DDoS Attacks: Tools, Mitigation Approaches, and Probable Impact on Private Cloud Environment

The future of the Internet is predicted to be on the cloud, resulting in more complex and more intensive computing, but possibly also a more insecure digital world. The presence of a large amount of resources organized densely is a key factor in attracting DDoS attacks. Such attacks are arguably more dangerous in private individual clouds with limited resources. This paper discusses several prominent approaches introduced to counter DDoS attacks in private clouds. We also discuss issues and challenges to mitigate DDoS attacks in private clouds.

[1]  Zhe Zhang,et al.  VDN: Virtual machine image distribution network for cloud data centers , 2012, 2012 Proceedings IEEE INFOCOM.

[2]  Dritan Nace,et al.  Max-min fairness and its applications to routing and load-balancing in communication networks: a tutorial , 2008, IEEE Communications Surveys & Tutorials.

[3]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[4]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[5]  Sanjay Ghemawat,et al.  MapReduce: Simplified Data Processing on Large Clusters , 2004, OSDI.

[6]  Ck Cheng,et al.  The Age of Big Data , 2015 .

[7]  Youngseok Lee,et al.  A Hadoop-Based Packet Trace Processing Tool , 2011, TMA.

[8]  Bu-Sung Lee,et al.  Optimization of Resource Provisioning Cost in Cloud Computing , 2012, IEEE Transactions on Services Computing.

[9]  Song Guo,et al.  Can We Beat DDoS Attacks in Clouds? , 2014, IEEE Transactions on Parallel and Distributed Systems.

[10]  Hai Jin,et al.  Defending Against Flow Table Overloading Attack in Software-Defined Networks , 2019, IEEE Transactions on Services Computing.

[11]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[12]  Cheng Xiang Tan,et al.  A Survey of Trends in Massive DDOS Attacks and Cloud-Based Mitigations , 2014 .

[13]  Chuan Wu,et al.  A survey on cloud interoperability: taxonomies, standards, and practice , 2013, PERV.

[14]  Kui Ren,et al.  When cloud meets eBay: Towards effective pricing for cloud computing , 2012, 2012 Proceedings IEEE INFOCOM.

[15]  Anees Shaikh,et al.  Meridian: an SDN platform for cloud network services , 2013, IEEE Communications Magazine.

[16]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[17]  Bruce S. Davie,et al.  The Open vSwitch Database Management Protocol , 2013, RFC.

[18]  Manoj Singh Gaur,et al.  DDoS/EDoS attack in cloud: affecting everyone out there! , 2015, SIN.

[19]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[20]  Kaiqi Xiong,et al.  Quality of Service (QoS)-Guaranteed Network Resource Allocation via Software Defined Networking (SDN) , 2014, 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing.

[21]  Mohit Sharma,et al.  Cloud computing and its security issues — A review , 2014, Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT).

[22]  D. R. Fulkerson,et al.  On the Max Flow Min Cut Theorem of Networks. , 1955 .

[23]  R. Lua,et al.  Mitigating DDoS attacks with transparent and intelligent fast-flux swarm network , 2011, IEEE Network.

[24]  Hamed Shah-Hosseini,et al.  The intelligent water drops algorithm: a nature-inspired swarm-based optimization algorithm , 2009, Int. J. Bio Inspired Comput..

[25]  Farzad Sabahi,et al.  Cloud computing security threats and responses , 2011, 2011 IEEE 3rd International Conference on Communication Software and Networks.

[26]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[27]  Tom White,et al.  Hadoop: The Definitive Guide , 2009 .

[28]  A. B. M. Shawkat Ali,et al.  A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing , 2012, Future Gener. Comput. Syst..

[29]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[30]  Carlos Becker Westphall,et al.  Autonomic Intrusion Detection System in Cloud Computing with Big Data , 2014 .

[31]  Kailas Devadkar,et al.  Understanding DDoS Attack & its Effect in Cloud Environment , 2015 .

[32]  Sugata Sanyal,et al.  A Survey on Security Issues in Cloud Computing , 2011, 1109.5388.

[33]  Feng Wang,et al.  Measurement and utilization of customer-provided resources for cloud computing , 2012, 2012 Proceedings IEEE INFOCOM.

[34]  Sushil Jajodia,et al.  A moving target defense approach to mitigate DDoS attacks against proxy-based architectures , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[35]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[36]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[37]  Abdelkader H. Ouda,et al.  Cloud-based DDoS attacks and defenses , 2013, International Conference on Information Society (i-Society 2013).

[38]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[39]  Ramin Yahyapour,et al.  SDN-based cloud computing networking , 2013, 2013 15th International Conference on Transparent Optical Networks (ICTON).

