HostWatcher: Protecting hosts in cloud data centers through software-defined networking

摘要

Cloud has become a dominant computing platform, and cloud data centers have been widely deployed all over the world. Naturally, cloud data centers become the targets of cyber attacks due to the feature of publicity. In addition, the price of renting resources from cloud constantly gets cheaper and cheaper. Therefore, attackers can rent hosts from cloud data centers to initiate attacks with rather low cost. As a result, hosts in a cloud center could be either victims or attackers. However, most existing researches only treat the hosts as the targets or the sources of attacks, either protecting the hosts from being attacked or identifying the malicious hosts, which is insufficient to protect the cloud data centers comprehensively. In this paper, we hire the novel techniques of SDN to protect the cloud data centers in both directions. Aiming at mitigating DDoS attacks, we propose HostWatcher, a system that watches and protects every host in cloud data center. HostWatcher leverages the advantages of SDN techniques and distributed processing. Caching and round-robin-resending scheme is introduced to the proposed system. Our goal is to protect the hosts comprehensively with QoS guarantee. The extensive experiments show that HostWatcher can effectively mitigate the DDoS attacks that target the hosts. Meanwhile, HostWatcher can also significantly limit the packet rate of hosts that are controlled by attackers. Also, the comprehensive evaluations show that the overheads of our system are trivial, and that our system is practical to implement and deploy in the cloud data centers.