New Framework to Detect and Prevent Denial of Service Attack in Cloud Computing Environment

As a result of integration of many techniques such as grading, clustering, utilization computing and resource's sharing, cloud computing has been appeared as multi element's composition technology, it offers several computing services such as IaaS (infrastructure as service), PaaS (platform as service) and SaaS (software as service) based on pay as you use rule, but nevertheless, and because of cloud computing end users participate in computing resources (co_ tenancy) , and by which infrastructure computing can be shared by a number of users, and as a result to this feature, some security challenges has been existed and one of the most serious security threats is flooding attack, which prevent other users from using cloud infrastructure services, that kind of attack can be done by a legitimate or illegitimate cloud computing users. To overcome this problem various approaches have been proposed based on Artificial intelligence and statistical methods, but most of them concentrate on one side of problem and neglect the other aspects. In our proposed approach, the focusing will be more in overcoming the problem in all its aspects, in attack detection stage covariance matrix statistical method will be applied and to determine attack source TTl (Time_to_Life) value counting method will be used, and the attack prevention will be based on Honeypot method, and initial simulation to this approach using UML class diagram and sequence diagram showed where our proposed framework can be done in cloud environment.

[1]  Fang-Yie Leu,et al.  Intrusion Detection, Forecast and Traceback Against DDoS Attacks , 2009 .

[2]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[3]  J. Carretero,et al.  Design of a flexible and scalable hypervisor module for simulating cloud computing environments , 2011, 2011 International Symposium on Performance Evaluation of Computer & Telecommunication Systems.

[4]  Aaron Gomes CLOUD COMPUTING: PLATFORM AS A SERVICE , 2014 .

[5]  Sangjae Lee,et al.  Sequence-order-independent network profiling for detecting application layer DDoS attacks , 2011 .

[6]  Yen-Hung Chen,et al.  A practice of the intrusion prevention system , 2007, TENCON 2007 - 2007 IEEE Region 10 Conference.

[7]  C. Yeun,et al.  Cloud computing security management , 2010, 2010 Second International Conference on Engineering System Management and Applications.

[8]  Ami Marowka,et al.  The GRID: Blueprint for a New Computing Infrastructure , 2000, Parallel Distributed Comput. Pract..

[9]  Xizhao Wang,et al.  Covariance-Matrix Modeling and Detecting Various Flooding Attacks , 2007, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[10]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[11]  Jong-Soo Jang,et al.  Integrated DDoS Attack Defense Infrastructure for Effective Attack Prevention , 2010, 2010 2nd International Conference on Information Technology Convergence and Services.

[12]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[13]  Rajkumar Buyya,et al.  High Performance Cluster Computing: Programming and Applications , 1999 .

[14]  R. Anitha,et al.  Mitigation of Application Traffic DDoS Attacks with Trust and AM Based HMM Models . , 2010 .

[15]  Songwu Lu,et al.  Random flow network modeling and simulations for DDoS attack mitigation , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[16]  Tharam S. Dillon,et al.  Cloud Computing: Issues and Challenges , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[17]  R. Chitra,et al.  Securing cloud from ddos attacks using intrusion detection system in virtual machine , 2013 .

[18]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[19]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[20]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[21]  Kai Hwang,et al.  Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[22]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[23]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[24]  Zhang Chao-yang DOS Attack Analysis and Study of New Measures to Prevent , 2011, 2011 International Conference on Intelligence Science and Information Engineering.

[25]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[26]  Hyeong-Ah Choi,et al.  Packet filtering to defend flooding-based DDoS attacks [Internet denial-of-service attacks] , 2004, 2004 IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communications.

[27]  Sarfraz Nawaz Brohi Seven Deadly Threats and Vulnerabilities in Cloud Computing , 2011 .

[28]  S. P. Ghrera,et al.  Denial of Service Attack: Analysis of Network Traffic Anormaly using Queuing Theory , 2010, ArXiv.

[29]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[30]  Bharat K. Bhargava,et al.  Detecting Service Violations and DoS Attacks , 2003, NDSS.

[31]  Kevin Curran,et al.  Cloud Computing Security , 2011, Int. J. Ambient Comput. Intell..

[32]  A. Hovav,et al.  The Impact of Denial‐of‐Service Attack Announcements on the Market Value of Firms , 2003 .

[33]  Nabeel Tahir INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND SECURITY (IJCSS) , 2011 .

[34]  Hua Song,et al.  A queue model to detect DDos attacks , 2005, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, 2005..

[35]  Manoj Misra,et al.  Prediction of Number of Zombies in a DDoS Attack using Polynomial Regression Model , 2011 .

[36]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[37]  Ratan K. Guha,et al.  Experiment setup for temporal distributed intrusion detection system on Amazon's elastic compute cloud , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[38]  Maya Daneva,et al.  Cloud computing security requirements: A systematic review , 2012, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS).

[39]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .