Advertisement

Abstract

One of the prominent attribute of cloud is pay-per-use, which can draw in the attackers to detriment the cloud users economically by an attack known as EDoS (Economic Denial of Sustainability) attack. This work identifies a novel class of attack in the area of EDoS attacks. Our focus is on defending the first page of any website i.e. Index Page. One of the important fact about index page attack, is that the index page of any website in this universe is available freely and even without any authentication credentials. To mitigate this attack and substantiate the difference between the legitimate and non-legitimate user, we have analyzed human behaviour of browsing and DARPA DDoS dataset. This analysis has helped us to design various models, ranging from strict to weak index page prevention models. The proposed schemes are implemented as a utility IPA-Defender (Index Page Attack Defender), which works well with minimal overhead and do not affect the legitimate users at all.

Keywords

Cloud Computing Cloud Security DDoS EDoS Index page 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Fu, Z., Papatriantafilou, M.: Off the wall: Lightweight distributed filtering to mitigate distributed denial of service attacks. In: 2012 IEEE 31st Symposium on Reliable Distributed Systems (SRDS), pp. 207–212 (2012)Google Scholar
  2. 2.
    Beitollahi, H., Deconinck, G.: Analyzing well-known countermeasures against distributed denial of service attacks. Computer Communications 35(11), 1312–1332 (2012), http://www.sciencedirect.com/science/article/pii/S0140366412001211 CrossRefGoogle Scholar
  3. 3.
    Sqalli, M., Al-Haidari, F., Salah, K.: Edos-shield - a two-steps mitigation technique against edos attacks in cloud computing. In: 2011 Fourth IEEE International Conference on Utility and Cloud Computing (UCC), pp. 49–56 (2011)Google Scholar
  4. 4.
    Al-Haidari, F., Sqalli, M., Salah, K.: Enhanced edos-shield for mitigating edos attacks originating from spoofed ip addresses. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1167–1174 (2012)Google Scholar
  5. 5.
    Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010), http://doi.acm.org/10.1145/1721654.1721672 CrossRefGoogle Scholar
  6. 6.
    Idziorek, J., Tannian, M.: Exploiting cloud utility models for profit and ruin. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), pp. 33–40 (2011)Google Scholar
  7. 7.
    Okuhara, M., Shiozaki, T., Suzuki, T.: Security architecture for cloud computing. Fujitsu Sci. Tech. J. 46(4), 397–402 (2010)Google Scholar
  8. 8.
  9. 9.
    Ye, C., Zheng, K.: Detection of application layer distributed denial of service. In: 2011 International Conference on Computer Science and Network Technology (ICCSNT), vol.  1, pp. 310–314 (2011)Google Scholar
  10. 10.
    Kashyap, B., Jena, S.: Ddos attack detection and attacker identification. International Journal of Computer Applications 42(1) (2012)Google Scholar
  11. 11.
    Zhang, J., Qin, Z., Ou, L., Jiang, P., Liu, J., Liu, A.: An advanced entropy-based ddos detection scheme. In: International Conference on Information Networking and Automation (ICINA), vol. 2, pp. V2-67–V2-71 (2010)Google Scholar
  12. 12.
    Devi, S.R., Yogesh, P.: Detection of application layer ddos attacks using information theory based metrics (2012)Google Scholar
  13. 13.
    Fu, Z., Papatriantafilou, M., Tsigas, P.: Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts. In: IEEE Symposium on Reliable Distributed Systems, SRDS 2008, pp. 63–72 (2008)Google Scholar
  14. 14.
    Das, D., Sharma, U., Bhattacharyya, D.K.: Detection of http flooding attacks in multiple scenarios. In: Proceedings of the 2011 International Conference on Communication, Computing & Security, ICCCS 2011, pp. 517–522. ACM, New York (2011), http://doi.acm.org/10.1145/1947940.1948047 Google Scholar
  15. 15.
    Xie, Y., Zheng Yu, S.: Monitoring the application-layer ddos attacks for popular websites. IEEE/ACM Transactions on Networking 17(1), 15–25 (2009)CrossRefGoogle Scholar
  16. 16.
    Lu, W.-Z., Zheng Yu, S.: An http flooding detection method based on browser behavior. In: 2006 International Conference on Computational Intelligence and Security, vol. 2, pp. 1151–1154 (2006)Google Scholar
  17. 17.
    Kim, H., Kim, B., Kim, D., Kim, I.-K., Chung, T.-M.: Implementation of GESNIC for web server protection against HTTP GET flooding attacks. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol. 7690, pp. 285–295. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    von Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart automatically. Commun. ACM 47(2), 56–60 (2004), http://doi.acm.org/10.1145/966389.966390 CrossRefGoogle Scholar
  19. 19.
    Kumar, R., Tomkins, A.: A characterization of online browsing behavior. In: Proceedings of the 19th International Conference on World Wide Web, WWW 2010, pp. 561–570. ACM, New York (2010), http://doi.acm.org/10.1145/1772690.1772748 CrossRefGoogle Scholar
  20. 20.
  21. 21.
  22. 22.

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Bhavna Saini
    • 1
  • Gaurav Somani
    • 1
  1. 1.Central University of RajasthanIndia

Personalised recommendations