乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,2,12]],"date-time":"2024-02-12T20:02:45Z","timestamp":1707768165818},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2022,8,19]],"date-time":"2022-08-19T00:00:00Z","timestamp":1660867200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,8,19]],"date-time":"2022-08-19T00:00:00Z","timestamp":1660867200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Intell Inf Syst"],"published-print":{"date-parts":[[2023,4]]},"abstract":"Abstract<\/jats:title>The intentional targeting of components in a cloud based application, in order to artificially inflate usage bills, is an issue application owners have faced for many years. This has occurred under many guises, such as: Economic Denial of Sustainability (EDoS), Click Fraud<\/jats:italic> and even secondary effects of Denial of Service (DoS) attacks. With the advent of commercial offerings of serverless computing circa 2015, a variant of the EDoS attack has emerged, termed, Denial-of-Wallet<\/jats:italic> (DoW). We describe our development of a simulation tool as safe means to research these attacks as well as to generate datasets for the training of future mitigation systems to combat DoW. We believe that DoW may become increasingly prevalent as applications further utilise services based on a pay-per-invocation cost model. Given that the damage caused is purely financial, such attacks may not be disclosed as application users are not directly effected. As such, we believe that the development of an attack simulator and specific testing of security measures against this niche attack will be able to provide previously unavailable data and insights for the research community. We have developed a prototype DoW simulator that can emulate multiple months worth of API calls in a matter of hours for ease of training data generation. Our aspiration for the future of this work is to provide a system and starting point for research on this form of attack. We present our work on such a system Denial-of-Wallet Test Simulator (DoWTS) - a system that allows for safe testing of theorised DoW attacks against serverless applications via synthetic data generation. We also expand upon prior research on DoW and provide an analysis on the lack of specific safety measures for DoW.<\/jats:p>","DOI":"10.1007\/s10844-022-00735-3","type":"journal-article","created":{"date-parts":[[2022,8,19]],"date-time":"2022-08-19T12:02:46Z","timestamp":1660910566000},"page":"325-348","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["DoWTS \u2013 Denial-of-Wallet Test Simulator: Synthetic data generation for preemptive defence"],"prefix":"10.1007","volume":"60","author":[{"given":"Daniel","family":"Kelly","sequence":"first","affiliation":[]},{"given":"Frank G","family":"Glavin","sequence":"additional","affiliation":[]},{"given":"Enda","family":"Barrett","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,8,19]]},"reference":[{"key":"735_CR1","unstructured":"Ana (2017) Bot baseline fraud in digital advertising 2016-2017. Report. https:\/\/www.ana.net\/getfile\/25093. Accessed 31 Jan 2022"},{"key":"735_CR2","unstructured":"AWS (2017) Wild Rydes. https:\/\/aws.amazon.com\/getting-started\/hands-on\/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito\/"},{"key":"735_CR3","unstructured":"AWS (2019) Serverless applications lens aws well-architected framework. Report. Accessed 7 Feb 2022"},{"key":"735_CR4","unstructured":"AWS (2021) Security overview of aws lambda. Report"},{"key":"735_CR5","doi-asserted-by":"crossref","unstructured":"Barna, C., Mark, S., Michael, S., Vassilios, T., Marin, L. (2012) Model-based adaptive dos attack mitigation. IEEE","DOI":"10.1109\/SEAMS.2012.6224398"},{"key":"735_CR6","unstructured":"Beswick, J. (2020a) Building a location-based, scalable, serverless web app. https:\/\/aws.amazon.com\/blogs\/compute\/building-a-location-based-scalable-serverless-web-app-part-1\/. Accessed 22 Jun 2022"},{"key":"735_CR7","unstructured":"Beswick, J. (2020b) Load testing a web application\u2019s serverless backend. https:\/\/aws.amazon.com\/blogs\/compute\/load-testing-a-web-applications-serverless-backend\/. Accessed 22 Jun 2022"},{"issue":"2","key":"735_CR8","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1145\/3424155","volume":"24","author":"CG Cordero","year":"2021","unstructured":"Cordero, C. G., Vasilomanolakis, E., Wainakh, A., M\u00fchlh\u00e4user, M., & Nadjm-Tehrani, S. (2021). On