Algorithm for Secure Hybrid Cloud Design Against DDoS Attacks

2018 ◽

Vol 13 (4) ◽

pp. 61-77 ◽

Cited By ~ 2

Author(s):

Akashdeep Bhardwaj ◽

Sam Goundar

Keyword(s):

Service Industry ◽

Denial Of Service ◽

Hybrid Cloud ◽

Ddos Attacks ◽

Cloud Infrastructure ◽

Dos Attacks ◽

Cloud Application ◽

Government Education ◽

Cloud Environments ◽

Cloud Applications

This article describes how cloud computing has become a significant IT infrastructure in business, government, education, research, and service industry domains. Security of cloud-based applications, especially for those applications with constant inbound and outbound user traffic is important. It becomes of the utmost importance to secure the data flowing between the cloud application and user systems against cyber criminals who launch Denial of Service (DoS) attacks. Existing research related to cloud security focuses on securing the flow of information on servers or between networks but there is a lack of research to mitigate Distributed Denial of Service attacks on cloud environments as presented by Buyya et al. and Fachkha, et al. In this article, the authors propose an algorithm and a Hybrid Cloud-based Secure Architecture to mitigate DDoS attacks. By proposing a three-tier cloud infrastructure with a two-tier defense system for separate Network and Application layers, the authors show that DDoS attacks can be detected and blocked before reaching the infrastructure hosting the Cloud applications.

Download Full-text

Multi-Aspect DDOS Detection System for Securing Cloud Network

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch096 ◽

2019 ◽

pp. 1952-1983

Author(s):

Pourya Shamsolmoali ◽

Masoumeh Zareapoor ◽

M.Afshar Alam

Keyword(s):

Cloud Computing ◽

Detection System ◽

Denial Of Service ◽

Complex Form ◽

Internet Security ◽

Detection Methods ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Detection ◽

Cloud Network

Distributed Denial of Service (DDoS) attacks have become a serious attack for internet security and Cloud Computing environment. This kind of attacks is the most complex form of DoS (Denial of Service) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which defending methods do not able to disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network. In this chapter we present different aspect of security in Cloud Computing, mostly we concentrated on DDOS Attacks. The Authors illustrated all types of Dos Attacks and discussed the most effective detection methods.

Download Full-text

Mitigate DoS and DDoS Attack in Mobile Ad Hoc Networks

International Journal of Digital Crime and Forensics ◽

10.4018/jdcf.2011010102 ◽

2011 ◽

Vol 3 (1) ◽

pp. 14-36 ◽

Cited By ~ 7

Author(s):

Antonis Michalas ◽

Nikos Komninos ◽

Neeli R. Prasad

Keyword(s):

Game Theory ◽

Ad Hoc Networks ◽

Ad Hoc Network ◽

Ad Hoc ◽

Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Mobile Ad Hoc ◽

Hoc Networks ◽

Cryptographic Puzzles

This paper proposes a technique to defeat Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks in Ad Hoc Networks. The technique is divided into two main parts and with game theory and cryptographic puzzles. Introduced first is a new client puzzle to prevent DoS attacks in such networks. The second part presents a multiplayer game that takes place between the nodes of an ad hoc network and based on fundamental principles of game theory. By combining computational problems with puzzles, improvement occurs in the efficiency and latency of the communicating nodes and resistance in DoS and DDoS attacks. Experimental results show the effectiveness of the approach for devices with limited resources and for environments like ad hoc networks where nodes must exchange information quickly.

Download Full-text

TRAWLING TRAFFIC UNDER ATTACK OVERCOMING DDoS ATTACKS BY TARGET-CONTROLLED TRAFFIC FILTERING

International Journal of Foundations of Computer Science ◽

10.1142/s012905411100857x ◽

2011 ◽

Vol 22 (05) ◽

pp. 1073-1098

Author(s):

SHLOMI DOLEV ◽

YUVAL ELOVICI ◽

ALEX KESSELMAN ◽

POLINA ZILBERMAN

Keyword(s):

