Selectivity and Autoscaling as Complementary Defenses for DDoS Protection to Cloud Services

Distributed Denial-of-Service (DDoS) is becoming an even more complex problem with the migration of these services and applications to shared and centralized cloud infrastructures. Application layer Denial-of-Service attacks (ADDoS) is an special type of DDoS attacks, and the main problem in mitigating these attacks is because attacker requests are similar to legitimate clients. This paper proposes to use the scalability feature of cloud infrastructure as a defense from high-rate DDoS attacks, and selectivity defense to mitigate low-rate ADDoS attacks. Experiments are conducted in an OpenStack cloud environment to show that the combined use of selectivity and autoscaling can be used as a defense against low- and high-rate DDoS attacks.

[1]  Vivek Nigam,et al.  A Selective Defense for Application Layer DDoS Attacks , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[2]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[3]  Chunqiang Hu,et al.  Smart and Lightweight DDoS Detection Using NFV , 2017, ICCDA '17.

[4]  Awatef Balobaid,et al.  A study on the impacts of DoS and DDoS attacks on cloud and mitigation techniques , 2016, 2016 International Conference on Computing, Analytics and Security Trends (CAST).