Abstract
In recent years, cloud services are emerging popular among the public and business ventures. Most of companies are trusting on cloud computing technology for production tasks. Distributed Denial of Service (DDoS) attack is a major general and critical type of attack on the cloud that proved extremely damaging the services. In current years, several efforts have been taken to identify the numerous types of DDoS attacks. This paper explains the various types of DDoS attack and its consequence in cloud computing. Also, this paper provides the various impacts of DDoS attack on cloud environment. The main goal of this paper is to discuss about prevention, detection and mitigation approaches of DDoS attacks on cloud environment with strengths, challenges and limitations of each approach. So that researchers can gets completely novel intuitive understanding into how to alleviate DDoS attacks in the field of cloud computing.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
NIST: The NIST Definition of Cloud Computing (2011). http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
Kaufman, L.M.: Data security in the world of cloud computing. IEEE Secur. Priv. 7(4), 61–64 (2009). https://doi.org/10.1109/MSP.2009.87
Zissis, D., Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012). https://doi.org/10.1016/j.future.2010.12.006
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004). https://doi.org/10.1145/997150.997156
Mansfield-Devine, S.: The growth and evolution of DDoS. Netw. Secur. 10, 13–20 (2015)
Kaspersky Labs, Global IT Security Risks Survey 2014 - Distributed Denial of Service (DDoS) Attacks (2014). http://media.kaspersky.com/en/B2B-International-2014-Survey-DDoS-Summary-Report.pdf
Nelson, P.: Cybercriminals Moving into Cloud Big Time, Report Says (2015). http://www.networkworld.com/article/2900125/malwarecybercrime/criminals-/moving-into-cloud-big-time-says-report.html
Somani, G., et al.: DDoS attacks in cloud computing: issues, taxonomy, and future directions (2015). arXiv preprint: arXiv:1512.08187
Shameli-Sendi, A., et al.: Taxonomy of distributed denial of service mitigation approaches for cloud computing. J. Netw. Comput. Appl. 58, 165–179 (2015). https://doi.org/10.1016/j.jnca.2015.09.005
Deshmukh, R.V., Devadkar, K.K.: Understanding DDoS attack & its effect in a cloud environment. Procedia Comput. Sci. 49, 202–210 (2015)
Akamai Technologies, Akamai’s State of the Internet Q4 2013 Executive Summary 6(4) (2013). http://www.akamai.com/dl/akamai/akamai-soti-q413-exec-summary.pdf
Neustar News, DDoS Attacks and Impact Report Finds Unpredictable DDoS Landscape (2014). http://www.neustar.biz/aboutus/news-room/press-releases/2014/neustar-2014-ddosattacks-and-impact-report-finds-unpredictable-ddos-/landscape#.U33B_nbzdsV
P. Technologies (2014). http://www.prolexic.com/
Arbor Networks, Understanding the nature of DDoS attacks (2014). http://www.arbornetworks.com/asert/2012/09/understandingthe-nature-of-ddos-attacks/
Tripwire-New Research Shows Global DDoS Attacks Grew 90% in Q4 2014 (2014). https://www.tripwire.com/state-of-security/latest-security-news/new-research-shows-global-ddos-attacks-grew-90-in-q4-2014/
Abliz, M.: Internet Denial of Service Attacks and defence Mechanisms, University of Pittsburgh, Department of Computer Science, Technical report. TR-11-178 (2011)
Shin, S., Yegneswaran, V., Porras, P., Gu, G.: AVANT-GUARD: scalable and vigilant switch ow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 413–424 (2013)
Shameli-Sendi, A., Dagenais, M.: ARITO: cyber-attack response system using accurate risk impact tolerance. Int. J. Inf. Secur. (2013). https://doi.org/10.1007/s10207-013-0222-9
Shameli-Sendi, A., Ezzati-Jivan, N., Jabbarifar, M., Dagenais, M.: Intrusion response systems: survey and taxonomy. Int. J. Comput. Sci. Netw. Secur. 12(1), 1–14 (2012)
Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS defence by offense. ACM Trans. Comput. Syst. (TOCS) 28(1), 1–54 (2010). Article 3
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defence mechanisms against Distributed Denial of Service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 99, 1–24 (2013)
Khor, S.H., Nakao, A.: sPoW: on-demand cloud-based EDDoS mitigation mechanism. In: HotDep (Fifth Workshop on Hot Topics in System Dependability) (2009)
