Skip to main content
SpringerLink
Log in
Book cover

Guide to Security Assurance for Cloud Computing pp 171–191Cite as

DDoS Protection and Security Assurance in Cloud

  • Chapter
  • First Online:

Part of the book series: Computer Communications and Networks ((CCN))

Abstract

DDoS attacks have become a big concern for enterprises in the era of Internet computing. DDoS attacks have gained large attention from the community due to numerous fatal incidents in the last one decade. In particular, incidents on cloud services and cloud infrastructures have triggered anticipations related to heavy, longer, and hazardous attacks in near future. Additionally, economic losses due to these attacks, have given rise to Economic Denial of Sustainability (EDoS) attacks that exploit the on-demand resource provisioning feature of cloud computing. As attack strikes a service hosted on a cloud platform, the resource bottleneck would occur. Consequently, the ambiguity and inability to differentiate between legitimate and attacker traffic would lead to acquiring or buying more and more resources on the go. These fake resource claims would lead to a heavy economic burden, unnecessary downtime, power consumption, and migrations. This chapter targets at detailing the insights into the DDoS and EDoS attacks in cloud computing. Additionally, this chapter provides a comprehensive sketch of the present state of the art, recent incidents, their impact, cloud pricing and accounting mechanism, and its readiness for these attacks. Through this chapter, we argue that the present solution stack is not sufficient enough to deter or defend DDoS attack on cloud services. The major emphasis of the proposed chapter would be towards security assurance, loss sharing, and providing a detailed guideline about the ideal solutions.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Abliz M, Znati T (2009) A guided tour puzzle for denial of service prevention. In: Annual computer security applications conference (ACSAC ’09), Honolulu, pp 279–288, Dec 2009

    Google Scholar 

  2. Al-Haidari F, Sqalli MH, Salah K (2012) Enhanced EDoS-shield for mitigating EDoS attacks originating from spoofed IP addresses. In: Min G, Wu Y, (Chris) Liu L, Jin X, Jarvis SA, Yassin Al-Dubai A (eds) 11th IEEE international conference on trust, security and privacy in computing and communications (TrustCom 2012), Liverpool, 25–27 June 2012, pp 1167–1174. IEEE Computer Society

    Google Scholar 

  3. Alosaimi W, Al-Begain K (2013) An enhanced economical denial of sustainability mitigation system for the cloud. In: NGMAST, Prague, pp 19–25. IEEE

    Google Scholar 

  4. Arakaki T (2007) Dos attack cripples $1 billion virtual games trade – blackmailers blamed. http://texyt.com/dos+attack+hack+cripples+online+games+item+trade+00119

  5. Baig ZA, Binbeshr F (2013) Controlled virtual resource access to mitigate economic denial of sustainability (edos) attacks against cloud infrastructures. In: Proceedings of the 2013 international conference on cloud computing and big data (CLOUDCOM-ASIA ’13), Washington, DC, pp 346–353. IEEE Computer Society

    Google Scholar 

  6. Burt C (2014) Large volume ddos attacks see exceptional growth in first half of 2014: Arbor networks. http://www.thewhir.com/web-hosting-news/large-volume-ddos-attacks-see-exceptional-growth-first-half-2014-arbor-networks

  7. Chen Q, Lin W, Dou W, Yu S (2011) Cbf: a packet filtering method for ddos attack defense in cloud environment. In: IEEE ninth international conference on dependable, autonomic and secure computing (DASC), Sydney, pp 427–434. IEEE

    Google Scholar 

  8. Amazon CloudWatch (2014) Amazon cloudwatch. https://aws.amazon.com/cloudwatch/

  9. Davis J (2007) Hackers take down the most wired country in europe. http://archive.wired.com/politics/security/magazine/15-09/ff_estonia?currentPage=all

  10. Dean D, Stubblefield A (2001) Using client puzzles to protect tls. In: USENIX security symposium, Washington, DC, vol 42

