Top

Annals of Telecommunications

Published in:

01-06-2017

Service resizing for quick DDoS mitigation in cloud computing environment

Authors: Gaurav Somani, Manoj Singh Gaur, Dheeraj Sanghi, Mauro Conti, Rajkumar Buyya

Published in: Annals of Telecommunications | Issue 5-6/2017

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Current trends in distributed denial of service (DDoS) attacks show variations in terms of attack motivation, planning, infrastructure, and scale. “DDoS-for-Hire” and “DDoS mitigation as a Service” are the two services, which are available to attackers and victims, respectively. In this work, we provide a fundamental difference between a “regular” DDoS attack and an “extreme” DDoS attack. We conduct DDoS attacks on cloud services, where having the same attack features, two different services show completely different consequences, due to the difference in the resource utilization per request. We study various aspects of these attacks and find out that the DDoS mitigation service’s performance is dependent on two factors. One factor is related to the severity of the “resource-race” with the victim web-service. Second factor is “attack cooling down period” which is the time taken to bring the service availability post detection of the attack. Utilizing these two important factors, we propose a supporting framework for the DDoS mitigation services, by assisting in reducing the attack mitigation time and the overall downtime. This novel framework comprises of an affinity-based victim-service resizing algorithm to provide performance isolation, and a TCP tuning technique to quickly free the attack connections, hence minimizing the attack cooling down period. We evaluate the proposed novel techniques with real attack instances and compare various attack metrics. Results show a significant improvement to the performance of DDoS mitigation service, providing quick attack mitigation. The presence of proposed DDoS mitigation support framework demonstrated a major reduction of more than 50% in the service downtime.

previous article Security and privacy issues in cloud computing

next article An empirical study on acceptance of secure healthcare service in Malaysia, Pakistan, and Saudi Arabia: a mobile cloud computing perspective

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Abbas H, Latif R, Latif S, Masood A (2016) Performance evaluation of Enhanced Very Fast Decision Tree (EVFDT) mechanism for distributed denial-of-service attack detection in health care systems. Annales des Telecommunications pp 1–11

Andreasson O (2016) Ipsysctl tutorial 1.0.4. https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/tcpvariables.html

Arbor Networks: Understanding the nature of DDoS attacks…. http://www.arbornetworks.com/asert/2012/09/understanding-the-nature-of-ddos-attacks/(2014)

AWS Discussion Forum: https://forums.aws.amazon.com.https://forums.aws.amazon.com (2006)

Cohen R (2009) Cloud Attack: Economic Denial of Sustainability (EDoS). http://www.elasticvapor.com/2009/01/cloud-attack-economic-denial-of.html

Douligeris C, Mitrokotsa A (2004) DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput Netw 44(5):643–666CrossRef

Ficco M, Rak M (2015) Stealthy denial of service strategy in cloud computing. IEEE Trans Cloud Comput 3(1):80–94CrossRef

HTTP Archive: http://archive.org/compare.php (2016)

Huang V, Huang R, Chiang M (2013) A DDoS Mitigation System with Multi-stage Detection and Text-Based Turing Testing in Cloud Computing. In: 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE, pp 655–662

10.

Idziorek J, Tannian MF, Jacobson D (2013) The insecurity of cloud utility models. IT Prof 15(2):22–27CrossRef

11.

Idziorek et al (2011) Exploiting cloud utility models for profit and ruin. In: Proceedings IEEE International Conference on Cloud Computing (4th IEEE CLOUD’11). IEEE Computer Society, DC, USA, pp 33–40

12.

Ismail MN, Aborujilah A, Musa S, Shahzad A (2013) Detecting flooding based dos attack in cloud computing environment using covariance matrix approach. In: Proceedings of the 7th International Conference Ubiquitous Information Management and Communication. ACM, p 36

13.

González J (2016) DDoS Deflate. https://github.com/jgmdev/ddos-deflate

14.

Jia Q, Wang H, Fleck D, Li F, Stavrou A, Powell W (2014) Catch me if you can: a cloud-enabled DDoS defense. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, pp 264– 275

15.

