Zhi Li scite author profile

Zhi Li

3Publications

41Citation Statements Received

112Citation Statements Given

How they've been cited

How they cite others

123

112

Affiliations

Huazhong University of Science and Technology

Publications

Order By: Most citations

DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-based Cloud

Jin

Zou

et al. 2019

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Due to the lightweight features, the combination of container technology and microservice architecture makes container-based cloud environment more efficient and agile than VM-based cloud environment. However, it also greatly amplifies the dynamism and complexity of the cloud environment and increases the uncertainty of security issues in the system concurrently. In this case, the effectiveness of defense mechanisms with fixed strategies would fluctuate as the updates occur in cloud environment. We refer this problem as effectiveness drift problem of defense mechanisms, which is particularly acute in the proactive defense mechanisms, such as moving target defense (MTD). To tackle this problem, we present DSEOM, a framework that can automatically perceive updates of container-based cloud environment, rapidly evaluate the effectiveness change of MTD and dynamically optimize MTD strategies. Specifically, we establish a multi-dimensional attack graphs model to formalize various complex attack scenarios. Combining with this model, we introduce the concept of betweenness centrality to effectively evaluate and optimize the implementation strategies of MTD. In addition, we present a series of security and performance metrics to quantify the effectiveness of MTD strategies in DSEOM. And we conduct extensive experiments to illustrate the existence of the effectiveness drift problem and demonstrate the usability and scalability of DSEOM.

show abstract

Exploring New Opportunities to Defeat Low-Rate DDoS Attack in Container-Based Cloud Environment

Jin

Zou

et al. 2020

IEEE Trans. Parallel Distrib. Syst.

View full text Add to dashboard Cite

DDoS attacks are rampant in cloud environments and continually evolve into more sophisticated and intelligent modalities, such as low-rate DDoS attacks. But meanwhile, the cloud environment is also developing in constant. Now container technology and microservice architecture are widely applied in cloud environment and compose container-based cloud environment. Comparing with traditional cloud environments, the container-based cloud environment is more lightweight in virtualization and more flexible in scaling service. Naturally, a question that arises is whether these new features of container-based cloud environment will bring new possibilities to defeat DDoS attacks. In this paper, we establish a mathematical model based on queueing theory to analyze the strengths and weaknesses of the container-based cloud environment in defeating low-rate DDoS attack. Based on this, we propose a dynamic DDoS mitigation strategy, which can dynamically regulate the number of container instances serving for different users and coordinate the resource allocation for these instances to maximize the quality of service. And extensive simulations and testbed-based experiments demonstrate our strategy can make the limited system resources be utilized sufficiently to maintain the quality of service acceptable and defeat DDoS attack effectively in the container-based cloud environment.

show abstract

Retrofitting LBR Profiling to Enhance Virtual Machine Introspection

Liu

et al. 2022

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Zhi Li

DSEOM: A Framework for Dynamic Security Evaluation and Optimization of MTD in Container-based Cloud

Exploring New Opportunities to Defeat Low-Rate DDoS Attack in Container-Based Cloud Environment

Retrofitting LBR Profiling to Enhance Virtual Machine Introspection

Contact Info

Product

Resources

About