在雲端運算蓬勃發展下,彈性雲之營運方式被廣泛使用,透過根據用戶服務級別協議(SLA)提供 QoS,使服務更能按需求部署及彈性擴展。然而此種營運機制可能會受到針對雲服務之 Economic Denial of Sustainability(EDoS)攻擊,表面上對服務提出合法請求,利用服務自動擴展機制,造成系統持續擴展資源,讓用戶需要支付龐大的資源使用費。而本論文提出一個機制,利用基於 Dynamic Time Warping 的 K-means 分群演算法對用戶流量進行分群,並分析服務資源使用率和用戶流量之間的時間分布,來區分合法用戶及惡意用戶,並限制惡意用戶存取服務,來達到偵測 Yo-Yo 攻擊以及防禦之效果。;As development of cloud computing grows rapidly, the operation with Elastic Cloud is widely used. By providing QoS according to the user service level agreement (SLA), the service can be deployed and expanded flexibly on demand. However, this kind of operation may suffer Economic Denial of Sustainability (EDoS) attacks against cloud services. On the surface, legal requests are sent to the service, cause the system to continue to expand resources with auto-scaling mechanism. Let users need to pay for a huge usage fee. This paper proposes a mechanism that uses the K-means clustering algorithm based on Dynamic Time Warping to cluster users’ traffic, and analyzes the time distribution between system resource usage and user traffic to distinguish legitimate users from malicious users. Then restrict malicious users to access the Service. Keep the service from the threat of Yo-Yo attack.