Kerrisk M (2016) SCHED_SETAFFINITY. http://man7.org/linux/man-pages/man2/sched_setaffinity.2.html

16.

Khor SH, Nakao A (2009) spow: On-demand cloud-based EDDoS mitigation mechanism. In: HotDep (Fifth Workshop on Hot Topics in System Dependability)

17.

Weins K (2015) Cloud Computing Trends: 2015 State of the Cloud Survey. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2015-state-cloud-survey

18.

Koduru A, Neelakantam T, Bhanu S, Mary S (2013) Detection of Economic Denial of Sustainability Using Time Spent on a Web Page in Cloud. In: IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), pp 1–4

19.

Latanicki J, Massonet P, Naqvi S, Rochwerger B, Villari M (2010) Scalable cloud defenses for detection, analysis and mitigation of DDoS attacks. In: Future Internet Assembly, pp 127– 137

20.

Lopez MA, Ferrazani Mattos DM, Duarte OCMB (2016) An elastic intrusion detection system for software networks. Ann Telecommun:1–11

21.

Love RM (2016) Taskset Command. http://www.linuxcommand.org/man_pages/taskset1.html

22.

Mirkovic J, Reiher P (2004) A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput Commun Rev 34(2):39–53. doi:10.1145/997150.997156 CrossRef

23.

Mirkovic J, Robinson M, Reiher P (2003) Alliance formation for DDoS defense. In: Proceedings of the 2003 workshop on New security paradigms. ACM, pp 11–18

24.

Mohammad RM, Mauro C, Ville L (2015) EyeCloud: A BotCloud detection system. In: Proceedings of the 5th IEEE International Symposium on Trust and Security in Cloud Computing (IEEE TSCloud. IEEE, Helsinki, Finland, p 2015

25.

Moore D, Shannon C, Brown DJ, Voelker GM, Savage S (2006) Inferring internet denial-of-service activity. ACM Trans Comput Syst (TOCS) 24(2):115–139CrossRef

26.

Netfilter/iptables project home page: www.netfilter.org. (2016)

27.

Networks A (2015) Worldwide infrastructure security report volume XI

28.

Osanaiye O et al (2015) IP spoofing detection for preventing DDoS attack in Cloud Computing. In: 18th International Conference on Intelligence in Next Generation Networks (ICIN). IEEE, pp 139–141

29.

Palmieri F, Ricciardi S, Fiore U (2011) Evaluating NetworkBased DoS attacks under the energy consumption perspective: new security issues in the coming green ICT area. In: BWCCA, International Conference on, pp 374–379

30.

Peng T, Leckie C, Ramamohanarao K (2007) Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv 39(1)

31.

Prolexic: http://www.prolexic.com/ (2014)

32.

Sahay R, Blanc G, Zhang Z, Debar H (2015) Towards autonomic DDoS mitigation using software defined networking. SENT 15

33.

Santanna JJ, Van Rijswijk-Deij R, Hofstede R, Sperotto A, Wierbosch M, Granville LZ, Pras A (2015) Booters—An analysis of DDoS-as-a-service attacks. In: IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, pp 243–251

34.

Sarra A, Rose G (2015) DDoS attacks in service clouds. In: 48th Hawaii International Conference on System Sciences. IEEE Computer Society

35.

Shameli-Sendi A, Pourzandi M, Fekih-Ahmed M, Cheriet M (2015) Taxonomy of distributed denial of service mitigation approaches for cloud computing. Journal of Network and Computer Applications pp –

36.

Shea R, Liu J (2012) Understanding the impact of denial of service attacks on virtual machines. In: Proceedings 20th International Workshop on Quality of Service, vol 27. IEEE Press

37.

Sides M, Bremler-Barr A, Rosensweig E (2015) Yo-yo attack: vulnerability in auto-scaling mechanism. SIGCOMM Comput Commun Rev 45(4):103–104. http://doi.acm.org/10.1145/2829988.2790017 CrossRef

38.