Denial Of Service ◽

The Internet ◽

Traffic Classification ◽

Classification Rules ◽

Ddos Attacks ◽

Dos Attack ◽

Dos Attacks ◽

Worst Case ◽

Filtering Algorithm ◽

Internet Community

As more and more services are provided by servers via the Internet, Denial-of-Service (DoS) attacks pose an increasing threat to the Internet community. A DoS attack overloads the target server with a large volume of adverse requests, thereby rendering the server unavailable to "well-behaved" users. In this paper, we propose two algorithms that allow attack targets to dynamically filter their incoming traffic based on a distributed policy. The proposed algorithms defend the target against DoS and distributed DoS (DDoS) attacks and simultaneously ensure that it continues to serve "well-behaved" users. In a nutshell, a target can define a filtering policy which consists of a set of traffic classification rules and the corresponding amounts of traffic for each rule. A filtering algorithm is enforced by the ISP's routers when a target is being overloaded with traffic. The goal is to maximize the amount of filtered traffic forwarded to the target, according to the filtering policy, from the ISP. The first proposed algorithm is a collaborative algorithm which computes and delivers to the target the best possible traffic mix in polynomial time. The second algorithm is a distributed non-collaborative algorithm for which we prove a lower bound on the worst-case performance.

Download Full-text

Model-Based Cloud Service Deployment Optimisation Method For Minimisation of Application Service Operational Cost

10.21203/rs.3.rs-1112213/v1 ◽

2021 ◽

Author(s):

Ivana Stupar ◽

Darko Huljenić

Keyword(s):

Quality Of Service ◽

Cloud Service ◽

Operational Cost ◽

Cloud Infrastructure ◽

Application Service ◽

Cloud Application ◽

Wide Range ◽

Service Deployment ◽

Cloud Applications

Abstract Many of the currently existing solutions for cloud cost optimisation are aimed at cloud infrastructure providers, and they often deal only with specific types of application services, leaving the providers of cloud applications without the suitable cost optimization solution, especially concerning the wide range of different application types. In this paper, we present an approach that aims to provide an optimisation solution for the providers of applications hosted in the cloud environments, applicable at the early phase of a cloud application lifecycle and for a wide range of application services. The focus of this research is development of the method for identifying optimised service deployment option in available cloud environments based on the model of the service and its context, with the aim of minimising the operational cost of the cloud service, while fulfilling the requirements defined by the service level agreement. A cloud application context metamodel is proposed that includes parameters related to both the application service and the cloud infrastructure relevant for the cost and quality of service. By using the proposed optimisation method, the knowledge is gained about the effects that the cloud application context parameters have on the service cost and quality of service, which is then used to determine the optimised service deployment option. The service models are validated using cloud application services deployed in laboratory conditions, and the optimisation method is validated using the simulations based on proposed cloud application context metamodel. The experimental results based on two cloud application services demonstrate the ability of the proposed approach to provide relevant information about the impact of cloud application context parameters on service cost and quality of service, and use this information in the optimisation aimed at reducing service operational cost while preserving the acceptable service quality level. The results indicate the applicability and relevance of the proposed approach for cloud applications in the early service lifecycle phase since application providers can gain useful insights regarding service deployment decision without acquiring extensive datasets for the analysis.

Download Full-text

AntibIoTic: Protecting IoT Devices Against DDoS Attacks

10.31224/osf.io/vh8ka ◽

2017 ◽

Cited By ~ 3

Author(s):

Michele De Donno ◽

Nicola Dragoni ◽

Alberto Giaretta ◽

Manuel Mazzara

Keyword(s):

Denial Of Service ◽

Main Idea ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

The World ◽

Iot Devices

The 2016 is remembered as the year that showed to the world how dangerous distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DoS attacks perpetrated through IoT devices.

Download Full-text

Taxonomy of Distributed Denial of Service (DDoS) Attacks and Defense Mechanisms in Present Era of Smartphone Devices

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2018040104 ◽

2018 ◽

Vol 10 (2) ◽

pp. 58-74 ◽

Cited By ~ 8

Author(s):

Kavita Sharma ◽

B. B. Gupta

Keyword(s):

Defense Mechanisms ◽

Computer Network ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Network Resources ◽

Common People ◽

Ddos Attack ◽

Legitimate User

This article describes how in the summer of 1999, the Computer Incident Advisory Capability first reported about Distributed Denial of Service (DDoS) attack incidents and the nature of Denial of Service (DoS) attacks in a distributed environment that eliminates the availability of resources or data on a computer network. DDoS attack exhausts the network resources and disturbs the legitimate user. This article provides an explanation on DDoS attacks and nature of these attacks against Smartphones and Wi-Fi Technology and presents a taxonomy of various defense mechanisms. The smartphone is chosen for this study, as they have now become a necessity rather than a luxury item for the common people.