    Google Scholar 

  11. Dou W, Chen Q, Chen J (2013) A confidence-based filtering method for ddos attack defense in cloud environment. Future Gener Comput Syst 29(7):1838–1850

    Google Scholar 

  12. Douligeris C, Mitrokotsa A (2004) {DDoS} attacks and defense mechanisms: classification and state-of-the-art. Comput Netw 44(5):643–666

    Google Scholar 

  13. See refrence [12]

    Google Scholar 

  14. Du P, Nakao A (2010) Ddos defense as a network service. In: Network operations and management symposium (NOMS), Osaka, pp 894–897. IEEE

    Google Scholar 

  15. Ismail MN, et al. (2013) Detecting flooding based doS attack in cloud computing environment using covariance matrix approach. In: ICUIMC, Kota Kinabalu, p 36. ACM

    Google Scholar 

  16. Gómez-Lopera JF, Martínez-Aroza J, Robles-Pérez AM, Román-Roldán R (2000) An analysis of edge detection by using the jensen-shannon divergence. J Math Imaging Vis 13(1):35–56

    Google Scholar 

  17. Guenane F, Nogueira M, Pujolle G (2014) Reducing ddos attacks impact using a hybrid cloud-based firewalling architecture. In: Global information infrastructure and networking symposium (GIIS 2014), Montreal, pp 1–6. IEEE

    Google Scholar 

  18. Gupta BB, Misra M, Joshi RC (2012) An ISP level solution to combat ddos attacks using combined statistical based approach. CoRR, abs/1203.2400

    Google Scholar 

  19. Hendrickson M (2008) Slideshare slammed with ddos attacks from china. http://techcrunch.com/2008/04/23/slideshare-slammed-with-ddos-attacks-from-china/

  20. Hoffman S (2013) Ddos: a brief history. https://blog.fortinet.com/post/ddos-a-brief-history

  21. Huang VS, Huang R, Chiang M (2013) A ddos mitigation system with multi-stage detection and text-based turing testing in cloud computing. In: 2013 27th international conference on advanced information networking and applications workshops (WAINA), Barcelona, pp 655–662. IEEE

    Google Scholar 

  22. Idziorek J, Tannian M Exploiting cloud utility models for profit and ruin. In: Proceedings of the IEEE international conference on cloud computing (4th IEEE CLOUD’11), Washington, DC, pp 33–40, July 2011. IEEE Computer Society

    Google Scholar 

  23. Idziorek J, Tannian M, Jacobson D (2011) Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM workshop on cloud computing security, Chicago, pp 61–72. ACM

    Google Scholar 

  24. Jeyanthi N, Mogankumar PC (2014) A virtual firewall mechanism using army nodes to protect cloud infrastructure from ddos attacks. Cybern Inf Technol 14(3):71–85

    Google Scholar 

  25. Jia Q, Wang H, Fleck D, Li F, Stavrou A, Powell W (2014) Catch me if you can: a cloud-enabled ddos defense. In: 44th annual IEEE/IFIP international conference on dependable systems and networks (DSN), Atlanta, pp 264–275. IEEE

    Google Scholar 

  26. Kandula S, Katabi D, Jacob M, Berger A (2005) Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds (awarded best student paper). In: NSDI, Boston. USENIX

    Google Scholar 

  27. Karnwal T, Sivakumar T, Aghila G (2012) A comber approach to protect cloud computing against xml ddos and http ddos attack. In: 2012 IEEE students’ conference on electrical, electronics and computer science (SCEECS), Bhopal, pp 1–5. IEEE

    Google Scholar 

  28. Khor SH, Nakao A (2009) spow: on-demand cloud-based eddos mitigation mechanism. In: HotDep (Fifth workshop on hot topics in system dependability), Estoril

    Google Scholar 

  29. Khor SH, Nakao A (2011) Daas: Ddos mitigation-as-a-service. In: 11th international symposium on applications and the internet (SAINT), Munich, pp 160–171. IEEE

