Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

DOS Attacks on Cloud Platform

IaaS, PaaS, and SaaS models collectively form the Cloud Computing Infrastructure. The complexity of interrelationship of service models is very high and so security issue becomes essentials and must be developed with utmost care. Distributed DOS attacks are a major concern for different organization engaged in using cloud based services. The denial of service attack and distributed denial of service attacks in particular in cloud paradigms are big threat on a cloud network or platform. These attacks operate by rendering the server and network useless by sending unnecessary service and resource requests. The victims host or network isn't aware of such attacks and keeps providing recourses until they get exhausted. Due to resource exhaustions, the resources requests of genuine users doesn't get fulfilled. Severity of these attacks can lead to huge financial losses if, they are able to bring down servers executing financial services. This chapter presents DOS threats and methods to mitigate them in varied dimensions.

Security in IoT Devices

An attempt to do a comparison between the various DDoS attack types that exist by analysing them in various categories that can be formed, to provide a more comprehensive view of the problem that DDoS poses to the internet infrastructure today. Then DDoS and its relevance with respect to IoT (Internet of Things) devices are analysed where attack types have been explained and possible solutions available are analysed. This chapter does not propose any new solutions to mitigating the effects of DDoS attacks but just provides a general survey of the prevailing attack types along with analysis of the underlying structures that make these attacks possible, which would help researchers in understanding the DDoS problem better.

Denial-of-Service and Botnet Analysis, Detection, and Mitigation

The internet is designed for processing and forwarding of any packet in a best effort manner. The packets carried by the internet may be malicious or not. Most of the time, internet architecture provides an unregulated path to victims. Denial-of-service (DoS) attack is the most common critical threat that causes devastating effects on the internet. The Botnet-based DoS attack aims to exhaust both the target resources and network bandwidth, thereby making the network resources unavailable for its valid users. The resources are utilized by either injecting a computer virus or flooding the network with useless traffic. This chapter provides a systematic analysis of the causes of DoS attacks, including motivations and history, analysis of different attacks, detection and protection techniques, various mitigation techniques, the limitations and challenges of DoS research areas. Finally, this chapter discusses some important research directions which will need more attention in the near future to guarantee the successful defense against DoS attacks.

Design and Development of Secured Framework for Efficient Routing in Vehicular Ad-Hoc Network

Due to many challenging issues in vehicular ad-hoc networks (VANETs), such as high mobility and network instability, this has led to insecurity and vulnerability to attacks. Due to dynamic network topology changes and frequent network re-configuration, security is a major target in VANET research domains. VANETs have gained significant attention in the current wireless network scenario, due to their exclusive characteristics which are different from other wireless networks such as rapid link failure and high vehicle mobility. In this are, the authors present a Secured and Safety Protocol for VANET (STVAN), as an intelligent Ad-Hoc On Demand Distance Vector (AODV)-based routing mechanism that prevents the Denial of Service attack (DoS) and improves the quality of service for secured communications in a VANET. In order to build a STVAN, the authors have considered a smart traffic environment in a smart city and introduced the concept of load balancing over VANET vehicles in a best effort manner. Simulation results reveal that the proposed STVAN accomplishes enhanced performance when compared with other similar protocols in terms of reduced delay, better packet delivery ratio, reasonable energy efficiency, increased network throughput and decreased data drop compared to other similar approach.

Distributed Denial of Service Attacks and Defense in Cloud Computing

Cloud computing has now become a part of many businesses. It provides on-demand resources to its users based on pay-as-you-use policy, across the globe. The high availability feature of this technology is affected by distributed denial of service (DDoS) attack, which is a major security issue. In this attack, cloud or network resources are exhausted, resulting in a denial of service for legitimate users. In this chapter, a classification of various types of DDoS attacks has been presented, and techniques for defending these attacks in cloud computing have been discussed. A discussion on challenges and open issues in this area is also given. Finally, a conceptual model based on extreme learning machine has been proposed to defend these attacks.

Denial of Service (DoS) Attacks Over Cloud Environment

Cloud computing is the fastest growing technology in today's world. Cloud services provide pay as go models on capacity or usage. For providing better cloud services, capacity planning is very important. Proper capacity planning will maximize efficiency and on the other side proper control over the resources will help to overcome from attacks. As the technology develops in one side, threats and vulnerabilities to security also increases on the other side. A complete analysis of Denial of Service (DOS) attacks in cloud computing and how are they done in the cloud environment and the impact of reduced capacity in cloud causes greater significance. Among all the cloud computing attacks, DOS is a major threat to the cloud environment. In this book chapter, we are going to discuss DOS attack in the cloud and its types, what are the tools used to perform DOS attack and how they are detected and prevented. Finally it deals with the measures to protect the cloud services from DOS attack and also penetration testing for DOS attack.

Advanced Network Data Analytics for Large-Scale DDoS Attack Detection

Internet-enabled devices or Internet of Things as it has been prevailed are increasing exponentially every day. The lack of security standards in the manufacturing of these devices along with the haste of the manufacturers to increase their market share in this area has created a very large network of vulnerable devices that can be easily recruited as bot members and used to initiate very large volumetric Distributed Denial of Service (DDoS) attacks. The significance of the problem can be easily acknowledged due to the large number of cases regarding attacks on institutions, enterprises and even countries which have been recently revealed. In the current paper a novel method is introduced, which is based on a data mining technique that can analyze incoming IP traffic details and early warn the network administrator about a potentially developing DDoS attack. The method can scale depending on the availability of the infrastructure from a conventional laptop computer to a complex cloud infrastructure. Based on the hardware configuration as it is proved with the experiments the method can easily monitor and detect abnormal network traffic of several Gbps in real time using the minimum hardware equipment.

Cyber-Physical System and Internet of Things Security

An increase of distributed denial-of-service (DDoS) attacks launched by botnets such as Mirai has raised public awareness regarding potential security weaknesses in the Internet of Things (IoT). Devices are an attractive target for attackers because of their large number and due to most devices being online 24/7. In addition, many traditional security mechanisms are not applicable for resource constraint IoT devices. The importance of security for cyber-physical systems (CPS) is even higher, as most systems process confidential data or control a physical process that could be harmed by attackers. While industrial IoT is a hot topic in research, not much focus is put on ensuring information security. Therefore, this paper intends to give an overview of current research regarding the security of data in industrial CPS. In contrast to other surveys, this work will provide an overview of the big CPS security picture and not focus on special aspects.

Evaluation of the Attack Effect Based on Improved Grey Clustering Model

There are a lot of uncertainties and incomplete information problems on network attack. It is of great value to access the effect of the attack in the current network attack and defense. This paper examines the characteristics of network attacks, there are problems with traditional clustering that index attribution is not clear and the cross of clustering interval. A two-stage grey synthetic clustering evaluation model based on center-point triangular whitenization weight function was proposed for the attack effect. The authors studied the feasibility of applying this model to the evaluation of network attack effect. Finally, an example is given, which showed the model could evaluate the effect of the denial-of-service attack precisely. It is also shown that the model is viable to evaluate the attack effect.