generating network traffic datasets with synthetic attacks for intrusion detection. ACM Trans Priv Secur, 24(2), 8. https:\/\/doi.org\/10.1145\/3424155.","journal-title":"ACM Trans Priv Secur"},{"key":"735_CR9","unstructured":"Data Science Campus (2022) Synth Gauge. https:\/\/github.com\/datasciencecampus\/synthgauge. Accessed 23 Jun 2022"},{"key":"735_CR10","unstructured":"Firebrand (2017) Bot Traffic Detection Method Teases Real Website Traffic from Fake. https:\/\/firebrand.net\/blog\/bot-traffic-detection-tool\/,urldate=2020-07-01. Accessed 31 Jan 2022"},{"key":"735_CR11","unstructured":"Fuentes, M.R. (2020) Shifts in underground markets past, present and future. Report, Trend Micro. https:\/\/documents.trendmicro.com\/assets\/white_papers\/wp-shifts-in-the-underground.pdf. Accessed 31 Jan 2022"},{"key":"735_CR12","doi-asserted-by":"crossref","unstructured":"He, Z., Zhang, T., Lee, R.B. (2017) Machine learning based ddos attack detection from source side in cloud. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) (pp. 114\u2013120). IEEE","DOI":"10.1109\/CSCloud.2017.58"},{"key":"735_CR13","unstructured":"Hoff, C. (2008) Cloud Computing Security: From DDoS (Distributed Denial Of Service) to EDoS (Economic Denial of Sustainability). https:\/\/www.rationalsurvivability.com\/blog\/2008\/11\/cloud-computing-securi ty-from-ddos-distributed-denial-of-service-to-edos-economic-denial-of-sustaina bility\/. Accessed 31 Jan 2022"},{"key":"735_CR14","doi-asserted-by":"crossref","unstructured":"Idris, M., Syarif, I., Winarno, I. (2021) Development of vulnerable web application based on owasp api security risks. In: 2021 International Electronics Symposium (IES) (pp. 190\u2013194). IEEE","DOI":"10.1109\/IES53407.2021.9593934"},{"key":"735_CR15","doi-asserted-by":"crossref","unstructured":"Idziorek, J., Mark, T. (2011) Exploiting cloud utility models for profit and ruin. IEEE","DOI":"10.1109\/CLOUD.2011.45"},{"key":"735_CR16","unstructured":"Kechinov, M. (2020) eCommerce Events History in Cosmetics Shop. https:\/\/www.kaggle.com\/datasets\/mkechinov\/ecommerce-events-history-in-cosmetics-shop. Accessed 22 Jun 2022"},{"key":"735_CR17","unstructured":"Kechinov, M. (2021) eCommerce events history in electronics store. https:\/\/www.kaggle.com\/datasets\/mkechinov\/ecommerce-events-history-in-electronics-store. Accessed 22 Jun 2022"},{"key":"735_CR18","unstructured":"Kelly, D. (2022) DoWTS - Denial of Wallet Test Simulator. https:\/\/github.com\/psykodan\/DoWTS. Accessed 22 Jun 2022"},{"key":"735_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2021.102843","volume":"60","author":"D Kelly","year":"2021","unstructured":"Kelly, D., Glavin, F. G., & Enda, B. (2021). Denial of wallet\u2013defining a looming threat to serverless computing. Journal of Information Security and Applications, 60, 102843.","journal-title":"Journal of Information Security and Applications"},{"key":"735_CR20","unstructured":"Khor, S.H., Akihiro, N. (2009) Spow: On-demand cloud-based eddos mitigation mechanism"},{"issue":"1","key":"735_CR21","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/s10207-019-00453-y","volume":"19","author":"I Ko","year":"2020","unstructured":"Ko, I., Chambers, D., & Barrett, E. (2020). Feature dynamic deep learning approach for ddos mitigation within the isp domain. International Journal of Information Security, 19(1), 53\u201370.","journal-title":"International Journal of Information Security"},{"issue":"3","key":"735_CR22","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1109\/MSP.2010.88","volume":"8","author":"N Kshetri","year":"2010","unstructured":"Kshetri, N. (2010). The economics of click fraud. IEEE Security & Privacy, 8(3), 45\u201353.","journal-title":"IEEE Security & Privacy"},{"key":"735_CR23","doi-asserted-by":"publisher","unstructured":"Kumar, M. N., Sujatha, P., Kalva, V., Nagori, R., Katukojwala, A. K., & Kumar, M. (2012). Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. Fourth international conference on computational intelligence and communication networks pp. 535\u2013539. https:\/\/doi.org\/10.1109\/CICN.2012.149","DOI":"10.1109\/CICN.2012.149"},{"issue":"3","key":"735_CR24","doi-asserted-by":"publisher","first-page":"215","DOI":"10.18178\/ijiet.2020.10.3.1366","volume":"10","author":"N Maki","year":"2020","unstructured":"Maki, N., Nakata, R., Toyoda, S., Kasai, Y., Shin, S., & Seto, Y. (2020). An effective cybersecurity exercises platform cyexec and its training contents. International Journal of Information and Education Technology, 10(3), 215\u2013221.","journal-title":"International Journal of Information and Education Technology"},{"key":"735_CR25","unstructured":"Markus-Go (2008) BoNeSi. https:\/\/github.com\/Markus-Go\/bonesi. Accessed 22 Jun 2022"},{"key":"735_CR26","doi-asserted-by":"crossref","unstructured":"Niyaz, Q., Sun, W., Javaid, A.Y. (2016) A deep learning based ddos detection system in software-defined networking (sdn). arXiv preprint arXiv:1611.07400","DOI":"10.4108\/eai.28-12-2017.153515"},{"key":"735_CR27","unstructured":"OWASP (2019) Owasp api security project. Report. https:\/\/owasp.org\/www-project-api-security\/. Accessed 11 Apr 2022"},{"key":"735_CR28","doi-asserted-by":"crossref","unstructured":"Priya, S.S., Sivaram, M., Yuvaraj, D., Jayanthiladevi, A. (2020) Machine learning based ddos detection. In: 2020 International Conference on Emerging Smart Computing and Informatics (ESCI) (pp. 234\u2013237). IEEE","DOI":"10.1109\/ESCI48226.2020.9167642"},{"key":"735_CR29","unstructured":"REES46 Technologies (2022) Open CDP. https:\/\/rees46.com\/en\/open-cdp. Accessed 23 Jun 2022"},{"key":"735_CR30","unstructured":"Ross, G. (2013) @richorama Denial of Wallet attack! Twitter https:\/\/twitter.com\/gepeto42\/status\/331756195574587392?s=20t=SlTXovUz_JhYkWQM89FhdQ. Accessed 22 Jun 2022"},{"key":"735_CR31","unstructured":"Scipy (2022a) Kolmogorov Smirnov Test. https:\/\/docs.scipy.org\/doc\/scipy\/reference\/generated\/scipy.stats.ks_2samp.html. Accessed 28 July 2022"},{"key":"735_CR32","unstructured":"Scipy (2022b) Wasserstein Distance. https:\/\/docs.scipy.org\/doc\/scipy\/reference\/generated\/scipy.stats.wasserst ein_distance.html. Accessed 28 July 2022"},{"key":"735_CR33","unstructured":"Scipy (2022c) Jensen Shannon Distance. https:\/\/docs.scipy.org\/doc\/scipy\/reference\/generated\/scipy.spatial.distance.jensenshannon.html. Accessed 28 July 2022"},{"key":"735_CR34","doi-asserted-by":"crossref","unstructured":"Sqalli, M.H., Fahd, A.-H., Khaled, S. (2011) Edos-shield-a two-steps mitigation technique against edos attacks in cloud computing. IEEE","DOI":"10.1109\/UCC.2011.17"},{"key":"735_CR35","doi-asserted-by":"crossref","unstructured":"Su, J.-M., Cheng, M.-H., Wang, X.-J., Tseng, S.-S. (2019) A scheme to create simulated test items for facilitating the assessment in web security subject. In: 2019 Twelfth International Conference on Ubi-Media Computing (Ubi-Media) (pp. 306\u2013309). IEEE","DOI":"10.1109\/Ubi-Media.2019.00067"},{"issue":"2","key":"735_CR36","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1287\/mksc.1080.0397","volume":"28","author":"KC Wilbur","year":"2009","unstructured":"Wilbur, K. C., & Yi, Z. (2009). Click fraud. Marketing Science, 28(2), 293\u2013308.","journal-title":"Marketing Science"},{"key":"735_CR37","doi-asserted-by":"crossref","unstructured":"Xu, S., Marwah, M., Arlitt, M., Ramakrishnan, N. (2021) Stan: Synthetic network traffic generation with generative neural models. Deployable Machine Learning for Security Defense (pp. 3\u201329). Springer","DOI":"10.1007\/978-3-030-87839-9_1"}],"container-title":["Journal of Intelligent Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10844-022-00735-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10844-022-00735-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10844-022-00735-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,4,24]],"date-time":"2023-04-24T09:08:28Z","timestamp":1682327308000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10844-022-00735-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8,19]]},"references-count":37,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2023,4]]}},"alternative-id":["735"],"URL":"https:\/\/doi.org\/10.1007\/s10844-022-00735-3","relation":{},"ISSN":["0925-9902","1573-7675"],"issn-type":[{"value":"0925-9902","type":"print"},{"value":"1573-7675","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,8,19]]},"assertion":[{"value":"2 May 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 August 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 August 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"19 August 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}