DDoS Attack and Defence in Cloud
In this chapter, we explore DDoS attack and defence in the incoming dominant cloud computing platform. We firstly answer the question whether we can beat DDoS attacks in cloud with its current attack capability or not, and the cost for countering the attacks. We also discuss a possible architecture of cloud firewall against DDoS attacks.
- 1.M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28, Feb 2009.Google Scholar
- 2.C. Peng, M. Kim, Z. Zhang, and H. Lei, “Vdn: Virtual machine image distribution network for cloud data centers,” in Proceedings of the INFOCOM, 2012, pp. 181–189.Google Scholar
- 4.R. Bhadauria, R. Chaki, N. Chaki, and S. Sanyal, “A survey on security issues in cloud computing,” CoRR, vol. abs/1109.5388, 2011.Google Scholar
- 9.S. Yu, S. Guo, and I. Stojmenovic, “Can we beat legitimate cyber behavior mimicking attacks from botnets?” in Proceedings of the INFOCOM, 2012.Google Scholar
- 14.M. H. Sqalli, F. Al-Haidari, and K. Salah, “Edos-shield - a two-steps mitigation technique against edos attacks in cloud computing,” in Proceedings of the UCC, 2011, pp. 49–56.Google Scholar
- 16.A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for protecting firewalls against dos attacks,” in Proceedings of the INFOCOM, 2009.Google Scholar
- 17.R. Lua and K. C. Yow, “Mitigating ddos attacks with transparent and intelligent fast-flux swarm network,” IEEE Network, no. July/August, pp. 28–33, 2011.Google Scholar
- 18.J. Chen, Y. Wang, and X. Wang, “On-demand security architecture for cloud computing,” Computer, vol. 99, no. PrePrints, 2012.Google Scholar
- 19.CloudWatch, http://aws.amazon.com/cloudwatch/.
- 21.R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, and U. Schwickerath, “Image distribution mechanisms in large scale cloud providers,” in Proceedings of the CloudCom, 2010, pp. 112–117.Google Scholar
- 22.J. Zhu, Z. Jiang, and Z. Xiao, “Twinkle: A fast resource provisioning mechanism for internet services,” in Proceedings of the INFOCOM, 2011, pp. 802–810.Google Scholar
- 23.S. Yu, Y. Tian, S. Guo, and D. O. Wu, “Can we beat ddos attacks in clouds,” IEEE Transactions on Parallel Distributed Systems, vol. accepted, 2013.Google Scholar
- 26.L. Kleinrock, Queueing Systems. Wiley Interscience, 1975, vol. I: Theory.Google Scholar
- 30.S. Yu, W. Zhou, R. Doss, and S. Guo, “A general cloud firewall framework with dynamic resource allocation,” in Proceedings of the IEEE ICC, 2013.Google Scholar