nach oben

Neural Computing and Applications

Erschienen in:

13.04.2016 | Review

Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment

verfasst von: B. B. Gupta, Omkar P. Badve

Erschienen in: Neural Computing and Applications | Ausgabe 12/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

As Cloud computing is reforming the infrastructure of IT industries, it has become one of the critical security concerns of the defensive mechanisms applied to secure Cloud environment. Even if there are tremendous advancements in defense systems regarding the confidentiality, authentication and access control, there is still a challenge to provide security against availability of associated resources. Denial-of-service (DoS) attack and distributed denial-of-service (DDoS) attack can primarily compromise availability of the system services and can be easily started by using various tools, leading to financial damage or affecting the reputation. These attacks are very difficult to detect and filter, since packets that cause the attack are very much similar to legitimate traffic. DoS attack is considered as the biggest threat to IT industry, and intensity, size and frequency of the attack are observed to be increasing every year. Therefore, there is a need for stronger and universal method to impede these attacks. In this paper, we present an overview of DoS attack and distributed DoS attack that can be carried out in Cloud environment and possible defensive mechanisms, tools and devices. In addition, we discuss many open issues and challenges in defending Cloud environment against DoS attack. This provides better understanding of the DDoS attack problem in Cloud computing environment, current solution space, and future research scope to deal with such attacks efficiently.

Vorheriger Artikel Fighting against phishing attacks: state of the art and future challenges

Nächster Artikel A hybrid goal programming and dynamic data envelopment analysis framework for sustainable supplier evaluation

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Mathew Prince (2013) The DDoS That Knoked Spamhaus Offline (And How We Mitigated It). CloudFlare Blog [Online] Available from: http://blog.Cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho/. Accessed on Sept 2014

Bhuyan MH et al (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surveys Tutor 16(1):303–336CrossRef

Qi Chen, et al. (2011) CBF: a packet filtering method for DDoS attack defence in cloud environment. In: Ninth international conference on dependable, autonomic and secure computing, p. 427–434

Chonka Ashley, Singh Jaipal, Zhou Wanlei (2009) Chaos theory based detection against network mimicking DDoS attacks. Commun Lett IEEE 13(9):717–719CrossRef

Chen Yonghong, Ma Xinlei, Xinya Wu (2013) DDoS detection algorithm based on preprocessing network traffic predicted method and chaos theory. Commun Lett IEEE 17(5):1052–1054CrossRef

Tsallis C (1988) Possible generalization of Boltzmann-Gibbs statistics. J Stat Phys 52(1–2):479–487MathSciNetCrossRefMATH

Ma Xinlei, Chen Yonghong (2014) DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun Lett 18(1):114–117CrossRef

Wu Xinya, Chen Yonghong (2013) Validation of chaos hypothesis in NADA and improved DDoS detection algorithm. Commun Lett IEEE 17(12):2396–2399MathSciNetCrossRef

Kim Y, Lau WC, Chuah MC, Chao HJ (2006) PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans Dependable Secur Comput 3(2):141–155CrossRef

10.

Chonka A et al (2008) Detecting and tracing DDoS attacks by intelligent decision prototype. Pervasive computing and communications, 2008, Sixth annual IEEE international conference on

11.

Savage S, Wetherall D, Karlin A, Anderson T (2001) Practical network support for IP traceback. SIGCOMM’00, Stockholm, Sweden, 2000

12.

Belenky A, Ansari N (2003) Tracing multiple attackers with deterministic packet marking (DPM). In: Proceedings of IEEE Pacific rim conference on communications, computers and signal processing, 2003, PACRIM, vol. 1, p. 49–52

13.

Chonka A, Wanlei Z, Yang X (2008) Protecting web services with service oriented traceback architecture. Computer and information technology, 2008, CIT 2008, 8th IEEE international conference on, 2008

14.

Chonka et al (2010) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34(4):1097–1107 (Elsevier) CrossRef

15.

Ko R, Lee SSG (2013) Cloud computing vulnerability incidents: a statistical overview [Online] Available from: https://downloads.Cloudsecurityalliance.org/initiatives/cvwg/CSA_Whitepaper_Cloud_Computing_Vulnerability_Incidents.zip. Accessed on Sept 2014

16.

Arbor Networks, Inc (2014) Worldwide infrastructure security report volume IX [Online]. Available from: http://pages.arbornetworks.com/rs/arbor/images/WISR2014.pdf [Accessed on Sept. 2014]

17.

Incapsula Inc. (2014) 2013–2014 DoS threat landscape report [Online]. Available from: http://www.incapsula.com/blog/ddos-threat-landscape-report-2014.html. Accessed on Sept 2014

18.

Mell P, Grance T (2011) The NIST definition of cloud computing (Draft), special publication 800-145 (Draft). National Institute of Standards and Technology, Gaithersburg

19.

Google App Engine, Google Inc., http://Cloud.google.com/appengine. Accessed on Sept 2014

20.

Azure: Microsoft’s Cloud Platform, Microsoft Corporation, http://azure.microsoft.com/en-us/. Accessed on Sept 2014

21.

Amazon Elastic Compute Cloud (Amazon EC2), Amazon, http://aws.amazon.com/ec2/, Amazon. Accessed on Sept 2014

22.

IBM Cloud Computing, IBM, http://www.ibm.com/Cloud-computing/in/en/. Accessed on Sept 2014

23.

Amazon VPC, Amazon, http://aws.amazon.com/vpc/. Accessed on Sept 2014

24.

Subashini Subashini, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11CrossRef

25.

Gartner: Seven Cloud Computing Security Risks, Networkworld, http://www.networkworld.com/article/2281535/data-center/gartner–seven-Cloud-computing-security-risks.html. Accessed on Sept 2014

26.

Fernandes DAB et al (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13(2):113–170CrossRef

27.

Behl A (2011) Emerging security challenges in cloud computing: an insight to cloud security challenges and their mitigation. In: Information and communication technologies (WICT), 2011 world congress on, p. 217–222, 2011

28.

Sharma Juhi et al (2012) Cloud security challenges. Int J Comput Sci Inf Technol (IJCSIT) 3(3):4514–4515

29.

Salah K, Calero JA (2013) Using Cloud computing to implement a security overlay network. IEEE Secur Privacy 11(1):44–53

30.

Sabahi F (2011) Cloud computing security threats and responses. In: Communication software and networks (ICCSN), 2011 IEEE 3rd international conference on. IEEE, 2011

31.

Liu, H (2010) A new form of DOS attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM workshop on cloud computing security workshop, ACM, 2010

32.

Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack-detection techniques. IEEE Trans Intern Comput 10(1):82–89CrossRef

33.

Hackers break into server for Obamacare website: U.S. officials, Reuters, 2014 http://www.reuters.com/article/2014/09/04/us-usa-healthcare-cybersecurity-idUSKBN0GZ2RF20140904. Accessed on Sept 2014

34.

CERT Advisory, CA-1996-01, Carnegie Mellon University, 2014, http://www.cert.org/historical/advisories/CA-1996-01.cfm. Accessed on Sept 2014

35.

DDoS Attack Types and Mitigation Methods, IncapsulaInc, 2014, http://www.incapsula.com/ddos/ddos-attacks/. Accessed on Sept 2014

36.

DoS Attacks and Free DoS Attacking Tools, Infosec Institute, 2014, http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/. Accessed on Sept 2014

37.

CERT Advisory CA-1997-28, Carnegie Mellon University, 2014, http://www.cert.org/historical/advisories/ca-1997-28.cfm. Accessed on Sept 2014

38.

CERT Advisory CA-1996-21, Carnegie Mellon University, 2014 http://www.cert.org/historical/advisories/ca-1996-21.cfm. Accessed on Sept 2014

39.

The NSL-KDD Dataset, http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html. Accessed 18 Mar 2016

40.

Bujlow T, Carela-Español V, Barlet-Ros P (2014) Extended independent comparison of popular deep packet inspection (DPI) Tools for Traffic Classification, [Online]. Available from: http://vbn.aau.dk/files/179043085/TBU_Extended_dpi_report.pdf

41.

Pepitone J (2014) Hackers mount denial-of-service attack with computer clock tool, NBC News, [Online] Available From: http://www.nbcnews.com/tech/security/hackers-mount-denial-service-attack-computer-clock-tool-n27646. Accessed on Sept 2014

42.

Dittrich D (1999) The DoS project’s “trinoo” distributed denial of service attack tool, http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt. Accessed on Sept 2014

43.

Houle K, Dougherty C (2000) Mstream, Incident Notes, IN-2000-05, Carnegie Mellon University http://www.cert.org/historical/incident_notes/IN-2000-05.cfm. Accessed on Sept. 2014

44.

LOIC, Sourceforge.net, 2014, http://sourceforge.net/projects/loic/. Accessed on Sept 2014

45.