Kumar, M.N., Sujatha, P., Kalva, V., Nagori, R., Katukojwala, A.K., Kumar, M.: Mitigating Economic Denial of Sustainability (EDoS) in cloud computing using in-cloud scrubber service. In: Proceedings of the 2012 Fourth International Conference on Computational Intelligence and Communication Networks, CICN 2012, Washington, DC, USA, pp. 535–539. IEEE Computer Society (2012). https://doi.org/10.1109/CICN.2012.149
Al-Haidari, F., Sqalli, M.H., Salah, K.: Enhanced EDoS-Shield for mitigating EDoS attacks originating from spoofed IP addresses. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1167–1174. IEEE (2012)
Sqalli, M.H., Al-Haidari, F., Salah, K.: EDoS-Shield - a two-steps mitigation technique against EDoS attacks in cloud computing. In: 2011 Fourth IEEE International Conference on Utility and Cloud Computing (UCC), pp. 49–56. IEEE (2011)
Alosaimi, W., Al-Begain, K.: A new method to mitigate the impacts of the economical denial of sustainability attacks against the cloud. In: Proceedings of the 14th Annual Post Graduates Symposium on the Convergence of Telecommunication, Networking and Broadcasting (PGNet), pp. 116–121 (2013)
Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A.: A moving target DDoS defense mechanism. Comput. Commun. 46, 10–21 (2014)
Karnwal, T., Sivakumar, T., Aghila, G.: A comber approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In: 2012 IEEE Students’ Conference on Electrical, Electronics and Computer Science (SCEECS), pp. 1–5. IEEE (2012)
Anderson, T., Roscoe, T., Wetherall, D.: Preventing internet Denial-of-Service with capabilities. ACM SIGCOMM Comput. Commun. Rev. 34(1), 39–44 (2004)
Masood, M., Anwar, Z., Raza, S.A., Hur, M.A.: EDoS Armor: a cost effective economic denial of sustainability attack mitigation framework for E-commerce applications in cloud environments. In: 2013 16th International Multi Topic Conference (INMIC), pp. 37–42 (2013). https://doi.org/10.1109/INMIC.2013.6731321
Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., Powell, W.: Catch Me if You Can: a cloud-enabled DDoS defense. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 264–275. IEEE (2014)
Jeyanthi, N., Mogankumar, P.: A virtual firewall mechanism using army nodes to protect cloud infrastructure from DDoS attacks. Cybern. Inf. Technol. 14(3), 71–85 (2014)
Baig, Z.A., Binbeshr, F.: Controlled virtual resource access to mitigate Economic Denial of Sustainability (EDoS) attacks against cloud infrastructures. In: Proceedings of the 2013 International Conference on Cloud Computing and Big Data, CLOUDCOM-ASIA 2013, Washington, DC, USA, pp. 346–353. IEEE Computer Society (2013). https://doi.org/10.1109/CLOUDCOM-ASIA.2013.51
Saini, B., Somani, G.: Index page based EDoS attacks in infrastructure cloud. In: International Conference on Security in Computer Networks and Distributed Systems, pp. 382–395. Springer, Heidelberg (2014)
Idziorek, J., Tannian, M., Jacobson, D.: Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 61–72. ACM (2011)
Ismail, M.N., Aborujilah, A., Musa, S., Shahzad, A.: Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach. In: Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication, p. 36. ACM (2013)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314. IEEE (2003)
Shamsolmoali, P., Zareapoor, M.: Statistical-based filtering system against DDoS attacks in cloud computing. In: 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI 2014), pp. 1234–1239. IEEE (2014)
Gómez-Lopera, J.F., Martínez-Aroza, J., Robles-Pérez, A.M., Román-Roldán, R.: An analysis of edge detection by using the Jensen-Shannon divergence. J. Math. Imaging Vis. 13(1), 35–56 (2000)
Templeton, S.J., Levitt, K.E.: Detecting spoofed packets. In: Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1, pp. 164–175. IEEE (2003)
Chen, Q., Lin, W., Dou, W., Yu, S.: CBF: a packet filtering method for DDoS attack defense in cloud environment. In: IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC), pp. 427–434. IEEE (2011)
Jeyanthi, N., Iyengar, N.C.S., Kumar, P.M., Kannammal, A.: An enhanced entropy approach to detect and prevent DDoS in Cloud environment. Int. J. Commun. Netw. Inf. Secur. (IJCNIS) 5(2), 110 (2013)
Vissers, T., Somasundaram, T.S., Pieters, L., Govindarajan, K., Hellinckx, P.: DDoS defense system for web services in a cloud environment. Future Gener. Comput. Syst. 37, 37–45 (2014)
Latanicki, J., Massonet, P., Naqvi, S., Rochwerger, B., Villari, M.: Scalable cloud defenses for detection, analysis and mitigation of DDoS attacks. In: Future Internet Assembly, pp. 127–137 (2010)
