Total views : 490

A Comparative Analysis of Security Methods for DDoS Attacks in the Cloud Computing Environment

Affiliations

  • School of Computing Science and Engineering, VIT University Chennai - 600127, Tamil Nadu, India

Abstract


Cloud security is of the major concern in the deployment and protection of cloud deployment models. In this paper, detailed investigations on the recent DDoS attacks and comparative analysis of the various DDoS security solutions in the cloud computing environment are carried out. The comprehensive study of the cloud DDoS solutions clearly exemplifies the techniques, deployment layer, benchmark datasets, tools and performance metrics. The Cloud DDoS Detection and defense model using learning algorithms is designed to protect the cloud infrastructure considering the pitfalls in the existing procedures for real world problems. The model is based on anomaly detection and thus it is capable of protecting the public/private cloud from zero-day attacks. The availability of the cloud applications is improved significantly by defending cloud DDoS attacks and offers high quality of services to the legitimate users.

Keywords

Cloud Computing, DDoS, Detection, Defense, Security.

Full Text:

 |  (PDF views: 596)

References


  • Manjusha R, Ramachandran R. Secure authentication and access system for cloud computing auditing services using associated digital certificate. Indian Journal of Science and Technology. 2015 Apr 1; 8(7):1–8.
  • Arora K, Kumar K, Sachdeva M. Impact analysis of recent DDoS attacks. International Journal on Computer Science and Engineering. 2011 Feb; 3(2):877–83.
  • Devi BSK, Preetha G, Shalinie SM. DDoS detection using host-network based metrics and mitigation in experimental testbed. 2012 International Conference on Recent Trends in Information Technology (ICRTIT); Chennai, Tamil Nadu. 2012 Apr 19. p. 423–7.
  • Bhuyan MH, Kashyap HJ, Bhattacharyya DK, Kalita JK. Detecting distributed denial of service attacks: Methods, tools and future directions. The Computer Journal. 2013 Mar 28.
  • Abliz M. Internet denial of service attacks and defense mechanisms. University of Pittsburgh, Department of Computer Science, Technical Report; 2011 Mar.
  • Zaroo P. A survey of DDoS attacks and some DDoS defense mechanisms. Advanced Information Assurance (CS 626); 2002.
  • Sharifi AM, Amirgholipour SK, Alirezanejad M, Aski BS, Ghiami M. Availability challenge of cloud system under DDOS attack. Indian Journal of Science and Technology. 2012 Jun 1; 5(6):2933–7.
  • Dittrich D. The DoS Projects ‘trinoo’ distributed denial of service attack tool; 1999.
  • Dittrich D. The tribe flood network distributed denial of service attack tool. University of Washington; 1999 Oct 21. p. 10.
  • Barlow J, Thrower W. TFN2K- An analysis. Axent Security Team; 2014 Sep 05.
  • Dittrich D. The ‘stacheldraht’ distributed denial of service attack tool; 1999 Dec 31.
  • Dietrich S, Long N, Dittrich D. Analyzing distributed denial of service tools: The shaft case. InLISA; 2000 Dec 3. p. 329–39.
  • Dittrich D, Weaver G, Dietrich S, Long N. The “mstream” distributed denial of service attack tool. Available from: http://staff.washington.edu/dittrich/misc/mstream.analysis.txt
  • Hancock B. Trinity v3, a DDoS tool, hits the streets. Computers and Security. 2000 Nov 1; 19(7):574.
  • Bysin. Knight. Csourcecode; 2001.
  • Kenig R, Manor D, Gadot Z, Trauner D. DDoS Survival Handbook; 2013.
  • Snake R, Lee JK, Slowloris R. HTTP DoS. Available from: http://hackers.org/slowloris/
  • Ahamad T, Aljumah A. Detection and defense mechanism against DDoS in MANET. Indian Journal of Science and Technology. 2015 Dec 1; 8(33):1–4.
  • Chen Z, Han F, Cao J, Jiang X, Chen S. Cloud computing-based forensic analysis for collaborative network security management system. Tsinghua Science and Technology. 2013 Feb; 18(1):40–50.
  • Dou W, Chen Q, Chen J. A confidence-based filtering method for DDoS attack defense in cloud environment. Future Generation Computer Systems. 2013 Sep 30; 29(7):1838–50.
  • Wei W, Chen F, Xia Y, Jin G. A rank correlation based detection against distributed reflection DoS attacks. IEEE Communications Letters. 2013 Jan; 17(1):173–5.
  • Tan Z, Nagar UT, He X, Nanda P, Liu RP, Wang S, Hu J. Enhancing big data security with collaborative intrusion detection. IEEE Cloud Computing. 2014 Sep; 1(3):27–33.
  • Cha B, Kim J. Study of multistage anomaly detection for secured cloud computing resources in future internet. IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC); USA. 2011 Dec 12. p. 1046–50.
  • Li H, Wu Q. A distributed intrusion detection model based on cloud theory. IEEE 2nd International Conference on Cloud Computing and Intelligent Systems (CCIS); Hangzhou. 2012 Oct 30. p. 435–9.
  • Chapade SS, Pandey KU, Bhade DS. Securing cloud servers against flooding based DDoS attacks. International Conference on Communication Systems and Network Technologies (CSNT); Gwalior. 2013 Apr 6, p. 524–8.
  • Aishwarya R, Malliga S. Intrusion detection system- An efficient way to thwart against Dos/DDos attack in the cloud environment. International Conference on Recent Trends in Information Technology (ICRTIT); Chennai. 2014 Apr 10. p. 1–6.