XOIC, Sourceforge.net, 2014, http://sourceforge.net/projects/xoic/. Accessed on Sept 2014

46.

Zargar ST, Joshi J, Tipper D (2013) A survey of defence mechanisms against distributed denial of service (DDoS) flooding attacks. Commun Surveys Tutor IEEE 15(4):2046–2069CrossRef

47.

Ferguson P, Senie D (2000) Network ingress filtering: defeating denial of service attacks that employ IP source address spoofing, Internet RFC 2827, 2000

48.

Mirkovic J, Prier G, Reiher P (2002) Attacking DDoS at the source. In: Proceedings of the 10th IEEE international conference on network protocols (ICNP’02), Washington DC, USA, 2002

49.

Gil TM, Poletto M (2001) MULTOPS: a data-structure for bandwidth attack detection. In: USENIX security symposium, 2001

50.

Abdelsayed S, Glimsholt D, Leckie C, Ryan S, Shami S (2003) An efficient filter for denial-of-service bandwidth attacks. In: Proceedings of the 46th IEEE global telecommunications conference (GLOBECOM03), p. 1353–1357, 2003

51.

Mananet, Reverse Firewall, [online] Available from: http://www.cs3–inc.com/pubs/ReverseFireWall.pdf. Accessed on Sept 2014

52.

John A, Sivakumar T (2009) DDoS: survey of traceback methods. In: International journal of recent trends in engineering ACEEE (association of computer electronics and electrical engineers), vol. 1, no. 2, May 2009

53.

Cabrera JD et al (2001) Proactive detection of distributed denial of service attacks using MIB traffic variables a feasibility study. In: Integrated network management proceedings, p. 609–622, 2001

54.

Abliz M (2011) Internet denial of service attacks and defence mechanisms. University of Pittsburgh, Department of Computer Science, Technical Report, TR-11-178, March 2011

55.

Kim Y, Lau WC, Chuah MC, Chao HJ (2006) “PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans Depend Secure Comput 3(2):141–155CrossRef

56.

Chan EYK et al (2006) Intrusion detection routers: design, implementation and evaluation using an experimental testbed. IEEE J Sel Areas Commun 24(10):1889–1900CrossRef

57.

Mirkovic J, Reiher P, Robinson M (2003) Forming alliance for DDoS defence. In: Proceeding of new security paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, 2003

58.

Sung Minho, Jun Xu (2013) IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. Parallel Distrib Syst IEEE Trans 14(9):861–872CrossRef

59.

KDD CUP 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed on Sept 2014

60.

DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html. Accessed on Sept 2014

61.

Cloud Intrusion Detection Dataset, http://www.di.unipi.it/~hkholidy/projects/cidd/index.html. Accessed on Dec 2014

62.

DEFCON, The Shmoo group http://cctf.shmoo.com/. Accessed on Sept 2014

63.

CAIDA Data, Center for applied internet and data analysis, http://www.caida.org/data/. Accessed on Sept 2014

64.

LBNL/ICSI Enterprise tracing project, http://www.icir.org/enterprise-tracing/. Accessed on Sept 2014

65.

UNIBS: Data Sharing http://www.ing.unibs.it/ntw/tools/traces/. Accessed on Sept 2014

66.

ISCX-UNB, Datasets- Information Security Center for eXcellence, http://www.iscx.ca/datasets. Accessed on Sept 2014

67.

Manpage of TCPDUMP, http://www.tcpdump.org/tcpdump_man.html. Accessed on Sept 2014

68.

Wireshark- Go Deep, https://www.wireshark.org/. Accessed on Sept 2014

69.

Firewall Log and Rule Analysis, Security audit, change management—firewall analyzer, ManageEngine 2014, http://www.manageengine.com/products/firewall/. Accessed on Sept 2014

70.

SNMP Network Monitoring Tool, SpiceWorks, 2014, http://www.spiceworks.com/it-articles/snmp-network-monitoring/. Accessed on Sept 2014

71.

Bandwidth Reporting:: NetFlowAnalyzer, ManageEngine 2014, http://www.manageengine.com/products/netflow/. Accessed on Sept 2014

72.

Network Monitoring Software, Network Performance Management, Paessler AG, http://www.paessler.com/. Accessed on Sept 2014

73.

Network Monitoring Software, SolarWinds, 2014, http://www.solarwinds.com/network-performance-monitor.aspx. Accessed on Sept 2014

74.