Somani G, Gaur MS, Sanghi D (2015) DDoS protection and security assurance in cloud. In: Guide to Security Assurance for Cloud Computing, Computer and Communications and Networks. Springer

39.

Somani G, Gaur MS, Sanghi D (2015) DDoS/EDoS attack in cloud: affecting everyone out there!. ACM, NY, USA

40.

Somani G, Gaur MS, Sanghi D, Conti M (2016) DDoS attacks in Cloud Computing: Collateral Damage to Non-targets Computer Networks

41.

Somani G, Gaur MS, Sanghi D, Conti M, Buyya R (2015) DDoS Attacks in Cloud Computing: Issues, Taxonomy, and Future Directions. arXiv:1512.08187

42.

Somani G, Johri A, Taneja M, Pyne U, Gaur MS, Sanghi D (2015) DARAC: DDoS mitigation using DDoS aware resource allocation in cloud. In: 11th International Conference, ICISS. Proceedings, Kolkata, India, pp 16–20

43.

SPAMfigpthter News: Survey - With DDoS Attacks Companies Lose around 100k/Hr. http://www.spamfighter.com/News-19554-Survey-With-DDoS-Attacks-Companies-Lose-around-100kHr.htm (2015)

44.

Tara Seals: Q1 2015 DDoS Attacks Spike, Targeting Cloud. http://www.infosecurity-magazine.com/news/q1-2015-ddos-attacks-spike/ (2015)

45.

Wang H, Jia Q, Fleck D, Powell W, Li F, Stavrou A (2014) A moving target DDoS defense mechanism. Comput Commun 46:10–21CrossRef

46.

Wang X, Chen M, Xing C (2015) SDSNM: A software-defined security networking mechanism to defend against DDoS attacks. In: Ninth International Conference on Frontier of Computer Science and Technology (FCST). IEEE, pp 115–121

47.

Xu Z, Wang H, Xu Z, Wang X (2014) Power attack: an increasing threat to data centers. In: Proceedings of NDSS, vol 14

48.

Yan Q, Yu R, Gong Q, Li J (2015) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor PP(99):1–1

49.

Yossi G, Amir H, Michael S, Michael G (2015) CDN-on-demand: an affordable DDoS defense via untrusted clouds. In: NDSS 2016

50.

Yu S, Doss R, Zhou W, Guo S (2013) A general cloud firewall framework with dynamic resource allocation. In: ICC. IEEE, pp 1941–1945

51.

Yu S, Tian Y, Guo S, Wu DO (2014) Can we beat ddos attacks in clouds?. IEEE Trans Parallel Distrib Syst 25(9):2245– 2254CrossRef

52.

Zhang Jian et al (2015) A robust and efficient detection model of DDoS attack for cloud services. In: Algorithms and Architectures for Parallel Processing. Springer International Publishing, pp 611–624

53.

Zhao S, Chen K, Zheng W (2009) Defend against denial of service attack with VMM. In: GCC’09. Eighth International Conference on Grid and Cooperative Computing. IEEE, pp 91– 96

Title: Service resizing for quick DDoS mitigation in cloud computing environment
Authors: Gaurav Somani
Manoj Singh Gaur
Dheeraj Sanghi
Mauro Conti
Rajkumar Buyya
Publication date: 01-06-2017
Publisher: Springer Paris
Published in: Annals of Telecommunications / Issue 5-6/2017
Print ISSN: 0003-4347
Electronic ISSN: 1958-9395
DOI: https://doi.org/10.1007/s12243-016-0552-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 5-6/2017

Software-defined systems support for secure cloud computing based on data classification

The three-dimensional model for dependability integration in cloud computing

IT governance and risk mitigation approach for private cloud adoption: case study of provincial healthcare provider

EACF: extensible access control framework for cloud environments

Security and management framework for an organization operating in cloud environment

Modeling network traffic for traffic matrix estimation and anomaly detection based on Bayesian network in cloud computing networks