication networks and discusses their adaptation to emergent scenarios suited for self-organization and network function virtualization. Thorough the performed research two novel threats were defined: workload-based EDoS (W-EDoS) and Instantiation-based EDoS (I-EDoS). W-EDoS is characterized by executing expensive requests in terms of computational resources at the victim system, hence exhausting its workload and forcing operators to contract additional resources. On the other hand, I-EDoS occurs when the cloud management software deploys more instances of virtual network functions than needed as a response to requests that resemble legitimate, but are malicious, thus increasing the cost of the hired resources. In order to contribute to their mitigation, a security architecture that incorporates network-based intrusion detection capabilities for their recognition is proposed. It implements strategies that lie on predicting the behavior of the protected system, constructing adaptive thresholds, and clustering of instances based on productivity. An extensive experimentation has been conducted to demonstrate the proposal effectiveness, which includes case studies and the accuracy assessment when considering different adjustment parameters. Under the most intense conditions, the highest AUC performed above 98% when assessing the I-EDoS detection accuracy, being the same reading higher than 99% in the case of W-EDoS.
AB - This paper reviews the threat of economic denial of sustainability on recent communication networks and discusses their adaptation to emergent scenarios suited for self-organization and network function virtualization. Thorough the performed research two novel threats were defined: workload-based EDoS (W-EDoS) and Instantiation-based EDoS (I-EDoS). W-EDoS is characterized by executing expensive requests in terms of computational resources at the victim system, hence exhausting its workload and forcing operators to contract additional resources. On the other hand, I-EDoS occurs when the cloud management software deploys more instances of virtual network functions than needed as a response to requests that resemble legitimate, but are malicious, thus increasing the cost of the hired resources. In order to contribute to their mitigation, a security architecture that incorporates network-based intrusion detection capabilities for their recognition is proposed. It implements strategies that lie on predicting the behavior of the protected system, constructing adaptive thresholds, and clustering of instances based on productivity. An extensive experimentation has been conducted to demonstrate the proposal effectiveness, which includes case studies and the accuracy assessment when considering different adjustment parameters. Under the most intense conditions, the highest AUC performed above 98% when assessing the I-EDoS detection accuracy, being the same reading higher than 99% in the case of W-EDoS.
KW - Cloud computing
KW - Economic denial of sustainability
KW - Information security
KW - Intrusion detection
KW - Network function virtualization
KW - Self-organizing networks
UR - http://www.scopus.com/inward/record.url?scp=85069733116&partnerID=8YFLogxK
U2 - 10.1016/j.comcom.2019.07.002
DO - 10.1016/j.comcom.2019.07.002
M3 - Artículo (Contribución a Revista)
AN - SCOPUS:85069733116
SN - 0140-3664
VL - 145
SP - 284
EP - 308
JO - Computer Communications
JF - Computer Communications
ER -