Service resizing for quick DDoS mitigation in cloud computing environment
نویسندگان
چکیده
Current trends in distributed denial of service (DDoS) attacks show variations in terms of attack motivation, planning, infrastructure, and scale. “DDoS-for-Hire” and “DDoS mitigation as a Service” are the two services, which are available to attackers and victims, respectively. In this work, we provide a fundamental difference between a “regular” DDoS attack and an “extreme” DDoS attack. We conduct DDoS attacks on cloud services, where having the same attack features, two different services show completely different consequences, due to the difference in the resource utilization per request. We study various aspects of these attacks and find out that the DDoS mitigation service’s performance is dependent on two factors. Gaurav Somani [email protected] Manoj Singh Gaur [email protected] Dheeraj Sanghi [email protected] Mauro Conti [email protected] Rajkumar Buyya [email protected] 1 Central University of Rajasthan, Rajasthan, India 2 Malaviya National Institute of Technology, Rajasthan, India 3 Indian Institute of Technology, Kanpur, India 4 University of Padua, Padua, Italy 5 The University of Melbourne, Parkville, Australia One factor is related to the severity of the “resource-race” with the victim web-service. Second factor is “attack cooling down period” which is the time taken to bring the service availability post detection of the attack. Utilizing these two important factors, we propose a supporting framework for the DDoS mitigation services, by assisting in reducing the attack mitigation time and the overall downtime. This novel framework comprises of an affinity-based victim-service resizing algorithm to provide performance isolation, and a TCP tuning technique to quickly free the attack connections, hence minimizing the attack cooling down period. We evaluate the proposed novel techniques with real attack instances and compare various attack metrics. Results show a significant improvement to the performance of DDoS mitigation service, providing quick attack mitigation. The presence of proposed DDoS mitigation support framework demonstrated a major reduction of more than 50% in the service downtime.
منابع مشابه
RESCUE: Reputation based Service for Cloud User Environment
Exceptional characteristics of Cloud computing has replaced all traditional computing. With reduced resource management and without in-advance investment, it has been victorious in making the IT world to migrate towards it. Microsoft announced its office package as Cloud, which can prevent people moving from Windows to Linux. As this drift is escalating in an exponential rate, the cloud environ...
متن کاملDDoS Attacks, Detection Parameters and Mitigation in Cloud Environment
Cloud computing refers to providing on demand services and computing resources via Internet. The cloud environment has many security challenges among which DDoS attcks have maximum priority. Within Cloud Security issues being dominant for the private enterprises, the denial of service attacks are rated as the highest priority threat. This paper presents a review of DDoS attacks and parameters t...
متن کاملAn Enhanced Entropy Approach to Detect and Prevent DDoS in Cloud Environment
Distributed Denial of Service (DDoS) attack launched in Cloud computing environment resulted in loss of sensitive information, Data corruption and even rarely lead to service shutdown. Entropy based DDoS mitigation approach analyzes the heuristic data and acts dynamically according to the traffic behavior to effectively segregate the characteristics of incoming traffic. Heuristic data helps in ...
متن کاملEnhanced Mechanism to Detect and Mitigate Economic Denial of Sustainability (EDoS) Attack in Cloud Computing Environments
Cloud computing (CC) is the next revolution in the Information and Communication Technology arena. CC is often provided as a service comparable to utility services such as electricity, water, and telecommunications. Cloud service providers (CSP) offers tailored CC services which are delivered as subscription-based services, in which customers pay based on the usage. Many organizations and servi...
متن کاملA survey on impact of cloud computing security challenges on NFV infrastructure and risks mitigation solutions
Increased broadband data rate for end users and the cost of resource provisioning to an agreed SLA in telecom service providers, are forcing operators in order to adhere to employment Virtual Network Functions (VNF) in an NFV solution. The newly 5G mobile telecom technology is also based on NFV and Software Define Network (SDN) which inherit opportunities and threats of such constructs. Thus a ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Annales des Télécommunications
دوره 72 شماره
صفحات -
تاریخ انتشار 2017