Skip to main content

2017 | OriginalPaper | Buchkapitel

Proactive Approach for the Prevention of DDoS Attacks in Cloud Computing Environments

verfasst von : Badr Alshehry, William Allen

Erschienen in: Applied Computing and Information Technology

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Contemporary security systems attempt to provide protection against distributed denial-of-service (DDoS) attacks; however, they mostly use a variety of computing and hardware resources for load distribution and request delays. As a result, ordinary users and website visitors experience timeouts, captchas, and low-speed connections. In this paper, we propose a highly inventive multilayer system for protection against DDoS in the cloud that utilizes Threat Intelligence techniques and a proactive approach to detect traffic behavior anomalies. The first layer of the model analyzes the source IP address in the header of incoming traffic packets and the second layer analyzes the speed of requests and calculates the threshold of the attack speed. If an attack remains undetected, the incoming traffic packets are analyzed against the behavior patterns in the third layer. The fourth layer reduces the traffic load by dispatching the traffic to the proxy, if required, and the fifth layer establishes the need for port hopping between the proxy and the target website if the attack targets a specific web-application. A series of experiments were performed and the results demonstrate that this multilayer approach can detect and mitigate DDoS attacks from a variety of known and unknown sources.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Akamai, State of the Internet Report (2015). Akamai, State of the Internet Report (2015).
2.
Zurück zum Zitat Wang, A., Mohaisen, A., Chang, W., Chen, S.: Delving into internet DDoS attacks by botnets: characterization and analysis. In: 45th Annual IEEE/IFIP International Conference Dependable Systems and Networks (DSN), 379–390 (2015). Wang, A., Mohaisen, A., Chang, W., Chen, S.: Delving into internet DDoS attacks by botnets: characterization and analysis. In: 45th Annual IEEE/IFIP International Conference Dependable Systems and Networks (DSN), 379–390 (2015).
3.
Zurück zum Zitat Arbor Networks. Worldwide Infrastructure Security Report, DDoS Threat Landscape. APNIC Conference (2016). Arbor Networks. Worldwide Infrastructure Security Report, DDoS Threat Landscape. APNIC Conference (2016).
4.
Zurück zum Zitat Riverhead Networks. DDoS Mitigation: Maintaining Business Continuity in the Face of Malicious Attacks, Cupertino: Riverhead, Cisco (2004). Riverhead Networks. DDoS Mitigation: Maintaining Business Continuity in the Face of Malicious Attacks, Cupertino: Riverhead, Cisco (2004).
5.
Zurück zum Zitat Friedman, J., Bouchard, M.: Definitive Guide to Cyber Threat Intelligence, CyberEdge Press (2015). Friedman, J., Bouchard, M.: Definitive Guide to Cyber Threat Intelligence, CyberEdge Press (2015).
6.
Zurück zum Zitat Cyber threat intelligence - how to get ahead of cybercrime, Ernst & Young Global Limited (2014). Cyber threat intelligence - how to get ahead of cybercrime, Ernst & Young Global Limited (2014).
7.
Zurück zum Zitat Chismon, D., Ruks, M.: Threat Intelligence: Collecting, Analysing, Evaluating. MWR InfoSecurity Ltd (2015). Chismon, D., Ruks, M.: Threat Intelligence: Collecting, Analysing, Evaluating. MWR InfoSecurity Ltd (2015).
8.
Zurück zum Zitat Farnham, G., Leune, K.: Tools and standards for cyber threat intelligence projects, SANS Institute (2013). Farnham, G., Leune, K.: Tools and standards for cyber threat intelligence projects, SANS Institute (2013).
9.
Zurück zum Zitat McMillan, R.: Definition: Threat Intelligence. Gartner, 2013. McMillan, R.: Definition: Threat Intelligence. Gartner, 2013.
10.
