HTTP Slow DDoS攻擊機(jī)理分析及針對(duì)OpenStack云平臺(tái)的防御策略與架構(gòu)研究
信息技術(shù)與網(wǎng)絡(luò)安全
白翼銘,燕 瑋,許鳳凱,郝 帥,范春雷
(華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083)
摘要: 針對(duì)基于OpenStack開源云平臺(tái)的應(yīng)用服務(wù)易受HTTP Slow DDoS攻擊的安全問題,對(duì)其攻擊的機(jī)理進(jìn)行詳細(xì)分析,并以基于OpenStack架構(gòu)搭建的云平臺(tái)為基礎(chǔ)環(huán)境,構(gòu)建Web試驗(yàn)服務(wù)器環(huán)境,同時(shí)創(chuàng)建Docker模擬“肉雞”(指被攻擊者遠(yuǎn)程控制的計(jì)算機(jī)),通過使用Python庫中urllib庫和socket編程的方法,實(shí)現(xiàn)對(duì)三種常見HTTP Slow DDoS攻擊的模擬,通過對(duì)攻擊產(chǎn)生的流量和數(shù)據(jù)包內(nèi)容進(jìn)行分析,研究HTTP Slow DDoS攻擊機(jī)理。結(jié)果表明,三種攻擊方式均可以使云平臺(tái)中的Web服務(wù)器連接失敗。HTTP Slow DDoS攻擊方式對(duì)基礎(chǔ)帶寬不足或未部署相關(guān)防御策略的私有云平臺(tái)威脅更大,可使其無法正常提供服務(wù)。最后針對(duì)文中的三種HTTP Slow DDoS攻擊方式,提出了相應(yīng)的防御策略,并通過攻擊防御試驗(yàn)證實(shí)了這些策略的有效性。
中圖分類號(hào): TP309.5
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.01.004
引用格式: 白翼銘,燕瑋,許鳳凱,等。 HTTP Slow DDoS攻擊機(jī)理分析及針對(duì)OpenStack云平臺(tái)的防御策略與架構(gòu)研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(1):21-25.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.01.004
引用格式: 白翼銘,燕瑋,許鳳凱,等。 HTTP Slow DDoS攻擊機(jī)理分析及針對(duì)OpenStack云平臺(tái)的防御策略與架構(gòu)研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(1):21-25.
Analysis of HTTP Slow DDoS attack mechanism and research on defense strategy and architecture of OpenStack cloud platform
Bai Yiming,Yan Wei,Xu Fengkai,Hao Shuai,F(xiàn)an Chunlei
(National Computer System Engineering Research Institute of China,Beijing 100083,China)
Abstract: Aiming at the security problem that OpenStack-based open source cloud application services are susceptible to HTTP Slow DDoS attacks, this article analyzes the mechanism of the attack in detail, and builds a web test server environment based on the OpenStack-based cloud platform, at the same time,creates Docker simulation'poultry‘(computers remotely controlled by the attacker), through the use of urllib library and socket programming method in Python library, three common HTTP slow DDoS attacks are simulated. Then, the mechanism of HTTP Slow DDoS attack is studied by analyzing the traffic and packet content generated by the attack. The results show that all the three attacks can make the connection of the Web server in the cloud platform fail. HTTP Slow DDoS attacks are a kind of greater threat to private cloud platforms that have insufficient underlying bandwidth or have not deployed relevant defense policies, making them unable to provide services properly. Finally, this paper proposes corresponding defense strategies for the three attack modes of HTTP Slow DDoS in this paper, and proves the effectiveness of these strategies through attack and defense experiments.
Key words : HTTP Slow DDoS;OpenStack;cloud plantform;defense strategy
0 引言
近年來,云計(jì)算的概念逐漸普及,同時(shí)其面臨的威脅也與日俱增。由于現(xiàn)在云服務(wù)的應(yīng)用越來越廣泛,基于B/S架構(gòu)的網(wǎng)頁應(yīng)用形式逐漸代替?zhèn)鹘y(tǒng)桌面應(yīng)用,部署在云平臺(tái)上的Web應(yīng)用越來越多,導(dǎo)致部署在云平臺(tái)上的Web服務(wù)器逐漸成為攻擊者的目標(biāo),因此對(duì)其防御策略的研究迫在眉睫[1]。而對(duì)攻擊者而言,對(duì)云平臺(tái)中提供網(wǎng)頁服務(wù)的Web服務(wù)器進(jìn)行HTTP Slow DDoS攻擊是一種非常有效的攻擊手段。針對(duì)這一問題,本文通過對(duì)HTTP Slow DDoS攻擊的模擬和研究,提出了相應(yīng)的防御策略并對(duì)其有效性進(jìn)行驗(yàn)證。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://m.viuna.cn/resource/share/2000003312
作者信息:
白翼銘,燕 瑋,許鳳凱,郝 帥,范春雷
(華北計(jì)算機(jī)系統(tǒng)工程研究所,北京100083)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。