A Risk Transfer Based DDoS Mitigation Framework for Cloud Environment

  • B. B. GuptaEmail author
  • S. A. Harish
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1025)


The impact of Cloud computing on the current information technology infrastructure has undeniably lead to a paradigm shift. The software, Platform and Infrastructure services offered by Cloud computing has been widely adopted by industries and academia alike. Protecting the core architecture of Cloud computing environment against the wake of Distributed Denial of Service attacks is necessary. Any disruptions in Cloud services reduce availability causing losses to the organizations involved. Firms lose revenue and customers loose trust on Cloud providers. This paper discusses a risk transfer based approach to handle such attacks in Cloud environment employing Fog nodes. Fog nodes work in tandem with Autonomous systems possessing unused bandwidth which can be leveraged by the Cloud during an attack. The burden of protection is partially transferred to willing third parties. Such a proactive conceptual defensive framework has been proposed in this paper.


Internet of Things (IoT) Mobile Cloud Computing (MCC) Fog computing Autonomous Systems (AS) Distributed Denial of Service (DDoS) attacks 



This research work is being supported by sponsored project grant (SB/FTP/ETA-131/2014) from SERB, DST, Government of India.


  1. 1.
    Mell, P., Grance, T.: The NIST definition of cloud computing (2011)Google Scholar
  2. 2.
    Tsai, W.-T., Sun, X., Balasooriya, J.: Service-oriented cloud computing architecture. In: 2010 Seventh International Conference on Information Technology: New Generations, pp. 684–689. IEEE (2010)Google Scholar
  3. 3.
    Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed Denial of Service (DDoS) resilience in cloud: review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016). Scholar
  4. 4.
    Hormati, M., Khendek, F., Toeroe, M.: Towards an evaluation framework for availability solutions in the cloud. In: 2014 IEEE International Symposium on Software Reliability Engineering Workshops, pp. 43–46. IEEE (2014)Google Scholar
  5. 5.
    Dastjerdi, A.V., Gupta, H., Calheiros, R.N., Ghosh, S.K., Buyya, R.: Fog computing: principles, architectures, and applications. Internet of Things, 61–75 (2016). Scholar
  6. 6.
    Columbus L 83% of Enterprise Workloads Will Be in the Cloud by 2020. Accessed 31 Jan 2019
  7. 7.
    Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against Distributed Denial of Service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15, 2046–2069 (2013). Scholar
  8. 8.
    Botta, A., de Donato, W., Persico, V., Pescapé, A.: Integration of cloud computing and Internet of Things: a survey. Futur. Gener. Comput. Syst. 56, 684–700 (2016). Scholar
  9. 9.
    Coles C Top 6 Cloud Security Issues in Cloud Computing. Accessed 31 Jan 2019
  10. 10.
    Bhushan, K., Gupta, B.B.: Security challenges in cloud computing: state-of-art. Int. J. Big Data Intell. 4, 81 (2017). Scholar
  11. 11.
    Global State of the Internet Security & DDoS Attack Reports, Akamai. Accessed 18 Mar 2019
  12. 12.
    Iorga, M., Feldman, L., Barton, R., Martin, M.J., Goren, N., Mahmoudi, C.: Fog computing conceptual model, Gaithersburg, MD (2018)Google Scholar
  13. 13.
    Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment. Neural Comput. Appl. 28, 3655–3682 (2017). Scholar
  14. 14.
    Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18, 602–622 (2016). Scholar
  15. 15.
    He, Z., Zhang, T., Lee, R.B.: Machine learning based DDoS attack detection from source side in cloud. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 114–120. IEEE (2017)Google Scholar
  16. 16.
    Yu, S., Zhou, W., Guo, S., Guo, M.: A feasible IP traceback framework through dynamic deterministic packet marking. IEEE Trans. Comput. 65, 1418–1427 (2016). Scholar
  17. 17.
    Jakaria, A.H.M., Yang, W., Rashidi, B., Fung, C., Rahman, M.A.: VFence: a defense against Distributed Denial of Service attacks using network function virtualization. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), pp. 431–436. IEEE (2016)Google Scholar
  18. 18.
    Lo, C.-C., Huang, C.-C., Ku, J.: A cooperative intrusion detection system framework for cloud computing networks. In: 2010 39th International Conference on Parallel Processing Workshops, pp. 280–284. IEEE (2010)Google Scholar
  19. 19.
    Vissers, T., Somasundaram, T.S., Pieters, L., Govindarajan, K., Hellinckx, P.: DDoS defense system for web services in a cloud environment. Futur. Gener. Comput. Syst. 37, 37–45 (2014). Scholar
  20. 20.
    Girma, A., Garuba, M., Li, J., Liu, C.: Analysis of DDoS attacks and an introduction of a hybrid statistical model to detect DDoS attacks on cloud computing environment. In: 2015 12th International Conference on Information Technology - New Generations, pp. 212–217. IEEE (2015)Google Scholar
  21. 21.
    Deepali, B.K.: DDoS attack mitigation and resource provisioning in cloud using fog computing. In: 2017 International Conference on Smart Technologies for Smart Nation (SmartTechCon), pp. 308–313. IEEE (2017)Google Scholar
  22. 22.
    Jurkiewicz, P., Rzym, G., Boryło, P.: Flow length and size distributions in campus internet traffic, September 2018. Accessed 1 July 2019

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Computer EngineeringNational Institute of Technology, KurukshetraThanesarIndia

Personalised recommendations