Detection Mechanisms of DDoS Attack in Cloud Computing Environment: A Survey

  • Mohammad Abdelkareem Alarqan
  • Zarul Fitri ZaabaEmail author
  • Ammar Almomani
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)


Distributed Denial of Service (DDoS) attack is considered as one of the major security threats to the cloud computing environment. This attack hampers the adoption and deployment of cloud computing. DDoS Attack is an explicit attempt by an attacker to prevent and deny access to shared services or resources on a server in a cloud environment by legitimate users of cloud computing. This kind of attack targets victim servers by sending massive volumes of traffic from multiple sources to consume all the victim server resources. This paper discussed various defense mechanisms for defending DDoS. The main objective of this paper is to evaluate different mechanisms that help to defend DDoS attacks. This paper highlights the importance of statistical anomaly-based approaches in detecting DDoS attacks.


DDoS Cloud computing Anomaly detection Defense taxonomy 


  1. 1.
    Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput. Commun. 107, 30–48 (2017)CrossRefGoogle Scholar
  2. 2.
    Osanaiye, O., Choo, K.-K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 67, 147–165 (2016)CrossRefGoogle Scholar
  3. 3.
    Kaaniche, N., Laurent, M.: Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms. Comput. Commun. 111, 120–141 (2016)CrossRefGoogle Scholar
  4. 4.
    Arjun, U., Vinay, S.: A short review on data security and privacy issues in cloud computing. In: 2016 IEEE International Conference on Current Trends in Advanced Computing (ICCTAC), Bangalore, India, pp. 1–5.‏ IEEE (2016)Google Scholar
  5. 5.
    Khalil, I.M., Khreishah, A., Azeem, M.: Cloud computing security: a survey. Computers 3(1), 1–35 (2014)CrossRefGoogle Scholar
  6. 6.
    Sharma, R., Trivedi, R.K.: Literature review: cloud computing–security issues, solution and technologies. Int. J. Eng. Res. 3(4), 221–225 (2014)CrossRefGoogle Scholar
  7. 7.
    Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)CrossRefGoogle Scholar
  8. 8.
    Behal, S., Kumar, K.: Detection of DDoS attacks and flash events using information theory metrics–an empirical investigation. Comput. Commun. 103, 18–28 (2017)CrossRefGoogle Scholar
  9. 9.
    Behal, S., Kumar, K.: Detection of DDoS attacks and flash events using novel information theory metrics. Comput. Netw. 116, 96–110 (2017)CrossRefGoogle Scholar
  10. 10.
    Bhatia, S.: Ensemble-based model for DDoS attack detection and flash event separation. In: 2016 Future Technologies Conference (FTC), San Francisco, CA, USA, pp. 958–967. IEEE (2016)Google Scholar
  11. 11.
    Bhatia, T., Verma, A.K.: Data security in mobile cloud computing paradigm: a survey, taxonomy and open research issues. J. Supercomput. 73(6), 2558–2631 (2017)CrossRefGoogle Scholar
  12. 12.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric. Secur. Commun. Netw. 9(16), 3251–3270 (2016)CrossRefGoogle Scholar
  13. 13.
    Mansfield-Devine, S.: The growth and evolution of DDoS. Netw. Secur. 2015(10), 13–20 (2015)CrossRefGoogle Scholar
  14. 14.
    Sachdeva, M., Kumar, K., Singh, G.: A comprehensive approach to discriminate DDoS attacks from flash events. J. Inf. Secur. Appl. 26, 8–22 (2016)Google Scholar
  15. 15.
    Saravanan, R., Shanmuganathan, S., Palanichamy, Y.: Behavior-based detection of application layer distributed denial of service attacks during flash events. Turk. J. Electr. Eng. Comput. Sci. 24(2), 510–523 (2016)CrossRefGoogle Scholar
  16. 16.
    Shameli-Sendi, A., Pourzandi, M., Fekih-Ahmed, M., Cheriet, M.: Taxonomy of Distributed Denial of Service mitigation approaches for cloud computing. J. Netw. Comput. Appl. 58, 165–179 (2015)CrossRefGoogle Scholar
  17. 17.
    Shifali, C., Sachdeva, M., Behal, S.: Discrimination of DDoS attacks and flash events using Pearsons product moment correlation method. Int. J. Comput. Sci. Inf. Secur. 14(10), 382–389 (2016)Google Scholar
  18. 18.
    Xiao, P., Qu, W., Qi, H., Li, Z.: Detecting DDoS attacks against data center with correlation analysis. Comput. Commun. 67, 66–74 (2015)CrossRefGoogle Scholar
  19. 19.
    Yan, R., Xu, G., Qin, X.: Detect and identify DDoS attacks from flash crowd based on self-similarity and Renyi entropy. In: 2017 Chinese Automation Congress (CAC), Jinan, China, pp. 7188–7194.‏ IEEE (2017)Google Scholar