[40]  Ramesh Chandra Joshi,et al.  An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks , 2009, Comput. Commun..

[41]  Minlan Yu,et al.  The Dark Menace: Characterizing Network-based Attacks in the Cloud , 2015, Internet Measurement Conference.

[42]  Doaa M. Shawky,et al.  Performance evaluation of dynamic resource allocation in cloud computing platforms using Stochastic Process Algebra , 2013, 2013 8th International Conference on Computer Engineering & Systems (ICCES).

[43]  J. Doob Stochastic processes , 1953 .

[44]  Artur Andrzejak,et al.  Monetary Cost-Aware Checkpointing and Migration on Amazon Cloud Spot Instances , 2012, IEEE Transactions on Services Computing.

[45]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[46]  Jugal K. Kalita,et al.  Network attacks: Taxonomy, tools and systems , 2014, J. Netw. Comput. Appl..

[47]  Rajesh Krishnan,et al.  Mitigating distributed denial of service attacks with dynamic resource pricing , 2001, Seventeenth Annual Computer Security Applications Conference.

[48]  Tseng-Chang Yen,et al.  An SDN-based cloud computing architecture and its mathematical model , 2014, 2014 International Conference on Information Science, Electronics and Electrical Engineering.

[49]  Asad Waqar Malik,et al.  Can a DDoS Attack Meltdown My Data Center? A Simulation Study and Defense Strategies , 2014, IEEE Communications Letters.

[50]  Dhruba K. Bhattacharyya,et al.  Network Anomaly Detection: A Machine Learning Perspective , 2013 .

[51]  Arun K. Sood,et al.  Securing Web Servers Using Self Cleansing Intrusion Tolerance (SCIT) , 2009, 2009 Second International Conference on Dependability.

[52]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[53]  Youngseok Lee,et al.  An Internet traffic analysis method with MapReduce , 2010, 2010 IEEE/IFIP Network Operations and Management Symposium Workshops.

[54]  Jugal K. Kalita,et al.  Network defense: Approaches, methods and techniques , 2015, J. Netw. Comput. Appl..

[55]  Shweta Tripathi,et al.  Hadoop Based Defense Solution to Handle Distributed Denial of Service (DDoS) Attacks , 2013 .

[56]  Arun K. Sood,et al.  A Comparison of Intrusion-Tolerant System Architectures , 2011, IEEE Security & Privacy.

[57]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[58]  Charles H.-P. Wen,et al.  Flow-and-VM Migration for Optimizing Throughput and Energy in SDN-Based Cloud Datacenter , 2013, 2013 IEEE 5th International Conference on Cloud Computing Technology and Science.

[59]  Khaled Salah,et al.  EDoS-Shield - A Two-Steps Mitigation Technique against EDoS Attacks in Cloud Computing , 2011, 2011 Fourth IEEE International Conference on Utility and Cloud Computing.

[60]  Joseph D. Touch,et al.  DynaBone: dynamic defense using multi-layer Internet overlays , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[61]  Kensuke Fukuda,et al.  Hashdoop: A MapReduce framework for network anomaly detection , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[62]  Douglas Jacobson,et al.  The Insecurity of Cloud Utility Models , 2013, IT Professional.

[63]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[64]  Song Guo,et al.  Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient , 2012, IEEE Transactions on Parallel and Distributed Systems.

[65]  Songwu Lu,et al.  Random flow network modeling and simulations for DDoS attack mitigation , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[66]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[67]  Arun K. Sood,et al.  SCIT-DNS: Critical infrastructure protection through secure DNS server dynamic updates , 2006, J. High Speed Networks.

[68]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[69]  Gabi Dreo Rodosek,et al.  Improving network security through SDN in cloud scenarios , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.

[70]  David Hausheer,et al.  Software-Defined Networking: Standardization for Cloud Computing's Second Wave , 2014, Computer.

[71]  F. Richard Yu,et al.  Distributed denial of service attacks in software-defined networking with cloud computing , 2015, IEEE Communications Magazine.

[72]  Jung-Min Park,et al.  A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks , 2007, IEEE Transactions on Parallel and Distributed Systems.

[73]  Wouter Joosen,et al.  Maneuvering Around Clouds: Bypassing Cloud-based Security Providers , 2015, CCS.

[74]  K. Govinda,et al.  Secure Traffic Management in Cluster Environment to Handle DDOS Attack , 2014 .

[75]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[76]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[77]  N. Pitropakis,et al.  It's All in the Cloud: Reviewing Cloud Security , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.