    Google Scholar 

  30. Kim SH, Kim JH (2010) Method for detecting and preventing a ddos attack using cloud computing, and server, 12 July 2010. US Patent App. 13/386,516

    Google Scholar 

  31. Koduru A, Neelakantam T, Saira Bhanu SM (2013) Detection of economic denial of sustainability using time spent on a web page in cloud. In: 2013 IEEE international conference on cloud computing in emerging markets (CCEM), Bangalore, pp 1–4, Oct 2013

    Google Scholar 

  32. Kumar MN, Sujatha P, Kalva V, Nagori R, Katukojwala AK, Kumar M (2012) Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: Proceedings of the 2012 fourth international conference on computational intelligence and communication networks (CICN ’12), Washington, DC, pp 535–539. IEEE Computer Society

    Google Scholar 

  33. Labs K (2014) Global it security risks survey 2014–distributed denial of service (ddos) attacks. http://media.kaspersky.com/en/B2B-International-2014-Survey-DDoS-Summary-Report.pdf

  34. Latanicki J, Massonet P, Naqvi S, Rochwerger B, Villari M (2010) Scalable cloud defenses for detection, analysis and mitigation of ddos attacks. In: Future internet assembly, Valencia, pp 127–137

    Google Scholar 

  35. Libbenga J (2007) Ddos attacks deemed illegal in sweden. http://www.theregister.co.uk/2007/02/20/ddos_attacks_illegal_in_sweden/

  36. Mao M, Li J, Humphrey M (2010) Cloud auto-scaling with deadline and budget constraints. In: 2010 11th IEEE/ACM international conference on grid computing (GRID), Brussels, pp 41–48. IEEE

    Google Scholar 

  37. Masood M, Anwar Z, Raza SA, Hur MA (2013) Edos armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In: 2013 16th international multi topic conference (INMIC), Lahore, pp 37–42, Dec 2013

    Google Scholar 

  38. Mirkovic J, Reiher P (2004) A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput Commun Rev 34(2):39–53

    Google Scholar 

  39. Moore D, Shannon C, Brown DJ, Voelker GM, Savage S (2006) Inferring internet denial-of-service activity. ACM Trans Comput Syst (TOCS) 24(2):115–139,

    Google Scholar 

  40. Morein WG, Stavrou A, Cook DL, Keromytis AD, Misra V, Rubenstein D (2003) Using graphic turing tests to counter automated ddos attacks against web servers. In: Proceedings of the 10th ACM conference on computer and communications security (CCS ’03), New York, pp 8–19. ACM

    Google Scholar 

  41. Munson L (2015) Greatfire.org faces daily $30,000 bill from ddos attack. https://nakedsecurity.sophos.com/2015/03/20/greatfire-org-faces-daily-30000-bill-from-ddos-attack/

  42. Nelson P (2015) Cybercriminals moving into cloud big time, report says. http://www.networkworld.com/article/2900125/malware-cybercrime/criminals-moving-into-cloud-big-time-says-report.html

  43. Arbor Networks (2014) Understanding the nature of ddos attacks. http://www.arbornetworks.com/asert/2012/09/understanding-the-nature-of-ddos-attacks/

  44. BBC News (2004) Worldpay struck by online attack. http://news.bbc.co.uk/2/hi/business/3713174.stm

  45. CNN News (2008) Cnn web site targeted. http://edition.cnn.com/2008/TECH/04/18/cnn.websites/

  46. Neustar News (2014) Neustar 2014 ‘ddos attacks and impact report’ finds unpredictable ddos landscape. http://www.neustar.biz/about-us/news-room/press-releases/2014/neustar-2014-ddos-attacks-and-impact-report-finds-unpredictable-ddos-landscape#.U33B_nbzdsV

  47. SPAMfighter News (2015) Survey – with ddos attacks companies lose around £100k/hr. http://www.spamfighter.com/News-19554-Survey-With-DDoS-Attacks-Companies-Lose-around-100kHr.htm

