A Fuzzy Logic based Defense Mechanism against Distributed Denial of Service Attack in Cloud Computing Environment

Cloud defines a new age of computing solution that provides services to customers with its unique feat ures of agility and multi-tenancy. As the critical resources are ho sted at cloud provider's end, security is a big challenge in clou d computing. If the cloud environment is compromised and attackers get the access of core data centers, the availability of the critical resources becomes a big concern for the service consumers. Denial of Se rvice and Distributed Denial of Service kind of attacks are l aunched towards cloud environment to make the resources unavailable for legitimate users. In this paper we propose a fuzzy logic based defense mechanism that can be set with predefined rules by which it can detect the malicious packets and takes proper count er measures to mitigate the DDoS attack. Also a detailed study of different kind of DDoS attack and existing defense strategies has bee n carried out.

[1]  Sarah Ahmed,et al.  A Fuzzy Rule Based Forensic Analysis of DDoS Attack in MANET , 2013 .

[2]  Maurizio Aiello,et al.  Taxonomy of Slow DoS Attacks to Web Applications , 2012, SNDS.

[3]  Georgios Kambourakis,et al.  Detecting DNS Amplification Attacks , 2007, CRITIS.

[4]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[5]  Aad P. A. van Moorsel,et al.  Dependability in the cloud: Challenges and opportunities , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[6]  Inyiama H.C,et al.  A PARADIGM SHIFT IN SYSTEMS ANALYSIS AND DESIGN OF COMPUTER SYSTEMS APPLICATIONS. CASE STUDY: AN ADAPTIVE INTELLIGENT DENIAL OF SERVICE (DoS) NETWORK ATTACK REMEDIAL MODEL , 2013 .

[7]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[8]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[9]  Shian-Shyong Tseng,et al.  Constructing detection knowledge for DDoS intrusion tolerance , 2004, Expert Syst. Appl..

[10]  Ruiliang Chen,et al.  RIM: Router Interface Marking for IP Traceback , 2006 .

[11]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[12]  Vicente Segura,et al.  Modeling the Economic Incentives of DDoS Attacks: femtocell case study , 2009, WEIS.

[13]  Geofrey Wingi Sikazwe Statistacal Self-Similarity:Fractional Brownian Motion , 2010 .

[14]  Jung-Min Park,et al.  NISp1-05: RIM: Router Interface Marking for IP Traceback , 2006, IEEE Globecom 2006.

[15]  Lei Shu,et al.  Recent Trends in Computer Networks and Distributed Systems Security , 2014, Communications in Computer and Information Science.

[16]  Anil Kumar,et al.  Analysis of Fuzzy Logic Based Intrusion Detection Systems in Mobile Ad Hoc Networks , 2014 .

[17]  S. Kumar,et al.  Smurf-based Distributed Denial of Service (DDoS) Attack Amplification in Internet , 2007, Second International Conference on Internet Monitoring and Protection (ICIMP 2007).

[18]  Junho Choi,et al.  Detecting Web based DDoS Attack using MapReduce operations in Cloud Computing Environment , 2013, J. Internet Serv. Inf. Secur..

[19]  Nicolas Chantler,et al.  Profile of A Computer Hacker , 2001 .

[20]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[21]  C. E. SHANNON,et al.  A mathematical theory of communication , 1948, MOCO.

[22]  R. Chitra,et al.  Securing cloud from ddos attacks using intrusion detection system in virtual machine , 2013 .

[23]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[24]  I. Sasase,et al.  Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior , 2007, 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing.

[25]  N. Jeyanthi,et al.  Packet Resonance Strategy: A Spoof Attack Detection and Prevention Mechanism in Cloud Computing Environment , 2012, Int. J. Commun. Networks Inf. Secur..

[26]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[27]  Albert K. T. Hui,et al.  Universal DDoS Mitigation Bypass , 2013 .

[28]  N. Jeyanthi,et al.  An Enhanced Entropy Approach to Detect and Prevent DDoS in Cloud Environment , 2013, Int. J. Commun. Networks Inf. Secur..

[29]  S. Selvakumar,et al.  Distributed denial of service attack detection using an ensemble of neural classifier , 2011, Comput. Commun..

[30]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[31]  Ihekweaba . Chukwugoziem,et al.  FUZZY MODELLING OF A NETWORK DENIAL OF SERVICE (DOS) ATTACK PHENOMENON. , 2013 .

[32]  Gopinath Ganapathy,et al.  A multilevel thrust filtration defending mechanism against DDoS attacks in cloud computing environment , 2014, Int. J. Grid Util. Comput..

[33]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[34]  Hooman Tahayori,et al.  A biologically-inspired type-2 fuzzy set based algorithm for detecting misbehaving nodes in ad-hoc wireless networks , 2010 .

[35]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[36]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[37]  Claude E. Shannon,et al.  The Mathematical Theory of Communication , 1950 .

[38]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[39]  Akihiro Nakao,et al.  DDoS Defense Deployment with Network Egress and Ingress Filtering , 2010, 2010 IEEE International Conference on Communications.

[40]  Damian Watkins Tactical Manet Attack Detection Based on Fuzzy Sets Using Agent Communication , 2004 .

[41]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[42]  Manoj,et al.  A NOVEL SECURITY FRAMEWORK USING TRUST AND FUZZY LOGIC IN MANET , 2012 .

[43]  P. Varalakshmi,et al.  Thwarting DDoS attacks in grid using information divergence , 2013, Future Gener. Comput. Syst..

[44]  S. Nirkhi,et al.  Fuzzy Forensic Analysis System for DDoS Attack in MANET Response Analysis , 2013 .

[45]  Rain Ottis,et al.  Estonia after the 2007 Cyber Attacks: Legal, Strategic and Organisational Changes in Cyber Security , 2011, Int. J. Cyber Warf. Terror..

[46]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[47]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[48]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[49]  Jose Nazario,et al.  Politically Motivated Denial of Service Attacks , 2009 .

[50]  Daan van der Sanden Detecting UDP attacks in high speed networks using packet symmetry with only flow data , 2008 .

[51]  Li-Xin Wang,et al.  The WM method completed: a flexible fuzzy system approach to data mining , 2003, IEEE Trans. Fuzzy Syst..

[52]  H. Jonathan Chao,et al.  Transient performance of PacketScore for blocking DDoS attacks , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[53]  Stacy J. Prowell,et al.  Seven Deadliest Network Attacks , 2010 .

[54]  Shui Yu,et al.  CBF: A Packet Filtering Method for DDoS Attack Defense in Cloud Environment , 2011, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.

[55]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[56]  Carla Merkle Westphall,et al.  Intrusion Detection for Grid and Cloud Computing , 2010, IT Professional.

[57]  Wei Wei,et al.  A Rank Correlation Based Detection against Distributed Reflection DoS Attacks , 2013, IEEE Communications Letters.

[58]  Kai Hwang,et al.  Collaborative detection and filtering of shrew DDoS attacks using spectral analysis , 2006, J. Parallel Distributed Comput..

[59]  R. S. Bhuvaneswaran,et al.  Effect of Clustering in Designing a fuzzy based Hybrid Intrusion Detection System for Mobile Ad Hoc Networks , 2013, J. Comput. Sci..