Network Performance Management Software, ManageEngine, 2014, http://www.manageengine.com/network-performance-management.html. Accessed on Sept 2014

75.

Weber RH, Weber R (2010) Internet of things legal perspectives. Springer, Berlin HeidelbergCrossRef

76.

Krutz RL, Vines RD (2010) Cloud security: a comprehensive guide to secure cloud computing. Wiley Publishing, Hoboken

77.

Chen D, Zhao H (2012) Data security and privacy protection issues in cloud computing. In: Computer science and electronics engineering (ICCSEE), 2012 international conference on, IEEE, Hangzhou, vol. 1, p. 647–651, 2012

78.

Hwang K, Dongarra J, Fox GC (2013) Distributed and cloud computing: from parallel processing to the internet of things, Morgan Kaufmann, 2013

79.

Hwang K, Kulkareni S, Hu Y (2009) Cloud security with virtualized defense and reputation-based trust management. In: Dependable, autonomic and secure computing, 2009. DASC ‘09. Eighth IEEE international conference on, Chengdu, p. 717–722

80.

Marchette DJ (2013) Computer intrusion detection and network monitoring: a statistical viewpoint. Springer Science & Business Media, BerlinMATH

81.

Enrico C et al (2013) Slow DoS attacks: definition and categorisation. Int J Trust Manage Comput Commun 1:300–319

82.

Singh J, Grewal V (2015) A survey of different strategies to pacify ARP poisoning attacks in wireless networks. Int J Comput Appl 11:25–28

83.

Lau F, Rubin SH, Smith MH, Trajkovic L (2000) Distributed denial of service attacks. In: Systems, man, and cybernetics, 2000 IEEE international conference on, Nashville, TN, p. 2275–2280 vol. 3, 2000

84.

Gupta BB, Joshi RC, Misra M (2010) Distributed denial of service prevention techniques. Int J Comput Electr Eng 2(2):1793–8163

85.

Badve OP, Gupta BB et al (2015) DDoS detection and filtering technique in cloud environment using GARCH model. In: The proceedings of IEEE GCCE-2015, p. 584–586, Osaka, Japan, 2015

86.

Chhabra Meghna, Gupta BB (2014) An efficient scheme to prevent DDoS flooding attacks in mobile ad-hoc network (MANET). Res J Appl Sci Eng Technol 7(10):2033–2039

87.

Alomari E, Manickam S, Gupta BB, Singh P, Anbar M (2014) Design, deployment and use of HTTP-based Botnet (HBB) Testbed. In proceedings of 16th IEEE international conference on advanced communication technology (ICACT), pp. 1265–1269, South Korea, 2014

88.

Negi P, Mishra A, Gupta BB (2013) Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv, p. 1304.7073, 2013

89.

Chhabra M, Gupta BB, Almomani A (2013) A novel solution to handle DDOS attack in MANET. J Inf Secur. 4(3):165–179

90.

Agrawal PK, Gupta BB, Jain S (2011) SVM based scheme for predicting number of zombies in a DDoS attack. 2011 European intelligence and security informatics conference (EISIC), p. 178–182, Greece, 2011

91.

Missbach M, Staerk T, Gardiner C, McCloud J, Madl R, Tempes M, Anderson G (2016) Securing SAP on the Cloud. In SAP on the Cloud, Springer, Berlin Heidelberg, pp. 75–120

92.

Ficco M, Massimiliano R (2016) Economic denial of sustainability mitigation in cloud computing. In: Organizational innovation and change, Springer, Berlin p. 229–238

Titel: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment
verfasst von: B. B. Gupta
Omkar P. Badve
Publikationsdatum: 13.04.2016
Verlag: Springer London
Erschienen in: Neural Computing and Applications / Ausgabe 12/2017
Print ISSN: 0941-0643
Elektronische ISSN: 1433-3058
DOI: https://doi.org/10.1007/s00521-016-2317-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 12/2017

Heat and mass transfer analysis for MHD flow of nanofluid inconvergent/divergent channels with stretchable walls using Buongiorno’s model

Global adaptive neural tracking control of nonlinear MIMO systems

Discrete-time sliding mode neuro-adaptive controller for SCARA robot arm

Moving object recognition using multi-view three-dimensional convolutional neural networks

Probabilistic electricity price forecasting by improved clonal selection algorithm and wavelet preprocessing

High-order fuzzy-neuro-entropy integration-based expert system for time series forecasting