DDOS Mitigation Cloud-Based Service

Cloud computing has evolved over the last decade from a simple storage service for more complex ones, offering software as a service (SaaS), platforms as a service (PaaS) and most recently security as a service (SECaaS). The work presented in this paper is a response to: (1) the resource constraints in physical security devices such as firewalls or IPS/IDS, that can no more counter advanced DDOS attacks, (2) The expensive cost, management complexity and the requirement of high amount of resources on existing DDOS mitigation tools to verify the traffic. We propose a new architecture of a cloud based firewalling service using resources offered by the Cloud and characterized by: a low financial cost, high availability, reliability, self scaling and easy managing. In order to improve the efficiency of our proposal to face DDOS attacks, we deploy, configure and test our mitigation service using Network Function Virtualization technology (NFV) and other virtualization capabilities. We also detail some result and point out future work.

[1]  Alex X. Liu,et al.  First Step toward Cloud-Based Firewalling , 2012, 2012 IEEE 31st Symposium on Reliable Distributed Systems.

[2]  Gaetan Hurel,et al.  Outsourcing Mobile Security in the Cloud , 2014, AIMS.

[3]  Song Guo,et al.  Can We Beat DDoS Attacks in Clouds? , 2014, IEEE Transactions on Parallel and Distributed Systems.

[4]  A. Khiyaita,et al.  Load balancing cloud computing: State of art , 2012, 2012 National Days of Network Security and Systems.

[5]  Nur Izura Udzir,et al.  A Cloud-based Intrusion Detection Service framework , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[6]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[7]  Raj Jain,et al.  Network virtualization and software defined networking for cloud computing: a survey , 2013, IEEE Communications Magazine.

[8]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[9]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[10]  Akihiro Nakao,et al.  DDoS defense as a network service , 2010, 2010 IEEE Network Operations and Management Symposium - NOMS 2010.

[11]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[12]  Christian Senk Adoption of security as a service , 2013, Journal of Internet Services and Applications.

[13]  Muhammad Aamir,et al.  DDoS Attack and Defense: Review of Some Traditional and Current Techniques , 2014, ArXiv.

[14]  Saman A. Zonouz,et al.  A cloud-based intrusion detection and response system for mobile phones , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[15]  Ryan J. Farley,et al.  PARALLEL FIREWALL DESIGNS FOR HIGH-SPEED NETWORKS , 2005 .