nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

10. DDoS Protection and Security Assurance in Cloud

verfasst von : Gaurav Somani, Manoj Singh Gaur, Dheeraj Sanghi

Erschienen in: Guide to Security Assurance for Cloud Computing

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

DDoS attacks have become a big concern for enterprises in the era of Internet computing. DDoS attacks have gained large attention from the community due to numerous fatal incidents in the last one decade. In particular, incidents on cloud services and cloud infrastructures have triggered anticipations related to heavy, longer, and hazardous attacks in near future. Additionally, economic losses due to these attacks, have given rise to Economic Denial of Sustainability (EDoS) attacks that exploit the on-demand resource provisioning feature of cloud computing. As attack strikes a service hosted on a cloud platform, the resource bottleneck would occur. Consequently, the ambiguity and inability to differentiate between legitimate and attacker traffic would lead to acquiring or buying more and more resources on the go. These fake resource claims would lead to a heavy economic burden, unnecessary downtime, power consumption, and migrations. This chapter targets at detailing the insights into the DDoS and EDoS attacks in cloud computing. Additionally, this chapter provides a comprehensive sketch of the present state of the art, recent incidents, their impact, cloud pricing and accounting mechanism, and its readiness for these attacks. Through this chapter, we argue that the present solution stack is not sufficient enough to deter or defend DDoS attack on cloud services. The major emphasis of the proposed chapter would be towards security assurance, loss sharing, and providing a detailed guideline about the ideal solutions.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Improving Cloud Assurance and Transparency Through Accountability Mechanisms

Nächstes Kapitel Cloud Data Auditing Using Proofs of Retrievability

Abliz M, Znati T (2009) A guided tour puzzle for denial of service prevention. In: Annual computer security applications conference (ACSAC ’09), Honolulu, pp 279–288, Dec 2009

Al-Haidari F, Sqalli MH, Salah K (2012) Enhanced EDoS-shield for mitigating EDoS attacks originating from spoofed IP addresses. In: Min G, Wu Y, (Chris) Liu L, Jin X, Jarvis SA, Yassin Al-Dubai A (eds) 11th IEEE international conference on trust, security and privacy in computing and communications (TrustCom 2012), Liverpool, 25–27 June 2012, pp 1167–1174. IEEE Computer Society

Alosaimi W, Al-Begain K (2013) An enhanced economical denial of sustainability mitigation system for the cloud. In: NGMAST, Prague, pp 19–25. IEEE

Arakaki T (2007) Dos attack cripples $1 billion virtual games trade – blackmailers blamed. http://texyt.com/dos+attack+hack+cripples+online+games+item+trade+00119

Baig ZA, Binbeshr F (2013) Controlled virtual resource access to mitigate economic denial of sustainability (edos) attacks against cloud infrastructures. In: Proceedings of the 2013 international conference on cloud computing and big data (CLOUDCOM-ASIA ’13), Washington, DC, pp 346–353. IEEE Computer Society

Burt C (2014) Large volume ddos attacks see exceptional growth in first half of 2014: Arbor networks. http://www.thewhir.com/web-hosting-news/large-volume-ddos-attacks-see-exceptional-growth-first-half-2014-arbor-networks

Chen Q, Lin W, Dou W, Yu S (2011) Cbf: a packet filtering method for ddos attack defense in cloud environment. In: IEEE ninth international conference on dependable, autonomic and secure computing (DASC), Sydney, pp 427–434. IEEE

Amazon CloudWatch (2014) Amazon cloudwatch. https://aws.amazon.com/cloudwatch/

Davis J (2007) Hackers take down the most wired country in europe. http://archive.wired.com/politics/security/magazine/15-09/ff_estonia?currentPage=all

10.

Dean D, Stubblefield A (2001) Using client puzzles to protect tls. In: USENIX security symposium, Washington, DC, vol 42

11.

Dou W, Chen Q, Chen J (2013) A confidence-based filtering method for ddos attack defense in cloud environment. Future Gener Comput Syst 29(7):1838–1850

12.

Douligeris C, Mitrokotsa A (2004) {DDoS} attacks and defense mechanisms: classification and state-of-the-art. Comput Netw 44(5):643–666

13.

See refrence [12]

14.

Du P, Nakao A (2010) Ddos defense as a network service. In: Network operations and management symposium (NOMS), Osaka, pp 894–897. IEEE

15.

Ismail MN, et al. (2013) Detecting flooding based doS attack in cloud computing environment using covariance matrix approach. In: ICUIMC, Kota Kinabalu, p 36. ACM

16.

Gómez-Lopera JF, Martínez-Aroza J, Robles-Pérez AM, Román-Roldán R (2000) An analysis of edge detection by using the jensen-shannon divergence. J Math Imaging Vis 13(1):35–56

17.