Zurück zum Zitat Cho, J.H., Shin, J.Y., Lee, H., Kim, J.M., Lee, G.: DDoS Prevention System Using Multi-Filtering Method (2015). Cho, J.H., Shin, J.Y., Lee, H., Kim, J.M., Lee, G.: DDoS Prevention System Using Multi-Filtering Method (2015).
11.
Zurück zum Zitat Graham, M., Winckles, A., Sanchez-Velazquez, E.: Botnet detection within cloud service provider networks using flow protocols. In: IEEE 13th International Conference on Industrial Informatics (INDIN), 1614–1619 (2015). Graham, M., Winckles, A., Sanchez-Velazquez, E.: Botnet detection within cloud service provider networks using flow protocols. In: IEEE 13th International Conference on Industrial Informatics (INDIN), 1614–1619 (2015).
12.
Zurück zum Zitat Karim, A., Salleh, R.B., Shiraz, M., Shah, S.A.A., Awan, I., Anuar, N.B.: Botnet detection techniques: review, future trends, and issues. Journal of Zhejiang University SCIENCE C 15, 943–983 (2014). Karim, A., Salleh, R.B., Shiraz, M., Shah, S.A.A., Awan, I., Anuar, N.B.: Botnet detection techniques: review, future trends, and issues. Journal of Zhejiang University SCIENCE C 15, 943–983 (2014).
13.
Zurück zum Zitat Mansfield-Devine, S.: The evolution of DDoS. Computer Fraud & Security 2014, 15–20 (2014). Mansfield-Devine, S.: The evolution of DDoS. Computer Fraud & Security 2014, 15–20 (2014).
14.
Zurück zum Zitat Deshmukh, R.V., Devadkar, K.K.: Understanding DDoS Attack & its Effect in Cloud Environment. Procedia Computer Science 49, 202–210 (2015). Deshmukh, R.V., Devadkar, K.K.: Understanding DDoS Attack & its Effect in Cloud Environment. Procedia Computer Science 49, 202–210 (2015).
15.
Zurück zum Zitat Xiao, P., Qu, W., Qi, H., Li, Z.: Detecting DDoS attacks against data center with correlation analysis. Computer Communications 67, 66–74 (2015). Xiao, P., Qu, W., Qi, H., Li, Z.: Detecting DDoS attacks against data center with correlation analysis. Computer Communications 67, 66–74 (2015).
16.
Zurück zum Zitat Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172, 385–393 (2016). Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172, 385–393 (2016).
18.
Zurück zum Zitat Saurabh, S., Sairam, A.S.: Increasing Accuracy and Reliability of IP Traceback for DDoS Attack Using Completion Condition. Int. J. Network Security 18, 224–234 (2016). Saurabh, S., Sairam, A.S.: Increasing Accuracy and Reliability of IP Traceback for DDoS Attack Using Completion Condition. Int. J. Network Security 18, 224–234 (2016).
19.
Zurück zum Zitat Li, J., Sung, M., Xu, J., Li, L.: Large-scale IP traceback in high-speed Internet: Practical techniques and theoretical foundation. In: Proceedings of the IEEE Symposium on Security and Privacy, 2004. 115–129 (2004). Li, J., Sung, M., Xu, J., Li, L.: Large-scale IP traceback in high-speed Internet: Practical techniques and theoretical foundation. In: Proceedings of the IEEE Symposium on Security and Privacy, 2004. 115–129 (2004).
20.
Zurück zum Zitat Gong, C., Sarac, K.: IP traceback based on packet marking and logging. In: IEEE Conference on Communications (ICC). 2, 1043–1047 (2005). Gong, C., Sarac, K.: IP traceback based on packet marking and logging. In: IEEE Conference on Communications (ICC). 2, 1043–1047 (2005).
21.
Zurück zum Zitat Foroushani, V.A., Zincir-Heywood, A.N.: Deterministic and authenticated flow marking for IP traceback. In: IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), 397–404 (2013). Foroushani, V.A., Zincir-Heywood, A.N.: Deterministic and authenticated flow marking for IP traceback. In: IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), 397–404 (2013).
22.
Zurück zum Zitat Yan, D., Wang, Y., Su, S., Yang, F.: A precise and practical IP traceback technique based on packet marking and logging. J. Inf. Sci. Eng. 28, 453–470 (2012). Yan, D., Wang, Y., Su, S., Yang, F.: A precise and practical IP traceback technique based on packet marking and logging. J. Inf. Sci. Eng. 28, 453–470 (2012).