  • Maqsood R, Shahabuddin N, Upadhyay D. A scheme for detecting intrusions and minimising data loss in virtual networks. International Conference on Computational Intelligence and Communication Networks (CICN); 2014 Nov 14. p. 738–43.
  • Shamsolmoali P, Zareapoor M. Statistical-based filtering system against DDOS attacks in cloud computing. 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI); New Delhi. 2014 Sep 24. p. 1234–9.
  • Jia Q, Wang H, Fleck D, Li F, Stavrou A, Powell W. Catch me if you can: A cloud-enabled DDoS defense. 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN); GA. 2014 Jun 23. p. 264–75.
  • Al-Haidari F, Sqalli MH, Salah K. Enhanced edos-shield for mitigating edos attacks originating from spoofed IP addresses. IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom); USA. 2012 Jun 25. p. 1167–74.
  • Lua R, Yow KC. Mitigating DDoS attacks with transparent and intelligent fast-flux swarm network. IEEE Network. 2011 Jul; 25(4):28–33.
  • Yan Q, Yu F. Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Communications Magazine. 2015 Apr; 53(4):52–9.
  • Guenane FA, Jaafar B, Nogucira M, Pujolle G. Autonomous architecture for managing firewalling cloud-based service. International Conference and Workshop on the Network of the Future (NOF); Paris. 2014 Dec 3. p. 1–5.
  • Kumar MN, Sujatha P, Kalva V, Nagori R, Katukojwala AK, Kumar M. Mitigating Economic Denial of Sustainability (EDoS) in cloud computing using in-cloud scrubber service. 4th International Conference on Computational Intelligence and Communication Networks (CICN); Mathura. 2012 Nov 3. p. 535–9.
  • Guenane F, Nogueira M, Pujolle G. Reducing DDoS attacks impact using a hybrid cloud-based firewalling architecture. Global Information Infrastructure and Networking Symposium (GIIS); QC. 2014 Sep 15. p. 1–6.
  • Alosaimi W, Al-Begain K. An enhanced economical denial of sustainability mitigation system for the cloud. 7th International Conference on Next Generation Mobile Apps, Services and Technologies (NGMAST); Prague. 2013 Sep 25. p. 19–25.
  • Sqalli MH, Al-Haidari F, Salah K. Edos-shield-a two-steps mitigation technique against edos attacks in cloud computing. 4th IEEE International Conference on Utility and Cloud Computing (UCC); NSW. 2011 Dec 5. p. 49–56.
  • Chung CJ, Khatkar P, Xing T, Lee J, Huang D. NICE: Network intrusion detection and countermeasure selection in virtual network systems. IEEE Transactions on Dependable and Secure Computing. 2013 Jul; 10(4):198–211.
  • Anwar Z, Malik AW. Can a DDoS attack meltdown my data center? A simulation study and defense strategies. IEEE Communications Letters. 2014 Jul; 18(7):1175–8.
  • Ling Z, Luo J, Wu K, Yu W, Fu X. TorWard: Discovery, blocking, and traceback of malicious traffic over tor. IEEE Transactions on Information Forensics and Security. 2015 Dec; 10(12):2515–30.
  • Choi J, Choi C, Ko B, Kim P. A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Computing. 2014 Sep 1; 18(9):1697–703.
  • Arshad J, Townend P, Xu J. A novel intrusion severity analysis approach for Clouds. Future Generation Computer Systems. 2013 Jan 31; 29(1):416–28.
  • Bakshi A, Yogesh B. Securing cloud from DDoS attacks using intrusion detection system in virtual machine. 2nd International Conference on Communication Software and Networks, ICCSN'10; 2010 Feb 26. p. 260–4.
  • Chen Q, Lin W, Dou W, Yu S. CBF: A packet filtering method for DDoS attack defense in cloud environment. 2011 IEEE 9th International Conference on Dependable, Autonomic and Secure Computing (DASC); NSW. 2011 Dec 12. p. 427–34.
  • Joshi B, Vijayan AS, Joshi BK. Securing cloud computing environment against DDoS attacks. International Conference on Computer Communication and Informatics (ICCCI); Coimbatore. 2012 Jan 10. p. 1–5.
  • Karnwal T, Sivakumar T, Aghila G. A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack. IEEE Students' Conference on Electrical, Electronics and Computer Science (SCEECS); Bhopal. 2012 Mar 1. p. 1–5.
  • Anitha E, Malliga S. A packet marking approach to protect cloud environment against DDoS attacks. International Conference on Information Communication and Embedded Systems (ICICES); Chennai. 2013 Feb 21. p. 367–70.
  • Hong JB, Kim DS. Assessing the effectiveness of moving target defenses using security models. IEEE Transactions on Dependable and Secure Computing. 2016 Mar-Apr 1; 13(2):163–77.
  • Chonka A, Xiang Y, Zhou W, Bonti A. Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. Journal of Network and Computer Applications. 2011 Jul 31; 34(4):1097–107.
  • Tahmassebpour M. Immediate detection of DDoS attacks with using NetFlow on cisco devices IOS. Indian Journal of Science and Technology. 2016 Jul 18; 9(26).
  • Prasad KM, Reddy AR, Rao KV. Anomaly based real time prevention of under rated app-DDOS attacks on Web: An experiential metrics based machine learning approach. Indian Journal of Science and Technology. 2016 Jul 28; 9(27).

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.