Abstract
Distributed Denial of Service (DDoS) attack is considered as one of the major security threats to the cloud computing environment. This attack hampers the adoption and deployment of cloud computing. DDoS Attack is an explicit attempt by an attacker to prevent and deny access to shared services or resources on a server in a cloud environment by legitimate users of cloud computing. This kind of attack targets victim servers by sending massive volumes of traffic from multiple sources to consume all the victim server resources. This paper discussed various defense mechanisms for defending DDoS. The main objective of this paper is to evaluate different mechanisms that help to defend DDoS attacks. This paper highlights the importance of statistical anomaly-based approaches in detecting DDoS attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput. Commun. 107, 30–48 (2017)
Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)
Kaaniche, N., Laurent, M.: Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms. Comput. Commun. 111, 120–141 (2016)
Arjun, U., Vinay, S.: A short review on data security and privacy issues in cloud computing. In: 2016 IEEE International Conference on Current Trends in Advanced Computing (ICCTAC), Bangalore, India, pp. 1–5. IEEE (2016)
Khalil, I.M., Khreishah, A., Azeem, M.: Cloud computing security: a survey. Computers 3(1), 1–35 (2014)
Sharma, R., Trivedi, R.K.: Literature review: cloud computing–security issues, solution and technologies. Int. J. Eng. Res. 3(4), 221–225 (2014)
Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)
Behal, S., Kumar, K.: Detection of DDoS attacks and flash events using information theory metrics–an empirical investigation. Comput. Commun. 103, 18–28 (2017)
Behal, S., Kumar, K.: Detection of DDoS attacks and flash events using novel information theory metrics. Comput. Netw. 116, 96–110 (2017)
Bhatia, S.: Ensemble-based model for DDoS attack detection and flash event separation. In: 2016 Future Technologies Conference (FTC), San Francisco, CA, USA, pp. 958–967. IEEE (2016)
Bhatia, T., Verma, A.K.: Data security in mobile cloud computing paradigm: a survey, taxonomy and open research issues. J. Supercomput. 73(6), 2558–2631 (2017)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric. Secur. Commun. Netw. 9(16), 3251–3270 (2016)
Mansfield-Devine, S.: The growth and evolution of DDoS. Netw. Secur. 2015(10), 13–20 (2015)
Sachdeva, M., Kumar, K., Singh, G.: A comprehensive approach to discriminate DDoS attacks from flash events. J. Inf. Secur. Appl. 26, 8–22 (2016)
Saravanan, R., Shanmuganathan, S., Palanichamy, Y.: Behavior-based detection of application layer distributed denial of service attacks during flash events. Turk. J. Electr. Eng. Comput. Sci. 24(2), 510–523 (2016)
Shameli-Sendi, A., Pourzandi, M., Fekih-Ahmed, M., Cheriet, M.: Taxonomy of Distributed Denial of Service mitigation approaches for cloud computing. J. Netw. Comput. Appl. 58, 165–179 (2015)
Shifali, C., Sachdeva, M., Behal, S.: Discrimination of DDoS attacks and flash events using Pearsons product moment correlation method. Int. J. Comput. Sci. Inf. Secur. 14(10), 382–389 (2016)
Xiao, P., Qu, W., Qi, H., Li, Z.: Detecting DDoS attacks against data center with correlation analysis. Comput. Commun. 67, 66–74 (2015)
Yan, R., Xu, G., Qin, X.: Detect and identify DDoS attacks from flash crowd based on self-similarity and Renyi entropy. In: 2017 Chinese Automation Congress (CAC), Jinan, China, pp. 7188–7194. IEEE (2017)
Bhandari, A., Sangal, A.L., Kumar, K.: Characterizing flash events and distributed denial-of-service attacks: an empirical investigation. Secur. Commun. Netw. 9(13), 2222–2239 (2016)
Arbor Network. https://pages.arbornetworks.com/rs/082-KNA-087/images/13th_Worldwide_Infrastructure_Security_Report.pdf. Accessed 21 Dec 2018
Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)
Iqbal, S., et al.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J. Netw. Comput. Appl. 74, 98–120 (2016)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)
Almomani, A.: Fast-flux hunter: a system for filtering online fast-flux botnet. Neural Comput. Appl. 29(7), 483–493 (2018)
Tao, Y., Yu, S.: DDoS attack detection at local area networks using information theoretical metrics. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, Australia, pp. 233–240. IEEE (2013)
Prasad, K.M., Reddy, A.R.M., Rao, K.V.: Afr. J. Comput. ICT 6(2), 53–62 (2013). 2017 Chinese Automation Congress (CAC)
Stillwell, M., Schanzenbach, D., Vivien, F., Casanova, H.: Resource allocation algorithms for virtualized service hosting platforms. J. Parallel Distrib. Comput. 70(9), 962–974 (2010)
Bonguet, A., Bellaiche, M.: A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing. Future Internet 9(3), 43 (2017)
Moustafa, N., Hu, J., Slay, J.: A holistic review of Network Anomaly Detection Systems: a comprehensive survey. J. Netw. Comput. Appl. 128, 33–55 (2019)
Alzahrani, S., Hong, L.: A survey of cloud computing detection techniques against DDoS attacks. J. Inf. Secur. 9, 45–69 (2018)
Bakshi, A., Sunanda, : A comparative analysis of different intrusion detection techniques in cloud computing. In: Luhach, A., Singh, D., Hsiung, P.A., Hawari, K., Lingras, P., Singh, P. (eds.) Advanced Informatics for Computing Research, vol. 956, pp. 358–378. Springer, Singapore (2018). https://doi.org/10.1007/978-981-13-3143-5_30
Modi, C.N., Acha, K.: Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review. J. Supercomput. 73(3), 1192–1234 (2017)
Ariyaluran Habeeb, R.A., Nasaruddin, F., Gani, A., Targio Hashem, I.A., Ahmed, E., Imran, M.: Real-time big data processing for anomaly detection: a Survey. Int. J. Inf. Manag. 45, 289–307 (2019)
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)
Katiyar, P., Senthil Kumarn, U., Balakrishanan, S.: Detection and discrimination of DDoS attacks from flash crowd using entropy variations. Int. J. Eng. Technol. 5(4), 3514–3519 (2013)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Khattak, S., Ramay, N.R., Khan, K.R., Syed, A.A., Khayam, S.A.: A taxonomy of botnet behavior, detection, and defense. IEEE Commun. Surv. Tutor. 16(2), 898–924 (2014)
Hammi, B., Rahal, M.C., Khatoun, R.: Clustering methods comparison: application to source based detection of botclouds. In: 2016 International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC), Paris, France, pp. 1–7. IEEE (2016)
Chen, C., Chen, H.: A resource utilization measurement detection against DDoS attacks. In: 2016 9th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI), Datong, China, pp. 1938–1943 IEEE (2016)
Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426–437 (2011)
Sahoo, K.S., Puthal, D., Tiwary, M., Rodrigues, J.J.P.C., Sahoo, B., Dash, R.: An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Future Gener. Comput. Syst. 89, 685–697 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Alarqan, M.A., Zaaba, Z.F., Almomani, A. (2020). Detection Mechanisms of DDoS Attack in Cloud Computing Environment: A Survey. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_10
Download citation
DOI: https://doi.org/10.1007/978-981-15-2693-0_10
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-2692-3
Online ISBN: 978-981-15-2693-0
eBook Packages: Computer ScienceComputer Science (R0)