Printer Friendly

Energy based attack detection in virtual environment using COSMIC FFP.


Virtualization has already become an essential technology amongst various applications. In general, Computer Virtualization allows multiple Virtual Machines (VMs) to reside on a single physical machine. With any new technology, there are downsides and trade-offs; virtualization is no exception to this rule. With the ability to run multiple different VMs and even different operating systems at the same time, there comes the cost of various security issues (Beatriz Marin, et al., 2008; Bolla, R., et al, 2014). Distributed Denial of Service (DDOS) attack has become a major threat to all the sites that are connected to the internet. The process of analysing and providing a defense against such attacks are very difficult as they consume all the resources available for both computing service and network transport layer services, wherein, it is hard to distinguish whether an access or service request is genuine or malicious (Anand, R., Dr. S. Saraswathi, 2012). DDOS attack occurs when many computers attempt to access the same service simultaneously overwhelming the capacity of the server to respond in its desired manner. Virtual Machines are rapidly replacing the physical machines to emulate hardware environments that share hardware resources. Also, the Virtual Machine provides better security than physical machines by incorporating an additional layer of isolating hardware (Beatriz Marin, et al, 2008; Cuadrado-Gallego, J.J., et al., 2012; Diab, H., et al., 2001). However, the virtual environment has certain security issues, wherein, the user of single Virtual Machine in virtual environment with N number of Virtual Machines can monitor or access other Virtual Machine (Anand, R., Dr.S.Saraswathi, 2014).

1. Energy Based Attack:

Every action in the virtual environment will consume a reasonable amount of energy for performing the action. A hacker trying to hack will try continuously to access the application which will in turn lead to more energy consumption (Francesco Palmieri, et al., 2011).

Energy based attacks can drain the systems energy by performing millions of read and write operations it can cause the hard disk to perform functions continuously, which can even affect the operating system of the machine. To avoid such a situation, energy based attack detection is felt necessary. In energy based attack detection, the energy changes in application for each read and write operations are monitored and if the changes are frequent then the application is considered to be attacked (Frank Vogelezang, 2006).

Providing security and privacy for the application is a tedious business. Security and privacy takes different forms in a network scenario. Security is process of ensuring that the data is accurate and reliable no matter how many times it is accessed, and making sure that the data is always available when needed. Whereas privacy is proving personalization in accessing data, it is providing right data to right people. The data personalized to one user should not be shared with the other. Attack detection methodologies should ensure that the applications provide both privacy and security to the users through energy based attack detection model.

This type of energy attacks will threaten the privacy in the virtual environment. The energy changes can be monitored thereby detecting the attacks. In this paper, we deal some of those privacy issues:

(a) User Identifiable Information:

When the client requests for an application, the user identifiable information, such as, the type of request, requested application, IP address and Mac address of the client are noted in the client history table (Geva, M., et al, 2014; Monika Sachdeva, et al., 2010), these information can be used to uniquely identify the user and permit application access only for the authorized user. By this way the application can be made un-accessible to the unauthorized users.

(b) Appropriate Usage Of Information:

Within a particular session the user is limited to access the application only once by calculating the energy changes. If the client tries to access the same information again and again by making frequent reads and writes, the energy changes will be frequent, in that case the request will be discarded, thereby ensuring the appropriate usage of the application.

1.1 Detection:

In a virtual environment, Session is a semi-permanent time period within which a system and a user interchange information between each other. It is like a communication between two parties for a particular period once the information interchange is complete and the session is closed.

A session is maintained between the system and the user to have an authenticated communication. Within a particular session, the user need not authenticate for every activity or action, but if this session is hacked then it can be used by the attacker to misuse application. The types of Session Based Energy Attacks are: (a) Session Fixation:

Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs or POST data.

(b) Session Hijacking:

Session Hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer.

(c) Session Injection:

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it does not assign a new session ID, making it possible to use an existent session ID. The attack consists of inducing a user to authenticate himself with a known session ID, and then hijacking the user validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.

1.2 Architecture:

A typical application virtualization environment involves the total functioning of the cloud environment, which is substantial to numerous clients. Each client is capable for utilizing different applications provided in cloud server. Application is categorized into installed applications and portable applications, which are hosted by and within virtual application server.

The application services act as gateway between the applications, virtualization server and cloud. This application virtualization server is provided with installed applications and portable applications as services, making up the cloud.

Based on the service request (application) by the client, the server calculates and computes the energy level of the particular application for the session period. Each request by client is provided with certain session period limit. Energy of an application is based on Read or Write operation. The request made by client to server is considered as Read operation while the process that happens while processing is considered to be Write operation.