Guenane F, Nogueira M, Pujolle G (2014) Reducing ddos attacks impact using a hybrid cloud-based firewalling architecture. In: Global information infrastructure and networking symposium (GIIS 2014), Montreal, pp 1–6. IEEE

18.

Gupta BB, Misra M, Joshi RC (2012) An ISP level solution to combat ddos attacks using combined statistical based approach. CoRR, abs/1203.2400

19.

Hendrickson M (2008) Slideshare slammed with ddos attacks from china. http://techcrunch.com/2008/04/23/slideshare-slammed-with-ddos-attacks-from-china/

20.

Hoffman S (2013) Ddos: a brief history. https://blog.fortinet.com/post/ddos-a-brief-history

21.

Huang VS, Huang R, Chiang M (2013) A ddos mitigation system with multi-stage detection and text-based turing testing in cloud computing. In: 2013 27th international conference on advanced information networking and applications workshops (WAINA), Barcelona, pp 655–662. IEEE

22.

Idziorek J, Tannian M Exploiting cloud utility models for profit and ruin. In: Proceedings of the IEEE international conference on cloud computing (4th IEEE CLOUD’11), Washington, DC, pp 33–40, July 2011. IEEE Computer Society

23.

Idziorek J, Tannian M, Jacobson D (2011) Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM workshop on cloud computing security, Chicago, pp 61–72. ACM

24.

Jeyanthi N, Mogankumar PC (2014) A virtual firewall mechanism using army nodes to protect cloud infrastructure from ddos attacks. Cybern Inf Technol 14(3):71–85

25.

Jia Q, Wang H, Fleck D, Li F, Stavrou A, Powell W (2014) Catch me if you can: a cloud-enabled ddos defense. In: 44th annual IEEE/IFIP international conference on dependable systems and networks (DSN), Atlanta, pp 264–275. IEEE

26.

Kandula S, Katabi D, Jacob M, Berger A (2005) Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds (awarded best student paper). In: NSDI, Boston. USENIX

27.

Karnwal T, Sivakumar T, Aghila G (2012) A comber approach to protect cloud computing against xml ddos and http ddos attack. In: 2012 IEEE students’ conference on electrical, electronics and computer science (SCEECS), Bhopal, pp 1–5. IEEE

28.

Khor SH, Nakao A (2009) spow: on-demand cloud-based eddos mitigation mechanism. In: HotDep (Fifth workshop on hot topics in system dependability), Estoril

29.

Khor SH, Nakao A (2011) Daas: Ddos mitigation-as-a-service. In: 11th international symposium on applications and the internet (SAINT), Munich, pp 160–171. IEEE

30.

Kim SH, Kim JH (2010) Method for detecting and preventing a ddos attack using cloud computing, and server, 12 July 2010. US Patent App. 13/386,516

31.

Koduru A, Neelakantam T, Saira Bhanu SM (2013) Detection of economic denial of sustainability using time spent on a web page in cloud. In: 2013 IEEE international conference on cloud computing in emerging markets (CCEM), Bangalore, pp 1–4, Oct 2013

32.

Kumar MN, Sujatha P, Kalva V, Nagori R, Katukojwala AK, Kumar M (2012) Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: Proceedings of the 2012 fourth international conference on computational intelligence and communication networks (CICN ’12), Washington, DC, pp 535–539. IEEE Computer Society

33.

Labs K (2014) Global it security risks survey 2014–distributed denial of service (ddos) attacks. http://media.kaspersky.com/en/B2B-International-2014-Survey-DDoS-Summary-Report.pdf

34.

Latanicki J, Massonet P, Naqvi S, Rochwerger B, Villari M (2010) Scalable cloud defenses for detection, analysis and mitigation of ddos attacks. In: Future internet assembly, Valencia, pp 127–137

35.

Libbenga J (2007) Ddos attacks deemed illegal in sweden. http://www.theregister.co.uk/2007/02/20/ddos_attacks_illegal_in_sweden/

36.

Mao M, Li J, Humphrey M (2010) Cloud auto-scaling with deadline and budget constraints. In: 2010 11th IEEE/ACM international conference on grid computing (GRID), Brussels, pp 41–48. IEEE

37.

Masood M, Anwar Z, Raza SA, Hur MA (2013) Edos armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In: 2013 16th international multi topic conference (INMIC), Lahore, pp 37–42, Dec 2013

38.

Mirkovic J, Reiher P (2004) A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput Commun Rev 34(2):39–53

39.

Moore D, Shannon C, Brown DJ, Voelker GM, Savage S (2006) Inferring internet denial-of-service activity. ACM Trans Comput Syst (TOCS) 24(2):115–139,

40.

