Algorithm for Secure Hybrid Cloud Design Against DDoS Attacks

This article describes how cloud computing has become a significant IT infrastructure in business, government, education, research, and service industry domains. Security of cloud-based applications, especially for those applications with constant inbound and outbound user traffic is important. It becomes of the utmost importance to secure the data flowing between the cloud application and user systems against cyber criminals who launch Denial of Service (DoS) attacks. Existing research related to cloud security focuses on securing the flow of information on servers or between networks but there is a lack of research to mitigate Distributed Denial of Service attacks on cloud environments as presented by Buyya et al. and Fachkha, et al. In this article, the authors propose an algorithm and a Hybrid Cloud-based Secure Architecture to mitigate DDoS attacks. By proposing a three-tier cloud infrastructure with a two-tier defense system for separate Network and Application layers, the authors show that DDoS attacks can be detected and blocked before reaching the infrastructure hosting the Cloud applications.

Download Full-text

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

International Journal of Cloud Applications and Computing ◽

10.4018/ijcac.2017070103 ◽

2017 ◽

Vol 7 (3) ◽

pp. 59-75 ◽

Cited By ~ 2

Author(s):

Akashdeep Bhardwaj ◽

Sam Goundar

Keyword(s):

Data Center ◽

Denial Of Service ◽

Cyber Attacks ◽

Cyber Attack ◽

Ddos Attacks ◽

Design Data ◽

Application Performance ◽

Server Virtualization ◽

Security Officers ◽

Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

Download Full-text

Multi-Aspect DDOS Detection System for Securing Cloud Network

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch096 ◽

2019 ◽

pp. 1952-1983

Author(s):

Pourya Shamsolmoali ◽

Masoumeh Zareapoor ◽

M.Afshar Alam

Keyword(s):

Cloud Computing ◽

Detection System ◽

Denial Of Service ◽

Complex Form ◽

Internet Security ◽

Detection Methods ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Detection ◽

Cloud Network

Distributed Denial of Service (DDoS) attacks have become a serious attack for internet security and Cloud Computing environment. This kind of attacks is the most complex form of DoS (Denial of Service) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which defending methods do not able to disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network. In this chapter we present different aspect of security in Cloud Computing, mostly we concentrated on DDOS Attacks. The Authors illustrated all types of Dos Attacks and discussed the most effective detection methods.

Download Full-text

An API for Development of User-Defined Scheduling Algorithms in Aneka PaaS Cloud Software

Handbook of Research on Cloud Computing and Big Data Applications in IoT - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-8407-0.ch009 ◽

2019 ◽

pp. 170-187 ◽

Cited By ~ 1

Author(s):

Rajinder Sandhu ◽

Adel Nadjaran Toosi ◽

Rajkumar Buyya

Keyword(s):

Cloud Computing ◽

Real Time ◽

Scheduling Algorithms ◽

Research Area ◽

Programming Models ◽

Hybrid Cloud ◽

Main Research ◽

Cloud Application ◽

Cloud Environments ◽

Cloud Infrastructures

Cloud computing provides resources using multitenant architecture where infrastructure is created from one or more distributed datacenters. Scheduling of applications in cloud infrastructures is one of the main research area in cloud computing. Researchers have developed many scheduling algorithms and evaluated them using simulators such as CloudSim. Their performance needs to be validated in real-time cloud environments to improve their usefulness. Aneka is one of the prominent PaaS software which allows users to develop cloud application using various programming models and underline infrastructure. This chapter presents a scheduling API developed for the Aneka software platform. Users can develop their own scheduling algorithms using this API and integrate it with Aneka to test their scheduling algorithms in real cloud environments. The proposed API provides all the required functionalities to integrate and schedule private, public, or hybrid cloud with the Aneka software.

Download Full-text

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch028 ◽

2021 ◽

pp. 541-558

Author(s):

Akashdeep Bhardwaj ◽

Sam Goundar

Keyword(s):

Data Center ◽

Denial Of Service ◽

Cyber Attacks ◽

Cyber Attack ◽

Ddos Attacks ◽

Design Data ◽

Application Performance ◽

Server Virtualization ◽

Security Officers ◽

Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

Download Full-text

Mitigate DoS and DDoS Attack in Mobile Ad Hoc Networks

International Journal of Digital Crime and Forensics ◽

10.4018/jdcf.2011010102 ◽

2011 ◽

Vol 3 (1) ◽

pp. 14-36 ◽

Cited By ~ 7

Author(s):

Antonis Michalas ◽

Nikos Komninos ◽

Neeli R. Prasad

Keyword(s):

Game Theory ◽

Ad Hoc Networks ◽

Ad Hoc Network ◽

Ad Hoc ◽

Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Mobile Ad Hoc ◽

Hoc Networks ◽

Cryptographic Puzzles

This paper proposes a technique to defeat Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks in Ad Hoc Networks. The technique is divided into two main parts and with game theory and cryptographic puzzles. Introduced first is a new client puzzle to prevent DoS attacks in such networks. The second part presents a multiplayer game that takes place between the nodes of an ad hoc network and based on fundamental principles of game theory. By combining computational problems with puzzles, improvement occurs in the efficiency and latency of the communicating nodes and resistance in DoS and DDoS attacks. Experimental results show the effectiveness of the approach for devices with limited resources and for environments like ad hoc networks where nodes must exchange information quickly.

