Shuffling Based Mechanism for DDoS Prevention on Cloud Environment

Cloud Computing has evolved as a new paradigm in which users can use on-demand services, according to their needs. However, security concerns are primary obstacles to a wider adoption of clouds. Newly born concepts that clouds introduced, such as multitenancy, resource sharing and outsourcing, create new challenges for the security research. DDoS (Distributed Denial of service) attack is the biggest threat to the cloud since it affects the availability of services. There are a lot of techniques proposed by various researchers to prevent DDoS attacks on a cloud infrastructure. We are using a Shuffling Based approach for preventing DDoS in the cloud environment. This approach is reactive and uses the resource elasticity of the cloud. The aim of this technique is to save the maximum number of benign clients from the attack through shuffling. For assignment of clients to the replica servers, we are using a greedy algorithm. Every time we call this algorithm, we estimate the number of malicious clients using a proposed random function for that round of shuffle. We have shown that we can save a desired percentage of benign clients from the ongoing attacks after some shuffles. To detect the attack on each server, a detector is deployed that uses an entropy-based approach for detecting DDoS. A significant deviation in entropy represents the DDoS attack. We have also performed some tests to select the suitable attributes for entropy-based DDoS detection in different type of DDoS attacks. So in our work we have worked on both detection and prevention of DDoS on cloud infrastructure.