Morein WG, Stavrou A, Cook DL, Keromytis AD, Misra V, Rubenstein D (2003) Using graphic turing tests to counter automated ddos attacks against web servers. In: Proceedings of the 10th ACM conference on computer and communications security (CCS ’03), New York, pp 8–19. ACM

41.

Munson L (2015) Greatfire.org faces daily $30,000 bill from ddos attack. https://nakedsecurity.sophos.com/2015/03/20/greatfire-org-faces-daily-30000-bill-from-ddos-attack/

42.

Nelson P (2015) Cybercriminals moving into cloud big time, report says. http://www.networkworld.com/article/2900125/malware-cybercrime/criminals-moving-into-cloud-big-time-says-report.html

43.

Arbor Networks (2014) Understanding the nature of ddos attacks. http://www.arbornetworks.com/asert/2012/09/understanding-the-nature-of-ddos-attacks/

44.

BBC News (2004) Worldpay struck by online attack. http://news.bbc.co.uk/2/hi/business/3713174.stm

45.

CNN News (2008) Cnn web site targeted. http://edition.cnn.com/2008/TECH/04/18/cnn.websites/

46.

Neustar News (2014) Neustar 2014 ‘ddos attacks and impact report’ finds unpredictable ddos landscape. http://www.neustar.biz/about-us/news-room/press-releases/2014/neustar-2014-ddos-attacks-and-impact-report-finds-unpredictable-ddos-landscape#.U33B_nbzdsV

47.

SPAMfighter News (2015) Survey – with ddos attacks companies lose around £100k/hr. http://www.spamfighter.com/News-19554-Survey-With-DDoS-Attacks-Companies-Lose-around-100kHr.htm

48.

OUT-LAW.COM (2006) Uk bans denial of service attacks. http://www.theregister.co.uk/2006/11/12/uk_bans_denial_of_service_attacks/

49.

Peng T, Leckie C, Ramamohanarao K (2007) Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput Surv 39(1):3

50.

See reference [49]

51.

Prolexic (2014) http://www.prolexic.com/. http://www.prolexic.com/

52.

Saini B, Somani G (2014) Index page based edos attacks in infrastructure cloud. In: Recent trends in computer networks and distributed systems security, Trivandrum, pp 382–395. Springer

53.

Seals T (2015) Q1 2015 ddos attacks spike, targeting cloud. http://www.infosecurity-magazine.com/news/q1-2015-ddos-attacks-spike/

54.

Shamsolmoali P, Zareapoor M (2014) Statistical-based filtering system against ddos attacks in cloud computing. In: 2014 international conference on advances in computing, communications and informatics (ICACCI), Delhi, pp 1234–1239. IEEE

55.

Somani G, Gaur MS, Sanghi D (2015) Ddos/edos attack in cloud: affecting everyone out there! In: Proceedings of the 8th international conference on security of information and networks (SIN ’15), New York. ACM

56.

Sqalli MH, Al-Haidari F, Salah K (2011) EDoS-shield – a two-steps mitigation technique against EDoS attacks in cloud computing. In: UCC, Melbourne, pp 49–56. IEEE Computer Society

57.

Technologies A (2013) Akamai’s state of the internet q4 2013 executive summary volume 6 number 4. http://www.akamai.com/dl/akamai/akamai-soti-q413-exec-summary.pdf

58.

Vamosi R (2008) Imdb victim of denial-of-service attack. http://www.cnet.com/news/imdb-victim-of-denial-of-service-attack/

59.

Vance A (2005) Man admits to ebay ddos attack. http://www.theregister.co.uk/2005/12/28/ebay_bots_ddos/

60.

Vissers T, Somasundaram TS, Pieters L, Govindarajan K, Hellinckx P (2014) Ddos defense system for web services in a cloud environment. Future Gener Comput Syst 37:37–45

61.

Wang H, Jia Q, Fleck D, Powell W, Li F, Stavrou A (2014) A moving target ddos defense mechanism. Comput Commun 46:10–21

62.

Yan J, El Ahmad AS (2009) Captcha security: a case study. IEEE Secur Priv 7(4):22–28

63.

Yu S, Tian Y, Guo S, Wu D (2013) Can we beat ddos attacks in clouds? IEEE Trans Parallel Distrib Syst (99):1–1

64.

Zhao S, Chen K, Zheng W (2009) Defend against denial of service attack with vmm. In: Eighth international conference on grid and cooperative computing, 2009 (GCC’09), Lanzhou, pp 91–96. IEEE

Titel: DDoS Protection and Security Assurance in Cloud
verfasst von: Gaurav Somani
Manoj Singh Gaur
Dheeraj Sanghi
Verlag: Springer International Publishing
Buch: Guide to Security Assurance for Cloud Computing
Print ISBN: 978-3-319-25986-4

Electronic ISBN: 978-3-319-25988-8

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-25988-8_10

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"