As, it could be seen in the figure 1 architecture, each Read and Write function is used by the server to commute and calculate the energy level with a help of function point. Function point is a unit to measure the business functionality of an information system. Subsequently, FFP (Full Function Point) is used to measure the functional size of real time software. In addition to both, COSMIC (Common Software Measurement International Consortium) FFP is used as standardization of software measure.


COSMIC (Common Software Measurement International Consortium) is an internationally standardized method for measuring a functional size of software. It is applicable to both business application and real-time software (Gennaro Costagliola, et al, 2004; Geva, M., et al., 2014).

A 'functional size' of software, as measured by a particular functional size measurement method, depends only on a functional requirements of the software and is independent of any technical or quality requirements (Xiao, Z., et al., 2014). A functional size is therefore valuable as a measure of software project work-output which can be used as a component of project performance measures, and as a main input to effort-estimation methods, especially in early stages of a software project (Yanyan Chen; et al., 2010; Zhou Peng, et al., 2012).

Measuring a functional size (Xunmei Gu, et al., 2006) of a piece of software and using functional size requirements requires a thorough understanding of the measurement method used, in order to ensure that correct results are obtained and that they can be properly interpreted and used. It is therefore imperative that the size measurement method's documentation is clear and comprehensive, and is usable for novice and experienced measures, working in various software domains.

In this method, Read operations consume more energy than Write operations. Entry and exit operations consume almost zero.

One Read Energy Point [E.sub.R] = 13.3 [mu]W/k byte One Write Energy Point [E.sub.w]= 6.67 [mu]W/k byte

Total Energy Points (EP) = Total Read Energy (RE) + Total Write Energy (WE) in kW.

2. Case Study of Cosmic Function Point (CFP):

The fundamental idea behind cosmic FFP is to divide the complete monolithic application into layers and components. Sizing of application is done by identifying the data movements in each component. These data movements involve Read Entry, Write Entry, Read Exit and Write Exit operations. The total summation of this completes the size of any executed application. The overall relationship between these four types of data movement in a functional process to which they belong helps in measuring the application size.

2.1 Algorithm:

(a) Start.

(b) The client gets access to the system by logging in remotely.

(c) The client sends a request to the Server asking for the access to application.

(d) The server acknowledges the client and permits the access to the application.

(e) The client request is endowed with different data movement. Each data movement involves different energy level consumption.

(f) If the cosmic function point (CFP) is equivalent to virtual environment value, the client accesses the application. Otherwise client is access is denied.

(g) Elsewhere after accessing application the energy level of the application is monitored

(h) i) If the energy level of the given application exceeds the threshold energy level, the client access to such application are denied

ii) If the energy level of the given application matches to the requested application. Client's access to such application is permissible.

(i) End the process

2.2 FUR (Functional User Requirements):

These are used to specify user's need and procedure that software should fulfil. It is also used to identify function processes. This function process is triggered by one or more events of the software being measured. Each function process has sub process. These sub processes are amongst the four data movements specified in data group. Each data movement is counted as one CFP (COSMIC Function point). The Software Projects involve data movements as follows: (a) Entry: Data movement from outside client to application process.

(b) Exit: Data movement from application process to outside client.

(c) Read: Data movement from persistent storage to application process.

(d) Write: Data movement from application process to persistent storage.

An 'Entry' moves a data group into the software from a functional user and an 'Exit' moves a data group out. 'Writes' and 'Reads' move a data group to and from persistent storage, respectively.

As an approximation for measurement purposes (and in light of the applicability of the method, described above), data manipulation sub-processes are not separately measured.

The size of a piece of software is then defined as the total number of data movements (Entries, Exits, Reads and Writes) summed over all functional processes of the piece of software. Each data movement is counted as one 'COSMIC Function Point' ('CFP'). The size of a functional process, and hence the size of a piece of software, can be a minimum of 2 CFP, with no upper limit.

In the Virtual Environment, data movement functional process involves the following:

(a) User access the physical machine to get the service of their interest.

(b) In turn, physical machine requests the Virtual Machine.

(c) The username and password are verified.

(d) The application in Virtual Machine creates an instance of virtual application.

(e) The entire process is categorized into three parts:

(i) Client to Server.

(ii) Physical machine to Virtual Machine.

(iii) Virtual Machine to Virtual Application.

The typical data movement for each event is calculated as follows:

Table 1: Details of COSMIC functional processes
in Virtual Environment

Sl. No   Data Movement Type   Size (CFP)   Ratio

1.           Entry (E)            5         45%
2.            Exit (X)            1         10%
3.            Read (R)            3         27%
4.           Write (W)            2         18%

         Total                    11       100%

The percentile comparison of all the four types of Data movements in the above quoted typical Virtual Environment along with the pictorial graph is as follows:

From the figure 3, it is very evident that the Entry data movement is considered to have high ratio (45%) of vulnerability because of intruders mainly trying to attack the virtual network system while login. Hence, security mechanism should be implemented in the initial stage of client request. Using CFP and Total Energy Point calculations, the service provider can ensure user data movement and provide secured service of data in Virtual

Environment. Read operation is considered to have next level of higher ratio (i.e. 27%), as all processing take place in this phase of the data movement. Write and Exit operation have the least ratio, since data cannot be utilized by user for prolonged time in Virtual Environment.