Download Full-text

TRAWLING TRAFFIC UNDER ATTACK OVERCOMING DDoS ATTACKS BY TARGET-CONTROLLED TRAFFIC FILTERING

International Journal of Foundations of Computer Science ◽

10.1142/s012905411100857x ◽

2011 ◽

Vol 22 (05) ◽

pp. 1073-1098

Author(s):

SHLOMI DOLEV ◽

YUVAL ELOVICI ◽

ALEX KESSELMAN ◽

POLINA ZILBERMAN

Keyword(s):

Denial Of Service ◽

The Internet ◽

Traffic Classification ◽

Classification Rules ◽

Ddos Attacks ◽

Dos Attack ◽

Dos Attacks ◽

Worst Case ◽

Filtering Algorithm ◽

Internet Community

As more and more services are provided by servers via the Internet, Denial-of-Service (DoS) attacks pose an increasing threat to the Internet community. A DoS attack overloads the target server with a large volume of adverse requests, thereby rendering the server unavailable to "well-behaved" users. In this paper, we propose two algorithms that allow attack targets to dynamically filter their incoming traffic based on a distributed policy. The proposed algorithms defend the target against DoS and distributed DoS (DDoS) attacks and simultaneously ensure that it continues to serve "well-behaved" users. In a nutshell, a target can define a filtering policy which consists of a set of traffic classification rules and the corresponding amounts of traffic for each rule. A filtering algorithm is enforced by the ISP's routers when a target is being overloaded with traffic. The goal is to maximize the amount of filtered traffic forwarded to the target, according to the filtering policy, from the ISP. The first proposed algorithm is a collaborative algorithm which computes and delivers to the target the best possible traffic mix in polynomial time. The second algorithm is a distributed non-collaborative algorithm for which we prove a lower bound on the worst-case performance.

Download Full-text

Three Tier Network Architecture to Mitigate DDoS Attacks on Hybrid Cloud Environments

Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies - ICTCS '16 ◽

10.1145/2905055.2905169 ◽

2016 ◽

Author(s):

Akashdeep Bhardwaj ◽

G. V. B. Subrahmanyam ◽

Vinay Avasthi ◽

Hanumat Sastry

Keyword(s):

Network Architecture ◽

Hybrid Cloud ◽

Ddos Attacks ◽

Cloud Environments

Download Full-text

Model-Based Cloud Service Deployment Optimisation Method For Minimisation of Application Service Operational Cost

10.21203/rs.3.rs-1112213/v1 ◽

2021 ◽

Author(s):

Ivana Stupar ◽

Darko Huljenić

Keyword(s):

Quality Of Service ◽

Cloud Service ◽

Operational Cost ◽

Cloud Infrastructure ◽

Application Service ◽

Cloud Application ◽

Wide Range ◽

Service Deployment ◽

Cloud Applications

Abstract Many of the currently existing solutions for cloud cost optimisation are aimed at cloud infrastructure providers, and they often deal only with specific types of application services, leaving the providers of cloud applications without the suitable cost optimization solution, especially concerning the wide range of different application types. In this paper, we present an approach that aims to provide an optimisation solution for the providers of applications hosted in the cloud environments, applicable at the early phase of a cloud application lifecycle and for a wide range of application services. The focus of this research is development of the method for identifying optimised service deployment option in available cloud environments based on the model of the service and its context, with the aim of minimising the operational cost of the cloud service, while fulfilling the requirements defined by the service level agreement. A cloud application context metamodel is proposed that includes parameters related to both the application service and the cloud infrastructure relevant for the cost and quality of service. By using the proposed optimisation method, the knowledge is gained about the effects that the cloud application context parameters have on the service cost and quality of service, which is then used to determine the optimised service deployment option. The service models are validated using cloud application services deployed in laboratory conditions, and the optimisation method is validated using the simulations based on proposed cloud application context metamodel. The experimental results based on two cloud application services demonstrate the ability of the proposed approach to provide relevant information about the impact of cloud application context parameters on service cost and quality of service, and use this information in the optimisation aimed at reducing service operational cost while preserving the acceptable service quality level. The results indicate the applicability and relevance of the proposed approach for cloud applications in the early service lifecycle phase since application providers can gain useful insights regarding service deployment decision without acquiring extensive datasets for the analysis.

Download Full-text

AntibIoTic: Protecting IoT Devices Against DDoS Attacks

10.31224/osf.io/vh8ka ◽

2017 ◽

Cited By ~ 3

Author(s):

Michele De Donno ◽

Nicola Dragoni ◽

Alberto Giaretta ◽

Manuel Mazzara

Keyword(s):

Denial Of Service ◽

Main Idea ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

The World ◽

Iot Devices

The 2016 is remembered as the year that showed to the world how dangerous distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DoS attacks perpetrated through IoT devices.

Download Full-text