Towards Yo-Yo attack mitigation in cloud auto-scaling mechanism

Abstract

Cloud platforms could automatically scale underlying network resources up and down in response to changes in the traffic load. Such an auto-scaling mechanism can largely enhance the elasticity and scalability of cloud platforms. However, it may introduce new security threats. For example, the Yo-Yo attack is a newly disclosed attack against the cloud auto-scaling mechanism. Attackers periodically send bursts of traffic to cause the auto-scaling mechanism to oscillate between the scale-up process and the scale-down process, which may result in significant performance degradation and economic loss. None of the prior work addressed the problem of mitigating such an attack. In this paper, we propose a Trust-based Adversarial Scanner Delaying (TASD) approach to effectively and proactively mitigate the Yo-Yo attack on the cloud auto-scaling mechanism. In TASD, we first propose to use the trust-based scheme to establish trust values for users, which is leveraged to identify adversarial requests. Trust values are updated by jointly considering the request mode and the auto-scaling status. Then, we aim to disable the condition under which the Yo-Yo attack takes effect by injecting certain delay, under the QoS constraints, to manipulate the response time of suspicious requests and deceive the attackers. Our extensive evaluation demonstrates that our approach achieves promising results, e.g., it can detect at least 80% Yo-Yo adversarial users and reduce more than 41% malicious scale-ups.