  20. 20.
    Bhandari, A., Sangal, A.L., Kumar, K.: Characterizing flash events and distributed denial-of-service attacks: an empirical investigation. Secur. Commun. Netw. 9(13), 2222–2239 (2016)Google Scholar
  21. 21.
  22. 22.
    Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)CrossRefGoogle Scholar
  23. 23.
    Iqbal, S., et al.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J. Netw. Comput. Appl. 74, 98–120 (2016)CrossRefGoogle Scholar
  24. 24.
    Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)CrossRefGoogle Scholar
  25. 25.
    Almomani, A.: Fast-flux hunter: a system for filtering online fast-flux botnet. Neural Comput. Appl. 29(7), 483–493 (2018)CrossRefGoogle Scholar
  26. 26.
    Tao, Y., Yu, S.: DDoS attack detection at local area networks using information theoretical metrics. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, Australia, pp. 233–240.‏ IEEE (2013)Google Scholar
  27. 27.
    Prasad, K.M., Reddy, A.R.M., Rao, K.V.: Afr. J. Comput. ICT 6(2), 53–62 (2013). 2017 Chinese Automation Congress (CAC)Google Scholar
  28. 28.
    Stillwell, M., Schanzenbach, D., Vivien, F., Casanova, H.: Resource allocation algorithms for virtualized service hosting platforms. J. Parallel Distrib. Comput. 70(9), 962–974 (2010)CrossRefGoogle Scholar
  29. 29.
    Bonguet, A., Bellaiche, M.: A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing. Future Internet 9(3), 43 (2017)CrossRefGoogle Scholar
  30. 30.
    Moustafa, N., Hu, J., Slay, J.: A holistic review of Network Anomaly Detection Systems: a comprehensive survey. J. Netw. Comput. Appl. 128, 33–55 (2019)CrossRefGoogle Scholar
  31. 31.
    Alzahrani, S., Hong, L.: A survey of cloud computing detection techniques against DDoS attacks. J. Inf. Secur. 9, 45–69 (2018)Google Scholar
  32. 32.
    Bakshi, A., Sunanda, : A comparative analysis of different intrusion detection techniques in cloud computing. In: Luhach, A., Singh, D., Hsiung, P.A., Hawari, K., Lingras, P., Singh, P. (eds.) Advanced Informatics for Computing Research, vol. 956, pp. 358–378. Springer, Singapore (2018). Scholar
  33. 33.
    Modi, C.N., Acha, K.: Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review. J. Supercomput. 73(3), 1192–1234 (2017)CrossRefGoogle Scholar
  34. 34.
    Ariyaluran Habeeb, R.A., Nasaruddin, F., Gani, A., Targio Hashem, I.A., Ahmed, E., Imran, M.: Real-time big data processing for anomaly detection: a Survey. Int. J. Inf. Manag. 45, 289–307 (2019)CrossRefGoogle Scholar
  35. 35.
    Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M.: A survey of intrusion detection techniques in cloud. J. Netw. Comput. Appl. 36(1), 42–57 (2013)CrossRefGoogle Scholar
  36. 36.
    Katiyar, P., Senthil Kumarn, U., Balakrishanan, S.: Detection and discrimination of DDoS attacks from flash crowd using entropy variations. Int. J. Eng. Technol. 5(4), 3514–3519 (2013)Google Scholar
  37. 37.
    Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)CrossRefGoogle Scholar
  38. 38.
    Khattak, S., Ramay, N.R., Khan, K.R., Syed, A.A., Khayam, S.A.: A taxonomy of botnet behavior, detection, and defense. IEEE Commun. Surv. Tutor. 16(2), 898–924 (2014)CrossRefGoogle Scholar
  39. 39.
    Hammi, B., Rahal, M.C., Khatoun, R.: Clustering methods comparison: application to source based detection of botclouds. In: 2016 International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC), Paris, France, pp. 1–7. IEEE (2016)Google Scholar
  40. 40.
    Chen, C., Chen, H.: A resource utilization measurement detection against DDoS attacks. In: 2016 9th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI), Datong, China, pp. 1938–1943 IEEE (2016)Google Scholar
  41. 41.
    Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426–437 (2011)CrossRefGoogle Scholar
  42. 42.
    Sahoo, K.S., Puthal, D., Tiwary, M., Rodrigues, J.J.P.C., Sahoo, B., Dash, R.: An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Future Gener. Comput. Syst. 89, 685–697 (2018)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Mohammad Abdelkareem Alarqan
    • 1
  • Zarul Fitri Zaaba
    • 1
    Email author
  • Ammar Almomani
    • 2
  1. 1.School of Computer SciencesUniversiti Sains MalaysiaMindenMalaysia
  2. 2.Department of Information TechnologyAl-Huson University College, Al-Balqa Applied UniversityIrbidJordan

Personalised recommendations