DDoS Attack and Defence in Cloud

Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)


In this chapter, we explore DDoS attack and defence in the incoming dominant cloud computing platform. We firstly answer the question whether we can beat DDoS attacks in cloud with its current attack capability or not, and the cost for countering the attacks. We also discuss a possible architecture of cloud firewall against DDoS attacks.


Cloud Computing Virtual Machine Arrival Rate Service Rate Cloud Platform 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28, Feb 2009.Google Scholar
  2. 2.
    C. Peng, M. Kim, Z. Zhang, and H. Lei, “Vdn: Virtual machine image distribution network for cloud data centers,” in Proceedings of the INFOCOM, 2012, pp. 181–189.Google Scholar
  3. 3.
    S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, 2011.CrossRefGoogle Scholar
  4. 4.
    R. Bhadauria, R. Chaki, N. Chaki, and S. Sanyal, “A survey on security issues in cloud computing,” CoRR, vol. abs/1109.5388, 2011.Google Scholar
  5. 5.
    Z. Duan, X. Yuan, and J. Chandrashekar, “Controlling ip spoofing through interdomain packet filters,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 1, pp. 22–36, 2008.CrossRefGoogle Scholar
  6. 6.
    H. Wang, C. Jin, and K. G. Shin, “Defense against spoofed ip traffic using hop-count filtering,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 40–53, 2007.CrossRefGoogle Scholar
  7. 7.
    Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “Packetscore: A statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141–155, 2006.CrossRefGoogle Scholar
  8. 8.
    S. Yu, W. Zhou, W. Jia, S. Guo, Y. Xiang, and F. Tang, “Discriminating ddos attacks from flash crowds using flow correlation coefficient,” IEEE Transactions on Parallel Distributed Systems, vol. 23, no. 6, pp. 794–805, 2012.CrossRefGoogle Scholar
  9. 9.
    S. Yu, S. Guo, and I. Stojmenovic, “Can we beat legitimate cyber behavior mimicking attacks from botnets?” in Proceedings of the INFOCOM, 2012.Google Scholar
  10. 10.
    D. K. Y. Yau, J. C. S. Lui, F. Liang, and Y. Yam, “Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles,” IEEE/ACM Transactions on Networking, vol. 13, no. 1, pp. 29–42, 2005.CrossRefGoogle Scholar
  11. 11.
    R. Chen, J.-M. Park, and R. Marchany, “A divide-and-conquer strategy for thwarting distributed denial-of-service attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 5, pp. 577–588, 2007.CrossRefGoogle Scholar
  12. 12.
    Y. Chen, K. Hwang, and W.-S. Ku, “Collaborative detection of ddos attacks over multiple network domains,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 12, pp. 1649–1662, 2007.CrossRefGoogle Scholar
  13. 13.
    J. Francois, I. Aib, and R. Boutaba, “Firecol, a collaborative protection network for the detection of flooding ddos attacks,” IEEE/ACM Transactions on Networking, vol. 20, no. 6, pp. 1828–1841, 2012.CrossRefGoogle Scholar
  14. 14.
    M. H. Sqalli, F. Al-Haidari, and K. Salah, “Edos-shield - a two-steps mitigation technique against edos attacks in cloud computing,” in Proceedings of the UCC, 2011, pp. 49–56.Google Scholar
  15. 15.
    J. Idziorek, M. Tannian, and D. Jacobson, “The insecurity of cloud utility models,” IT Professional, vol. 15, no. 2, pp. 22–27, 2013.CrossRefGoogle Scholar
  16. 16.
    A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for protecting firewalls against dos attacks,” in Proceedings of the INFOCOM, 2009.Google Scholar
  17. 17.
    R. Lua and K. C. Yow, “Mitigating ddos attacks with transparent and intelligent fast-flux swarm network,” IEEE Network, no. July/August, pp. 28–33, 2011.Google Scholar
  18. 18.
    J. Chen, Y. Wang, and X. Wang, “On-demand security architecture for cloud computing,” Computer, vol. 99, no. PrePrints, 2012.Google Scholar
  19. 19.
  20. 20.
  21. 21.
    R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, and U. Schwickerath, “Image distribution mechanisms in large scale cloud providers,” in Proceedings of the CloudCom, 2010, pp. 112–117.Google Scholar
  22. 22.
    J. Zhu, Z. Jiang, and Z. Xiao, “Twinkle: A fast resource provisioning mechanism for internet services,” in Proceedings of the INFOCOM, 2011, pp. 802–810.Google Scholar
  23. 23.
    S. Yu, Y. Tian, S. Guo, and D. O. Wu, “Can we beat ddos attacks in clouds,” IEEE Transactions on Parallel Distributed Systems, vol. accepted, 2013.Google Scholar
  24. 24.
    H. Khazaei, J. V. Misic, and V. B. Misic, “Performance analysis of cloud computing centers using m/g/m/m+r queuing systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 5, pp. 936–943, 2012.CrossRefGoogle Scholar
  25. 25.
    J. F. C. Kingman, “The first erlang century - and the next,” Queueing Systems, vol. 63, no. 1–4, pp. 3–12, 2009.MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    L. Kleinrock, Queueing Systems. Wiley Interscience, 1975, vol. I: Theory.Google Scholar
  27. 27.
    D. Rovniagin and A. Wool, “The geometric efficient matching algorithm for firewalls,” IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 1, pp. 147–159, 2011.CrossRefGoogle Scholar
  28. 28.
    H. Hu, G.-J. Ahn, and K. Kulkarni, “Detecting and resolving firewall policy anomalies,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 3, pp. 318–331, 2012.CrossRefGoogle Scholar
  29. 29.
    K. Salah, K. Elbadawi, and R. Boutaba, “Performance modeling and analysis of network firewalls,” IEEE Transactions on Network and Service Management, vol. 9, no. 1, pp. 12–21, 2012.CrossRefGoogle Scholar
  30. 30.
    S. Yu, W. Zhou, R. Doss, and S. Guo, “A general cloud firewall framework with dynamic resource allocation,” in Proceedings of the IEEE ICC, 2013.Google Scholar

Copyright information

© The Author(s) 2014

Authors and Affiliations

  • Shui Yu
    • 1
  1. 1.School of Information TheoryDeakin UniversityMelbourneAustralia

Personalised recommendations