23.
Zurück zum Zitat Aghaei-Foroushani, V., Zincir-Heywood, A.N.: On evaluating IP traceback schemes: a practical perspective. In IEEE Security and Privacy Workshops (SPW), 127–134 (2013). Aghaei-Foroushani, V., Zincir-Heywood, A.N.: On evaluating IP traceback schemes: a practical perspective. In IEEE Security and Privacy Workshops (SPW), 127–134 (2013).
24.
Zurück zum Zitat Sung, M., Xu, J. IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. IEEE Trans. Parallel Distrib. Syst. 14, 861–872 (2003). Sung, M., Xu, J. IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. IEEE Trans. Parallel Distrib. Syst. 14, 861–872 (2003).
25.
Zurück zum Zitat Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In INFOCOM 2001. Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE Proceedings 1, 338–347 (2001). Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In INFOCOM 2001. Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE Proceedings 1, 338–347 (2001).
26.
Zurück zum Zitat Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: INFOCOM 2001. Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE Proceedings, 2, 878–886 (2001). Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: INFOCOM 2001. Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE Proceedings, 2, 878–886 (2001).
27.
Zurück zum Zitat Parashar, A. Radhakrishnan, R.: Improved deterministic packet marking algorithm for IPv6 traceback,. In: International Conference on Electronics and Communication Systems (ICECS), 1–4 (2014). Parashar, A. Radhakrishnan, R.: Improved deterministic packet marking algorithm for IPv6 traceback,. In: International Conference on Electronics and Communication Systems (ICECS), 1–4 (2014).
28.
Zurück zum Zitat Amin, S.O., Hong, C.S.: On IPv6 Traceback. In: The 8th International Conference on Advanced Communication Technology, ICACT 2006. 3, 2139–2143 (2006). Amin, S.O., Hong, C.S.: On IPv6 Traceback. In: The 8th International Conference on Advanced Communication Technology, ICACT 2006. 3, 2139–2143 (2006).
29.
Zurück zum Zitat Amin, S.O., Kang, M.S., Hong, C.S.: A lightweight IP traceback mechanism on IPv6. In: Emerging Directions in Embedded and Ubiquitous Computing, Amin, S.O., Kang, M.S., Hong, S.C. (Eds.) Springer, Berlin Heidelberg (2006). Amin, S.O., Kang, M.S., Hong, C.S.: A lightweight IP traceback mechanism on IPv6. In: Emerging Directions in Embedded and Ubiquitous Computing, Amin, S.O., Kang, M.S., Hong, S.C. (Eds.) Springer, Berlin Heidelberg (2006).
30.
Zurück zum Zitat Kim, R.H., Jang, J.H., Youm, H.Y.: An Efficient IP Traceback mechanism for the NGN based on IPv6 Protocol, IITA’09 (2009). Kim, R.H., Jang, J.H., Youm, H.Y.: An Efficient IP Traceback mechanism for the NGN based on IPv6 Protocol, IITA’09 (2009).
31.
Zurück zum Zitat Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: ACM SIGCOMM Computer Communication Review, 30, 295–306 (2000). Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: ACM SIGCOMM Computer Communication Review, 30, 295–306 (2000).
32.
Zurück zum Zitat Shi, F.: U.S. Patent No. 8,434,140. Washington, DC: U.S. Patent and Trademark Office (2013). Shi, F.: U.S. Patent No. 8,434,140. Washington, DC: U.S. Patent and Trademark Office (2013).
33.
Zurück zum Zitat Morris, C.C, Burch, L.L., Robinson, D.T.: U.S. Patent No. 8,301,789. Washington, DC: U.S. Patent and Trademark Office (2012). Morris, C.C, Burch, L.L., Robinson, D.T.: U.S. Patent No. 8,301,789. Washington, DC: U.S. Patent and Trademark Office (2012).
Metadaten
Titel
Proactive Approach for the Prevention of DDoS Attacks in Cloud Computing Environments
verfasst von
Badr Alshehry
William Allen
Copyright-Jahr
2017
DOI
https://doi.org/10.1007/978-3-319-51472-7_9