Abstract
In this chapter, we explore DDoS attack and defence in the incoming dominant cloud computing platform. We firstly answer the question whether we can beat DDoS attacks in cloud with its current attack capability or not, and the cost for countering the attacks. We also discuss a possible architecture of cloud firewall against DDoS attacks.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28, Feb 2009.
C. Peng, M. Kim, Z. Zhang, and H. Lei, “Vdn: Virtual machine image distribution network for cloud data centers,” in Proceedings of the INFOCOM, 2012, pp. 181–189.
S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, 2011.
R. Bhadauria, R. Chaki, N. Chaki, and S. Sanyal, “A survey on security issues in cloud computing,” CoRR, vol. abs/1109.5388, 2011.
Z. Duan, X. Yuan, and J. Chandrashekar, “Controlling ip spoofing through interdomain packet filters,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 1, pp. 22–36, 2008.
H. Wang, C. Jin, and K. G. Shin, “Defense against spoofed ip traffic using hop-count filtering,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 40–53, 2007.
Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “Packetscore: A statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141–155, 2006.
S. Yu, W. Zhou, W. Jia, S. Guo, Y. Xiang, and F. Tang, “Discriminating ddos attacks from flash crowds using flow correlation coefficient,” IEEE Transactions on Parallel Distributed Systems, vol. 23, no. 6, pp. 794–805, 2012.
S. Yu, S. Guo, and I. Stojmenovic, “Can we beat legitimate cyber behavior mimicking attacks from botnets?” in Proceedings of the INFOCOM, 2012.
D. K. Y. Yau, J. C. S. Lui, F. Liang, and Y. Yam, “Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles,” IEEE/ACM Transactions on Networking, vol. 13, no. 1, pp. 29–42, 2005.
R. Chen, J.-M. Park, and R. Marchany, “A divide-and-conquer strategy for thwarting distributed denial-of-service attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 5, pp. 577–588, 2007.
Y. Chen, K. Hwang, and W.-S. Ku, “Collaborative detection of ddos attacks over multiple network domains,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 12, pp. 1649–1662, 2007.
J. Francois, I. Aib, and R. Boutaba, “Firecol, a collaborative protection network for the detection of flooding ddos attacks,” IEEE/ACM Transactions on Networking, vol. 20, no. 6, pp. 1828–1841, 2012.
M. H. Sqalli, F. Al-Haidari, and K. Salah, “Edos-shield - a two-steps mitigation technique against edos attacks in cloud computing,” in Proceedings of the UCC, 2011, pp. 49–56.
J. Idziorek, M. Tannian, and D. Jacobson, “The insecurity of cloud utility models,” IT Professional, vol. 15, no. 2, pp. 22–27, 2013.
A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for protecting firewalls against dos attacks,” in Proceedings of the INFOCOM, 2009.
R. Lua and K. C. Yow, “Mitigating ddos attacks with transparent and intelligent fast-flux swarm network,” IEEE Network, no. July/August, pp. 28–33, 2011.
J. Chen, Y. Wang, and X. Wang, “On-demand security architecture for cloud computing,” Computer, vol. 99, no. PrePrints, 2012.
CloudWatch, http://aws.amazon.com/cloudwatch/.
R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, and U. Schwickerath, “Image distribution mechanisms in large scale cloud providers,” in Proceedings of the CloudCom, 2010, pp. 112–117.
J. Zhu, Z. Jiang, and Z. Xiao, “Twinkle: A fast resource provisioning mechanism for internet services,” in Proceedings of the INFOCOM, 2011, pp. 802–810.
S. Yu, Y. Tian, S. Guo, and D. O. Wu, “Can we beat ddos attacks in clouds,” IEEE Transactions on Parallel Distributed Systems, vol. accepted, 2013.
H. Khazaei, J. V. Misic, and V. B. Misic, “Performance analysis of cloud computing centers using m/g/m/m+r queuing systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 5, pp. 936–943, 2012.
J. F. C. Kingman, “The first erlang century - and the next,” Queueing Systems, vol. 63, no. 1–4, pp. 3–12, 2009.
L. Kleinrock, Queueing Systems. Wiley Interscience, 1975, vol. I: Theory.
D. Rovniagin and A. Wool, “The geometric efficient matching algorithm for firewalls,” IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 1, pp. 147–159, 2011.
H. Hu, G.-J. Ahn, and K. Kulkarni, “Detecting and resolving firewall policy anomalies,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 3, pp. 318–331, 2012.
K. Salah, K. Elbadawi, and R. Boutaba, “Performance modeling and analysis of network firewalls,” IEEE Transactions on Network and Service Management, vol. 9, no. 1, pp. 12–21, 2012.
S. Yu, W. Zhou, R. Doss, and S. Guo, “A general cloud firewall framework with dynamic resource allocation,” in Proceedings of the IEEE ICC, 2013.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2014 The Author(s)
About this chapter
Cite this chapter
Yu, S. (2014). DDoS Attack and Defence in Cloud. In: Distributed Denial of Service Attack and Defense. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9491-1_5
Download citation
DOI: https://doi.org/10.1007/978-1-4614-9491-1_5
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-9490-4
Online ISBN: 978-1-4614-9491-1
eBook Packages: Computer ScienceComputer Science (R0)