Li, B., Niu, W., Xu, K., Zhang, C., Zhang, P.: You cant hide: a novel methodology to defend DDoS attack based on but cloud. In: Applications and Techniques in Information Security. Communications in Computer and Information Science, pp. 203–214. Springer, Heidelberg (2015)
Graham, M., Adrian, W., Erika, S.-V.: Botnet detection within cloud service provider networks using flow protocols. In: 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), pp. 1614–1619. IEEE (2015)
Badis, H., Doyen, G., Khatoun, R.: A collaborative approach for a source-based detection of but clouds. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 906–909. IEEE (2015)
Mohammad, R.M., Mauro, C., Ville, L.: EyeCloud: a BotCloud detection system. In: Proceedings of the 5th IEEE International Symposium on Trust and Security in Cloud Computing (IEEE TSCloud 2015), Helsinki, Finland. IEEE (2015)
Yu, S., Tian, Y., Guo, S., Wu, D.O.: Can we beat DDoS attacks in clouds? IEEE Trans. Parallel Distrib. Syst. 25(9), 2245–2254 (2014)
Yossi, G., Amir, H., Michael, S., Michael, G.: CDN-on-Demand: an affordable DDoS defense via un-trusted clouds. In: Network and Distributed System Security Symposium (NDSS) (2016)
Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: Service resizing for quick DDoS mitigation in cloud computing environment. Ann. Telecommun. 72(5–6), 237–252 (2016)
Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M.: DDoS victim service containment to minimize the internal collateral damages in cloud computing. Comput. Electr. Eng. (2016)
Sahay, R., Blanc, G., Zhang, Z., Debar, H.: Towards autonomic DDoS mitigation using software defined networking. In: SENT 2015: NDSS Workshop on Security of Emerging Networking Technologies, Internet Society, San Diego, California, US (2015). https://doi.org/10.14722/sent.2015.23004
Wang, X., Chen, M., Xing, C.: SDSNM: a software-defined security networking mechanism to defend against DDoS attacks. In: 2015 Ninth International Conference on Frontier of Computer Science and Technology (FCST), pp. 115–121. IEEE (2015)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015)
Yan, Q., Yu, F.: Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Commun. Mag. 53(4), 52–59 (2015)
Tsai, S.-C., Liu, I.-H., Lu, C.-T., Chang, C.-H., Li, J.-S.: Defending cloud computing environment against the challenge of DDoS attacks based on software-defined network. In: Advances in Intelligent Information Hiding and Multimedia Signal Processing: Proceeding of the Twelfth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Kaohsiung, Taiwan, 21–23 November 2016, vol. 1, pp. 285–292. Springer, Cham (2017)
Stillwell, M., Schanzenbach, D., Vivien, F., Casanova, H.: Resource allocation algorithms for virtualized service hosting platforms. J. Parallel Distrib. Comput. 70(9), 962–974 (2010)
Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M., Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4, 22–32 (2017)
Zhao, S., Chen, K., Zheng, W.: Defend against Denial of Service attack with VMM. In: Eighth International Conference on Grid and Cooperative Computing, GCC 2009, pp. 91–96. IEEE (2009)
Silva, S.S., Silva, R.M., Pinto, R.C., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)
Yan, Q., Yu, R., Gong, Q., Li, J.: Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. Commun. Surv. Tutor. PP(99), 1 (2015). https://doi.org/10.1109/COMST.2015.2487361
Singh, A., Chatterjee, K.: Cloud security issues and challenges: a survey. J. Netw. Comput. Appl. 79(1), 88–115 (2017)
Online The Truth about DDoS Attacks: Part 1 (2013). http://www.carbon60.com/the-truthabout-ddos-attacks-part-1/. Accessed 12 July 2015
Kaspersky Lab. https://www.kaspersky.com/about/press-releases/2015_one-in-five-ddos-attacks-last-for-days-or-even-weeks
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Srinivasan, K., Mubarakali, A., Alqahtani, A.S., Dinesh Kumar, A. (2020). A Survey on the Impact of DDoS Attacks in Cloud Computing: Prevention, Detection and Mitigation Techniques. In: Balaji, S., Rocha, Á., Chung, YN. (eds) Intelligent Communication Technologies and Virtual Mobile Networks. ICICV 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 33. Springer, Cham. https://doi.org/10.1007/978-3-030-28364-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-28364-3_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-28363-6
Online ISBN: 978-3-030-28364-3
eBook Packages: EngineeringEngineering (R0)