A list of applications has been considered for the study of Energy based attack detection system. The study showed that each application consumed considerable amount of energy for the Read and Write operation, from which, the Total Energy consumed have been calculated. When the user access an application, the energy consumption is calculated and if the energy consumption exceeds the total energy required for one Read and Write operation, then the application is said to be attacked. By this way, the attacks can be detected and fixed by allowing the user to access an application only once during a particular session.

Each application is provided with different read and write energy level in MB and KB respectively. Each application is provided with a threshold energy level. If the total energy exceeds the given energy provided the application is considered to be vulnerable. The multimedia application such as VLC, Flash and Dreamviewer has energy level ranging from 68096 pW to 262850.6 pW for read operation and 20863.78 pW to 55761.18 pW for write application respectively. Consider the firefox application, read energy level and write energy level as mentioned in the given table exceeds given energy range, firefox application is to be attacked by an vulnerable user. Similarly Irfanview has energy of 74905.6pW and 29694.87pW for read energy and write energy respectively. If this software application exceeds the given energy level, it is suspicious of being attacked. Likewise Cmd Prompt application has an energy level approximate to that of MSword application. Thus the attacked applications are detected by the energy level calculated. Attacks detected are the then fixed by taking appropriate countermeasure. The same has been depicted in tabular (i.e. Table 3) and pictorial form (i.e Figure 4) in and as follows:


Virtualization has already become an essential technology amongst various applications. In recent years, various methodologies are being proposed to provide enhanced security and privacy in this virtual environment. In the proposed methodology, new concepts of Cosmic Function Point and Total Energy Point have been introduced to provide secured service in Virtual Environment. The given approach is illustrated with different examples in real and virtual environment. Using this concept, security can be provided at root level of access to Server ensuring minimal damage to the virtual environment and its resources.

In a nutshell, the integrated mechanism of Energy Level (EL) along with Cosmic Function Point (CFP) was implemented to evaluate the energy consumption rate of various Data Movements and applications. Our results indicated that the Read operations involve maximum vulnerability. Energy based detection mechanism is found to be effective in tackling DDoS attacks that are provoked by intentional, selfish and malicious clients.


Article history:

Received 12 October 2014

Received in revised form 26 December 2014

Accepted 1 January 2015

Available online 25 February 2015


Beatriz Marin, Giovanni Giachetti, Oscar Pastor, 2008. Measurement of Functional Size in Conceptual Models: A Survey of Measurement Procedures Based on COSMIC, Lecture Notes in Computer Science Volume 5338, Springer, 170-183.

Bolla, R., C. Lombardo, R. Bruschi, S. Mangialardi, 2014. DROPv2: energy efficiency through network function virtualization, Network, IEEE, 28(2): 26-32.

Anand, R., Dr. S. Saraswathi, 2012. "Design of Secure Communication Model for Virtual Environment" Global Trends in Computing and Communication Systems Communications in Computer and Information Science, Volume 269, Springer, pp 277-283

Cuadrado-Gallego, J.J., P. Rodriguez-Soria, A. Lucendo, R. Neumann, R. Dumke, A. Schmietendorf, 2012. COSMIC Measurements Dispersion," Software Measurement and the 2012 Seventh International Conference on Software Process and Product Measurement (IWSM-MENSURA), Joint Conference of the 22nd International Workshop on, 85(88): 17-19.

Diab, H., M. Frappier, R. St.Denis, 2001. Formalizing COSMIC-FFP using ROOM," Computer Systems and Applications, ACS/IEEE International Conference on, 312-318.

Anand, R., Dr.S.Saraswathi, 2014. "Knowledge Based Secure Data Streaming in Virtual Environment"" International Journal of Security and Its Applications, 8(1): 193-200.

Francesco Palmieri, Sergio Ricciardi, Ugo Fiore, 2011. Evaluating Network-Based DoS AttacksUnder the Energy Consumption Perspective International Conference on Broadband and Wireless Computing, Communication and Applications, IEEE, 374-379.

Frank Vogelezang, 2006. Using COSMIC-FFP for sizing, estimating and planning in an ERP environment, Software Measurement Conference, IWSM/MetriKon, 327-342.

