Identification and Avoidance of DDoS Attack for Secured Data Communication in Cloud
Keywords:
Cloud computing, Distributed denial-of-service attack detection and avoidance, multiple Intrusion Prevention System (IPS)Abstract
Distributed Denial of Service(DDoS) attack in a client server environment would collapse the entire system, but as far as cloud is concern it is not that effective but still it will try to disturb the regular activity of the system. We deploy multiple Intrusion Prevention System (IPS) to monitor the activity of the users and filters the request based on the behavior and forwards to the corresponding servers through cloud server. Every server would have allocated certain space in cloud server. IPS monitors the activity of the users to avoid DDoS attacks. This system ensures the detection and avoidance of DDoS attack in the cloud server. Few DDoS attacks are listed and monitored. The behavior patterns are 1.Continuous and same request from single user in a point of time,2.Different query from the same user within a period of time,3.Different queries from different users but from same IP, 4. Request of huge sized file beyond the permitted. Based on these patterns user behaviour is monitored therefore DDoS attack is avoided in cloud.
References
[1] J. Francois, I. Aib, and R. Boutaba, ‘‘Firecol, a Collaborative Protection Network for the Detection of Flooding ddos Attacks,’’IEEE/ACM Trans. Netw., vol. 20, no. 6, pp. 168-1641, Dec. 2012.
[2] C. Peng, M. Kim, Z. Zhang, and H. Lei, ‘‘Vdn:
Virtual Machine Image Distribution Network for Cloud Data Centers,’’ in
Proc.INFOCOM, 2012, pp. 161-169.
[3] S. Subashini and V. Kavitha, ‘‘A Survey on
Security Issues in Service Delivery Models of Cloud Computing,’’ J. Netw.
Comput.Appl., vol. 34, no. 1, pp. 1-11, Jan. 2011.
[4] G. Carl et al., “Denial-of-service attack-detection
techniques,†IEEE Internet Comput., vol. 10, no. 1, pp. 82–89, Jan./Feb. 2006.
[5] T. Peng, C. Leckie, and K. Ramamohanarao,
‘‘Survey of Network-Based Defense Mechanisms Countering the dos and ddos
Problems,’’ ACM Comput. Surv., vol. 39, no. 1, pp. 1-3, 2007.
[6] M.A. Rajab, J. Zarfoss, F. Monrose, and A.
Terzis, ‘‘My Botnetis Bigger Than Yours (Maybe, Better Than Yours): Why Size
Estimates Remain Challenging,’’ in Proc. 1st Conf. HotBots, 2007, p. 5.
[7] D.K.Y. Yau, J.C.S. Lui, F. Liang, and Y. Yam,
‘‘DefendingAgainst Distributed Denial-of-Service Attacks with Max-Min Fair
Server- Centric Router Throttles,’’ IEEE/ACM Trans. Netw., vol. 13, no. 1, pp.
29-42, Feb. 2005.
[8] D. Moore, C. Shannon, D.J. Brown, G.M.
Voelker, and S. Savage, ‘‘Inferring Internet Denial-of-Service Activity,’’ ACM
Trans. Comput. Syst., vol. 20, no. 2, pp. 115-139, May 2006.
[9] S. Ros, F. Cheng, and C. Meinel, “Intrusion
Detection in the Cloud,†2009 Eighth IEEE International Conference on
Dependable, Autonomic and Secure Computing, pp. 729–734, Dec. 2009.
[10] “Detecting Application Denial-of-Service
Attacks: A Group-Testing-Based Approach.†Ying Xuan Dept. of Comput. & Inf.
Sci. & Eng., Univ. of Florida, Gainesville, FL, USA Incheol Shin ; Thai,
M.T. ; Znati, T.
[11] U. Tupakula, V. Varadharajan, and N. Akku,
“Intrusion Detection Techniques for Infrastructure as a Service Cloud,†2011
IEEE Ninth International Conference on Dependable, Autonomic and Secure
Computing, pp. 744–751, Dec. 2011.
[12] J. Idziorek, M. Tannian, and D. Jacobson,
‘‘Insecurity of Cloud Utility Models,’’ IT Prof., vol. 15, no. 2, pp. 18-23,
Mar./Apr. 2012.
[13] S. L. and Z. L. and X. C. and Z. Y. and J.
Chen, S. Luo, Z. Lin, X. Chen, Z. Yang, and J. Chen, “Virtualization security
for cloud computing service,†in International Conference on Cloud and Service
Computing (CSC), 2011, pp. 174–179.
[14] Q. Wang, K. Ren, and X. Meng, ‘‘When Cloud
Meets Ebay: Towards Effective Pricing for Cloud Computing,’’ in Proc.INFOCOM,
Mar. 2012, pp. 936-944.
[15] A. Shevtekar, K. Anantharam, and N. Ansari,
“Low rate TCP Denial-of-Service attack detection at edge routers,†IEEE Commun.
Lett.,vol. 9, no. 4, pp. 363–365, Apr. 2005.
[16] Y. Chen, K. Hwang, and W.-S. Ku,
“Collaborative detection of DDoSattacks over multiple network domains,†IEEE
Trans. Parallel Distrib.Syst., vol. 16, no. 12, pp. 1649–1662, Dec. 2007.S. Yu
and W. Zhou, “Entropy-Based collaborative detection of DDoSattacks on community
networks,†in Proc. 6th IEEE Int. Conf. PervasiveComputing and Communications
(PerCom 2008), 2008, pp.566–571.
[17] R.Wartel, T.Cass, B.Moreira, E. Roche, M.
Guijarro, S.Goasguen, and U.Schwickerath, ‘‘Image Distribution Mechanisms in
Large Scale Cloud Providers,inProc.CloudCom, 2010, pp.112 117.
[18] J. Zhu, Z. Jiang, and Z. Xiao, ‘‘Twinkle: A
Fast Resource Provisioning Mechanism for Internet Services,’’ in Proc. INFOCOM,
2011, pp. 802-810.
[19] H. Khazaei, J.V. Misic, and V.B. Misic,
‘‘Performance Analysis of Cloud Computing Centers using m/g/m/m+r Queuing
Systems,’’ IEEE Trans. Parallel Distrib. Syst., vol. 19, no. 5, pp. 936-943,
May 2012.
[20] H. Khazaei, J.V. Misic, V.B.Misic, and S.
Rashwand, ‘‘Analysis of a Pool Management Scheme for Cloud Computing Centers,’’
IEEE Trans.Parallel
Distrib. Syst.,vol.20, no.5, pp. 849-861,May 2013.
[21] H. Sun, J. C. S. Lui, and D. K. Y. Yau,
“Defending against low-rate TCP attacks: Dynamic detection and protection,†in
Proc. IEEE Int.Conf. Network Protocols (ICNP 2004), 2004, pp. 196–205.
[22] H. Sun, J. C. S. Lui, and D. K. Y. Yau,
“Defending against low-rate TCP attacks: Dynamic detection and protection,†in
Proc. IEEE Int.Conf. Network Protocols (ICNP 2004), 2004, pp. 196–205.
[23] Dagon, C. Zou, and W. Lee, ‘‘Modeling Botnet
Propagation using Time Zones,’’ in Proc. 13th NDSS, 2006, pp. 1-16.
Downloads
Published
Issue
Section
License
Copyright (c) IJSRSET
This work is licensed under a Creative Commons Attribution 4.0 International License.