An OpenStack based cloud testbed framework for evaluating HTTP flooding attacks
- 6 Downloads
The cloud computing has inherent challenges to detect the Hyper Text Transfer Protocol (HTTP) flooding Distributed Denial of Service (DDoS) attack due to its natural characteristics like virtualization, elasticity and multi-tenancy. The usage of cloud computing is user-friendly, but the implementation of the cloud infrastructure such as compute node, networking, cloud storage is very complex in order to achieve its various characteristics. Similarly, detecting the HTTP flooding attack in the cloud is also very complex as it requires an understanding of various potential attack paths in such a complex environment. So, designing the cloud testbed framework to detect the HTTP flooding attacks is a challenging problem to be solved. The cloud testbed framework has to consider several aspects of attack scenarios while accounting the cloud characteristics. This paper reviews the existing DDoS attack detection framework and their gaps and proposes a cloud testbed framework for evaluating the HTTP flooding DDoS attack solution. The proposed framework is implemented using the OpenStack cloud environment. The Fédération Internationale de Football Association (FIFA) World Cup 1998 real-time dataset is used to generate the HTTP flooding attack to the OpenStack cloud testbed framework for the experimentation.
KeywordsDDoS Cloud testbed framework HTTP flooding OpenStack Cloud computing security Layer 7 attacks
- 1.The 5 motives for DDoS attack. https://arch.simplicable.com/arch/new/the-5-motives-for-DDoS-attack. Accessed 9 Jan 2019.
- 2.NIST Cloud Computing Program—NCCP. https://www.nist.gov/programs-projects/nist-cloud-computing-program-nccp. Accessed 9 Jan 2019.
- 3.Top 10 security concerns for cloud-based services. https://www.incapsula.com/blog/top-10-cloud-security-concerns.html. Accessed 9 Jan 2019.
- 4.Dhanapal, A., et al. (2013) Data usage security, accounting and auditing in cloud computing. In National Conference on Networking and Communication Systems (NCS) (vol. 2, pp. 226–229).Google Scholar
- 5.Denial of service attack: what is a dos attack? https://security.radware.com/ddos-knowledge-center/ddospedia/dos-attack/. Accessed 9 Jan 2019.
- 6.DDoS attack types and mitigation methods. https://www.incapsula.com/ddos/ddos-attacks/. Accessed 9 Jan 2019.
- 7.What is a DDoS attack and how do you protect against DDoS attacks? https://www.arbornetworks.com/research/what-is-ddos. Accessed 9 Jan 2019.
- 8.Why move to the cloud? 10 benefits of cloud computing. https://www.salesforce.com/uk/blog/2015/11/why-move-to-the-cloud-10-benefits-of-cloud-computing.html. Accessed 9 Jan 2019.
- 9.DDoS top 6: Why hackers attack. https://www.pentasecurity.com/blog/ddos-top-6-hackers-attack/. Accessed 9 Jan 2019.
- 10.Widespread cyberattack takes down sites worldwide. http://money.cnn.com/2016/10/21/technology/ddos-attack-popular-sites/index.html. Accessed 9 Jan 2019.
- 11.The 5 most significant DDoS Attacks of 2016. https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/5-significant-ddos-attacks-2016/. Accessed 9 Jan 2019.
- 12.Application attacks against clouds up 45%. https://www.csoonline.com/article/2991409/cloud-security/application-attacks-against-clouds-up-45.html. Accessed 9 Jan 2019.
- 13.Denial-of-Service attacks meet the cloud: 4 Lessons. https://www.cio.com/article/2413818/cloud-computing/denial-of-service-attacks-meet-the-cloud--4-lessons.html. Accessed 9 Jan 2019.
- 14.Cloud delivery models. http://whatiscloud.com/cloud_delivery_models/index. Accessed 9 Jan 2019.
- 15.Cloud deployment models. http://whatiscloud.com/cloud_deployment_models/index. Accessed 9 Jan 2019.
- 16.Dhanapal, A., et al. (2018) A review of cloud computing adoption issues and challenges. Recent Patents on Computer Science. https://doi.org/10.2174/2213275911666181114142428.
- 17.World Cup Web Site Access Logs. http://ita.ee.lbl.gov/html/contrib/WorldCup.html.
- 18.Dhanapal, A., et al. (2017) An effective mechanism to regenerate HTTP flooding DDoS attack using real time data set. In ICICICT (pp. 570–575).Google Scholar
- 19.Smirnov, A.V., et al. (2016) Network traffic processing module for infrastructure attacks detection in cloud computing platforms. In IEEE (pp. 199–202).Google Scholar
- 21.Shruthi, B. T., et al. (2016). X-DoS (XML Denial of Service) attack strategy on cloud computing. Imperial Journal of Interdisciplinary Research, 2(12), 1665–1669.Google Scholar
- 22.Shahanaz Begum, I., et al. (2016). DDoS attack detection and prevention in private cloud environment. International Journal of Innovations in Engineering and Technology, 7(3), 527–531.Google Scholar
- 24.Karnwal, T., et al. (2012) A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In IEEE Students’ Conference on Electrical, Electronics and Computer Science (pp. 1–5).Google Scholar
- 25.Osanaiye, O., et al. (2016) Change-point cloud DDoS detection using packet inter-arrival time. In 8th Computer Science and Electronic Engineering Conference (CEEC) (pp. 204–209).Google Scholar