Gennaro Costagliola, Filomena Ferrucci, Carmine Gravino, Genoveffa Tortora, Giuliana Vitiello, 2004 "A COSMIC-FFP Based Method to Estimate Web Application Development Effort" Lecture Notes in Computer Science Volume 3140, Springer, 161-165.

Geva, M., A. Herzberg, Y. Gev, 2014. Bandwidth Distributed Denial of Service: Attacks and Defenses,, Security & Privacy, IEEE, 12(1): 54-61.

Monika Sachdeva, Gurvinder Singh, Krishan Kumar and Kuldip Singh, 2010. DDoS Incidents and their Impact: A Review" The International Arab Journal of Information Technology, 7-1.

Xiao, Z., Q. Chen, H. Luo, 2014. "Automatic Scaling of Internet Applications for Cloud Computing Services, " Computers, IEEE Transactions on, 63(5): 1111-1123.

Xunmei Gu, Guoxin Song, Qingyi Li, 2006. "An Improved FSM Method for Web-based Applications," Computational Intelligence for Modelling, Control and Automation and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, International Conference, 21-28.

Yanyan Chen; Qingyi Li, Xunmei Gu, 2010. Estimating the size of applications in MDA environments, Information Science and Engineering (ICISE), 2nd International Conference on, 4526(4529): 4-6.

Zhou Peng, He Hong-jun, Liu Qing-he, Zhu An-jing, Mai Xin-hui Springer, 2012. Identification of the Software Layers in COSMIC-FFP, Advances in Intelligent and Soft Computing, 114: 133-138.

(1) Anand R. and (2) Dr. S. Saraswathi

(1) Research Scholar, Computer Science And Engineering, Manonmaniam Sundaranar University, Tirunelveli, Tamilnadu, India

(2) Information Technology, Pondicherry Engineering College, Pondicherry, India

Corresponding Author: Anand R., Research Scholar, Computer Science And Engineering, Manonmaniam Sundaranar University, Tirunelveli, Tamilnadu, India


Table 2: Ratio of the COSMIC functional data movement types.

S.No         Functional        Triggering       Data Movement
         Process Description     Event           Description

1          Client--Server        30 sec      Client requests to
                                                server for an

                                                available is
                                               provided to the
                                              authorized user.

                                                 Display the

                                                  Store the

2             Physical           10min        Server starts the
          machine--Virtual                    physical machine
                                              Physical machine
                                              requests Virtual

                                                Username and
                                            password are entered

                                             Verify the username
                                                and password

2              Virtual         Processing        Instance of
          Machine--Virtual        Time           application
             application                         is created

                                                 Install the

                                                 Display the
                                             application to user


S.No       Data Group        Data     CFP   Total CFP   Ratio (%)

1          Display the        E        1        4         36 %

                              R        1

                              X        1

                              W        1

2        Virtual Machine      E        1        4         36 %
           Turn on/off
                              E        1

                              E        1

                              R        1

2            Virtual          R        1        3          28%
                              W        1

                              E        1

Total                                          11         100%

Table 3: Energy Consumption in Various Applications.

Sl. No.   Applications   Read Bytes   Write Bytes
                          (in KB)       (in KB)

1.            VLC         10444.8     4612.00384
2.           Adobe         7782.4     6476.00128
3.          Firefox       31539.2     6672.00512
4.           MSWord         8704      7344.00512
5.         Cmd Prompt      9011.2        7360
6.         Irfanview        5632      4452.00384
7.        FoxitReader      11776      7099.99616
8.         Teamviewer     15257.6     7320.00256
9.           Flash          5120      3128.00256
10.       Dreamviewer     19763.2     8359.99744

Sl. No.      Read Energy        Write Energy
          (in [[mu].sub.w])   (in [[mu].sub.w])

1.            138905.2            30762.07
2.            103505.9            43194.93
3.            419471.4            44502.27
4.            115763.2            48984.51
5.             119849              49091.2
6.             74905.6            29694.87
7.            156620.8            47356.97
8.            202926.1            48824.42
9.              68096             20863.78
10.           262850.6            55761.18

Each application is provided with different read
and write energy level in MB and KB respectively. Each

Fig. 3: Ratio of the COSMIC data movement types.

Entry (E)   45%
Exit (X)    10%
Read (R)    27%
Write (W)   18%

Note: Table made from pie chart.
COPYRIGHT 2015 American-Eurasian Network for Scientific Information
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2015 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Anand, R.; Saraswathi, S.
Publication:Advances in Natural and Applied Sciences
Article Type:Report
Date:Jun 1, 2015
Previous Article:Privacy preserving database and classification of multidatabase mining.
Next Article:Available bandwidth estimation through link prediction (LP-ABE) in MANET.

Terms of use | Privacy policy | Copyright © 2022 Farlex, Inc. | Feedback | For webmasters |