Download Full-text

Performance Analysis of an Effective Approach to Protect Cloud Systems against Application Layer Based Attacks

International Journal of Online and Biomedical Engineering (iJOE) ◽

10.3991/ijoe.v15i03.9931 ◽

2019 ◽

Vol 15 (03) ◽

pp. 82

Author(s):

Hosam F. El-Sofany ◽

Samir Abou El-Seoud

Keyword(s):

Cloud Computing ◽

Web Applications ◽

Complexity Analysis ◽

Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Analysis Model ◽

New Paradigm ◽

Dos Attacks ◽

Web Based

Cloud computing is a new paradigm for hosting hardware and software resources and provides a web-based services to organizations and consumers. It also provides an easy to use and on-demand access to cloud based computing resources that can be published by easy, minimal administration and with a great efficiency. Services of cloud computing are accessing and sharing through internet connection thus it is open for attacker to attack on its security. Application layer based attacks is one of Distributed Denial of Service attacks (DDoS) that can cause a big problem in cloud security. The main objective of DDoS attacks is to infect computer resources (e.g., software applications, network, CPU, etc.) and make them not working properly for the authorized users. In DDoS, the attacker tries to overload the web-based service with traffic. HTTP and XML-based DDoS attacks are founded under the application layer based category of DoS attacks. This category of attack is focused on particular web applications. The main objective of this research paper is to introduce an effective approach to protect cloud-based systems against application layer based attacks. Complexity analysis, effectiveness and performance evaluations of the presented approach are presented. The feedbacks of the experimental results were highly promising, for protecting cloud computing systems against both DoS and DDoS attacks. Correlation analysis model is also used to validate the efficiency of the proposed approach.

Download Full-text

Denial-of-Service (DoS) Attack and Botnet

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch003 ◽

2021 ◽

pp. 49-73

Author(s):

Arushi Arora ◽

Sumit Kumar Yadav ◽

Kavita Sharma

Keyword(s):

Defense Mechanism ◽

Denial Of Service ◽

The Other ◽

Denial Of Service Attacks ◽

Ddos Attacks ◽

Dos Attack ◽

Dos Attacks ◽

Commercial Software ◽

Other Hand ◽

Insight Into

This chapter describes how the consequence and hazards showcased by Denial of Service attacks have resulted in the surge of research studies, commercial software and innovative cogitations. Of the DoS attacks, the incursion of its variant DDoS can be quite severe. A botnet, on the other hand, is a group of hijacked devices that are connected by internet. These botnet servers are used to perform DDoS attacks effectively. In this chapter, the authors attempt to provide an insight into DoS attacks and botnets, focusing on their analysis and mitigation. They also propose a defense mechanism to mitigate our system from botnet DDoS attacks. This is achieved by using a through access list based configuration. The artful engineering of malware is a weapon used for online crime and the ideas behind it are profit-motivated. The last section of the chapter provides an understanding of the WannaCry Ransomware Attack which locked computers in more than 150 countries.

Download Full-text

A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression

Proceedings ◽

10.3390/proceedings2020063051 ◽

2020 ◽

Vol 63 (1) ◽

pp. 51

Author(s):

Swathi Sambangi ◽

Lakshmeeswari Gondi

Keyword(s):

Machine Learning ◽

Denial Of Service ◽

Classification Problem ◽

Attack Detection ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Multiple Sources ◽

Denial Of Service Attack ◽

Network Bandwidth

The problem of identifying Distributed Denial of Service (DDos) attacks is fundamentally a classification problem in machine learning. In relevance to Cloud Computing, the task of identification of DDoS attacks is a significantly challenging problem because of computational complexity that has to be addressed. Fundamentally, a Denial of Service (DoS) attack is an intentional attack attempted by attackers from single source which has an implicit intention of making an application unavailable to the target stakeholder. For this to be achieved, attackers usually stagger the network bandwidth, halting system resources, thus causing denial of access for legitimate users. Contrary to DoS attacks, in DDoS attacks, the attacker makes use of multiple sources to initiate an attack. DDoS attacks are most common at network, transportation, presentation and application layers of a seven-layer OSI model. In this paper, the research objective is to study the problem of DDoS attack detection in a Cloud environment by considering the most popular CICIDS 2017 benchmark dataset and applying multiple regression analysis for building a machine learning model to predict DDoS and Bot attacks through considering a Friday afternoon traffic logfile.

Download Full-text