Abstract
The impact of Cloud computing on the current information technology infrastructure has undeniably lead to a paradigm shift. The software, Platform and Infrastructure services offered by Cloud computing has been widely adopted by industries and academia alike. Protecting the core architecture of Cloud computing environment against the wake of Distributed Denial of Service attacks is necessary. Any disruptions in Cloud services reduce availability causing losses to the organizations involved. Firms lose revenue and customers loose trust on Cloud providers. This paper discusses a risk transfer based approach to handle such attacks in Cloud environment employing Fog nodes. Fog nodes work in tandem with Autonomous systems possessing unused bandwidth which can be leveraged by the Cloud during an attack. The burden of protection is partially transferred to willing third parties. Such a proactive conceptual defensive framework has been proposed in this paper.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Mell, P., Grance, T.: The NIST definition of cloud computing (2011)
Tsai, W.-T., Sun, X., Balasooriya, J.: Service-oriented cloud computing architecture. In: 2010 Seventh International Conference on Information Technology: New Generations, pp. 684–689. IEEE (2010)
Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed Denial of Service (DDoS) resilience in cloud: review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016). https://doi.org/10.1016/J.JNCA.2016.01.001
Hormati, M., Khendek, F., Toeroe, M.: Towards an evaluation framework for availability solutions in the cloud. In: 2014 IEEE International Symposium on Software Reliability Engineering Workshops, pp. 43–46. IEEE (2014)
Dastjerdi, A.V., Gupta, H., Calheiros, R.N., Ghosh, S.K., Buyya, R.: Fog computing: principles, architectures, and applications. Internet of Things, 61–75 (2016). https://doi.org/10.1016/b978-0-12-805395-9.00004-6
Columbus L 83% of Enterprise Workloads Will Be in the Cloud by 2020. https://www.forbes.com/sites/louiscolumbus/2018/01/07/83-of-enterprise-workloads-will-be-in-the-cloud-by-2020/#3451605e6261. Accessed 31 Jan 2019
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against Distributed Denial of Service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15, 2046–2069 (2013). https://doi.org/10.1109/SURV.2013.031413.00127
Botta, A., de Donato, W., Persico, V., Pescapé, A.: Integration of cloud computing and Internet of Things: a survey. Futur. Gener. Comput. Syst. 56, 684–700 (2016). https://doi.org/10.1016/J.FUTURE.2015.09.021
Coles C Top 6 Cloud Security Issues in Cloud Computing. https://www.skyhighnetworks.com/cloud-security-blog/6-cloud-security-issues-that-businesses-experience/. Accessed 31 Jan 2019
Bhushan, K., Gupta, B.B.: Security challenges in cloud computing: state-of-art. Int. J. Big Data Intell. 4, 81 (2017). https://doi.org/10.1504/IJBDI.2017.083116
Global State of the Internet Security & DDoS Attack Reports, Akamai. https://www.akamai.com/us/en/resources/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp. Accessed 18 Mar 2019
Iorga, M., Feldman, L., Barton, R., Martin, M.J., Goren, N., Mahmoudi, C.: Fog computing conceptual model, Gaithersburg, MD (2018)
Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment. Neural Comput. Appl. 28, 3655–3682 (2017). https://doi.org/10.1007/s00521-016-2317-5
Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18, 602–622 (2016). https://doi.org/10.1109/COMST.2015.2487361
He, Z., Zhang, T., Lee, R.B.: Machine learning based DDoS attack detection from source side in cloud. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 114–120. IEEE (2017)
Yu, S., Zhou, W., Guo, S., Guo, M.: A feasible IP traceback framework through dynamic deterministic packet marking. IEEE Trans. Comput. 65, 1418–1427 (2016). https://doi.org/10.1109/TC.2015.2439287
Jakaria, A.H.M., Yang, W., Rashidi, B., Fung, C., Rahman, M.A.: VFence: a defense against Distributed Denial of Service attacks using network function virtualization. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), pp. 431–436. IEEE (2016)
Lo, C.-C., Huang, C.-C., Ku, J.: A cooperative intrusion detection system framework for cloud computing networks. In: 2010 39th International Conference on Parallel Processing Workshops, pp. 280–284. IEEE (2010)
Vissers, T., Somasundaram, T.S., Pieters, L., Govindarajan, K., Hellinckx, P.: DDoS defense system for web services in a cloud environment. Futur. Gener. Comput. Syst. 37, 37–45 (2014). https://doi.org/10.1016/J.FUTURE.2014.03.003
Girma, A., Garuba, M., Li, J., Liu, C.: Analysis of DDoS attacks and an introduction of a hybrid statistical model to detect DDoS attacks on cloud computing environment. In: 2015 12th International Conference on Information Technology - New Generations, pp. 212–217. IEEE (2015)
Deepali, B.K.: DDoS attack mitigation and resource provisioning in cloud using fog computing. In: 2017 International Conference on Smart Technologies for Smart Nation (SmartTechCon), pp. 308–313. IEEE (2017)
Jurkiewicz, P., Rzym, G., Boryło, P.: Flow length and size distributions in campus internet traffic, September 2018. https://arxiv.org/abs/1809.03486. Accessed 1 July 2019
Acknowledgement
This research work is being supported by sponsored project grant (SB/FTP/ETA-131/2014) from SERB, DST, Government of India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gupta, B.B., Harish, S.A. (2019). A Risk Transfer Based DDoS Mitigation Framework for Cloud Environment. In: Gani, A., Das, P., Kharb, L., Chahal, D. (eds) Information, Communication and Computing Technology. ICICCT 2019. Communications in Computer and Information Science, vol 1025. Springer, Singapore. https://doi.org/10.1007/978-981-15-1384-8_10
Download citation
DOI: https://doi.org/10.1007/978-981-15-1384-8_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1383-1
Online ISBN: 978-981-15-1384-8
eBook Packages: Computer ScienceComputer Science (R0)