  48. OUT-LAW.COM (2006) Uk bans denial of service attacks. http://www.theregister.co.uk/2006/11/12/uk_bans_denial_of_service_attacks/

  49. Peng T, Leckie C, Ramamohanarao K (2007) Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput Surv 39(1):3

    Google Scholar 

  50. See reference [49]

    Google Scholar 

  51. Prolexic (2014) http://www.prolexic.com/. http://www.prolexic.com/

  52. Saini B, Somani G (2014) Index page based edos attacks in infrastructure cloud. In: Recent trends in computer networks and distributed systems security, Trivandrum, pp 382–395. Springer

    Google Scholar 

  53. Seals T (2015) Q1 2015 ddos attacks spike, targeting cloud. http://www.infosecurity-magazine.com/news/q1-2015-ddos-attacks-spike/

  54. Shamsolmoali P, Zareapoor M (2014) Statistical-based filtering system against ddos attacks in cloud computing. In: 2014 international conference on advances in computing, communications and informatics (ICACCI), Delhi, pp 1234–1239. IEEE

    Google Scholar 

  55. Somani G, Gaur MS, Sanghi D (2015) Ddos/edos attack in cloud: affecting everyone out there! In: Proceedings of the 8th international conference on security of information and networks (SIN ’15), New York. ACM

    Google Scholar 

  56. Sqalli MH, Al-Haidari F, Salah K (2011) EDoS-shield – a two-steps mitigation technique against EDoS attacks in cloud computing. In: UCC, Melbourne, pp 49–56. IEEE Computer Society

    Google Scholar 

  57. Technologies A (2013) Akamai’s state of the internet q4 2013 executive summary volume 6 number 4. http://www.akamai.com/dl/akamai/akamai-soti-q413-exec-summary.pdf

  58. Vamosi R (2008) Imdb victim of denial-of-service attack. http://www.cnet.com/news/imdb-victim-of-denial-of-service-attack/

  59. Vance A (2005) Man admits to ebay ddos attack. http://www.theregister.co.uk/2005/12/28/ebay_bots_ddos/

  60. Vissers T, Somasundaram TS, Pieters L, Govindarajan K, Hellinckx P (2014) Ddos defense system for web services in a cloud environment. Future Gener Comput Syst 37:37–45

    Google Scholar 

  61. Wang H, Jia Q, Fleck D, Powell W, Li F, Stavrou A (2014) A moving target ddos defense mechanism. Comput Commun 46:10–21

    Google Scholar 

  62. Yan J, El Ahmad AS (2009) Captcha security: a case study. IEEE Secur Priv 7(4):22–28

    Google Scholar 

  63. Yu S, Tian Y, Guo S, Wu D (2013) Can we beat ddos attacks in clouds? IEEE Trans Parallel Distrib Syst (99):1–1

    Google Scholar 

  64. Zhao S, Chen K, Zheng W (2009) Defend against denial of service attack with vmm. In: Eighth international conference on grid and cooperative computing, 2009 (GCC’09), Lanzhou, pp 91–96. IEEE

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Central University of Rajasthan, Ajmer, Rajasthan, India

    Gaurav Somani

  2. Department of Computer Science and Engineering, Malaviya National Institute of Technology, Jaipur, India

    Manoj Singh Gaur

  3. Computer Science and Engineering, Indian Institute of Technology, Kanpur, India

    Dheeraj Sanghi

Authors
  1. Gaurav Somani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manoj Singh Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dheeraj Sanghi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaurav Somani .

Editor information

Editors and Affiliations

  1. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Shao Ying Zhu

  2. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Richard Hill

  3. University of Derby, Department of Computing and Mathematics, Derby, United Kingdom

    Marcello Trovati

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Somani, G., Gaur, M.S., Sanghi, D. (2015). DDoS Protection and Security Assurance in Cloud. In: Zhu, S., Hill, R., Trovati, M. (eds) Guide to Security Assurance for Cloud Computing. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-25988-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25988-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25986-4

  • Online ISBN: 978-3-319-25988-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation