Advertisement

DARAC: DDoS Mitigation Using DDoS Aware Resource Allocation in Cloud

  • Gaurav SomaniEmail author
  • Abhinav Johri
  • Mohit Taneja
  • Utkarsh Pyne
  • Manoj Singh Gaur
  • Dheeraj Sanghi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9478)

Abstract

Internet-based computing has lead to an emergence of a large number of threats. One of the major threat is DDoS (Distributed Denial of Service) attack. Recent incidents have shown that DDoS attacks have the capability of shutting a business not for a day but weeks. DDoS attacks have a greater impact on multi-tenant clouds than traditional infrastructure. DDoS attacks in the cloud, take the shape of EDoS (Economic denial of sustainability) attacks. In EDoS, instead of “Service Denial”, economic harms occur due to fake resource usage and subsequent addition or buying of resources using on-demand provisioning. To detect and mitigate DDoS attacks in the cloud, we argue that on-demand resource allocation (known as auto-scaling) should also be looked, in addition to network or application layer mitigation. We have proposed a novel mitigation strategy, DARAC, which makes auto-scaling decisions by accurately differentiating between legitimate requests and attacker traffic. Attacker traffic is detected and dropped based on human behavior analysis based detection. We also argue that most of the solutions in the literature, do not pay much attention to the service quality to legitimate requests during an attack. We calculate the share of legitimate clients in resource addition/buying and make subsequent accurate auto-scaling decisions. Experimental results show that DARAC mitigates various DDoS attack sets and take accurate and quick auto-scaling decisions for various legitimate and attacker traffic combinations saving from EDoS. We also show how proposed mechanism could make “arms-race” very difficult for the attackers as the resource need to defeat DARAC mechanism on a very small capacity server is huge. Results also show significant improvements in the average response time of the web-service under attack, in addition to infrastructure cost savings up to 50 % in heavy attack cases.

Keywords

Cloud Computing Virtual Machine Attack Scenario Idle Resource Cloud Consumer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Chen, Q., Lin, W., Dou, W., Yu, S.: Cbf: a packet filtering method for ddos attack defense in cloud environment. In: IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC), pp. 427–434. IEEE (2011)Google Scholar
  2. 2.
    Clemente, L.: Auto scaling on aws: an overview (2013). http://www.luigiclemente.com/scalable-websites-on-aws-an-overview/
  3. 3.
    Amazon CloudWatch (2014). https://aws.amazon.com/cloudwatch/
  4. 4.
    Dean, D., Stubblefield, A.: Using client puzzles to protect tls. In: USENIX Security Symposium, vol. 42 (2001)Google Scholar
  5. 5.
    Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for ddos attack defense in cloud environment. Future Gener. Comput. Syst. 29(7), 1838–1850 (2013)CrossRefGoogle Scholar
  6. 6.
    Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)CrossRefGoogle Scholar
  7. 7.
    Du, P., Nakao, A.: Ddos defense as a network service. In: Network Operations and Management Symposium (NOMS), pp. 894–897. IEEE (2010)Google Scholar
  8. 8.
    Ismail, M.N., et al.: Detecting flooding based doS attack in cloud computing environment using covariance matrix approach. In: ICUIMC, p. 36. ACM (2013)Google Scholar
  9. 9.
    Huang, V.S., Huang, R., Chiang, M.: A ddos mitigation system with multi-stage detection and text-based turing testing in cloud computing. In: 2013 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 655–662. IEEE (2013)Google Scholar
  10. 10.
    Idziorek, J., Tannian, M., Jacobson, D.: Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 61–72. ACM (2011)Google Scholar
  11. 11.
    Idziorek, J., Tannian, M., Jacobson, D.: Attribution of fraudulent resource consumption in the cloud. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 99–106. IEEE (2012)Google Scholar
  12. 12.
    Jeyanthi, N., Iyengar, N.C.S.N., Mogan Kumar, P.C., Kannammal, A.: An enhanced entropy approach to detect and prevent ddos in cloud environment. Int. J. Commun. Netw. Inf. Secur. (IJCNIS) 5(2), 110–119 (2013)Google Scholar
  13. 13.
    Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., Powell, W.: Catch me if you can: a cloud-enabled ddos defense. In: 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 264–275. IEEE (2014)Google Scholar
  14. 14.
    Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds (awarded best student paper). In: NSDI, USENIX (2005)Google Scholar
  15. 15.
    Khor, S.H., Nakao, A.: spow: On-demand cloud-based eddos mitigation mechanism. In: HotDep (2009)Google Scholar
  16. 16.
    Khor, S.H., Nakao, A.: Daas: Ddos mitigation-as-a-service. In: 11th International Symposium on Applications and the Internet (SAINT), pp. 160–171. IEEE (2011)Google Scholar
  17. 17.
    Kim, S.H., Kim, J.H.: Method for detecting and preventing a ddos attack using cloud computing, and server, 12 July 2010. US Patent App. 13/386,516Google Scholar
  18. 18.
    Koduru, A., Neelakantam, T., Saira Bhanu, S.M.: Detection of economic denial of sustainability using time spent on a web page in cloud. In: 2013 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), pp. 1–4, October 2013Google Scholar
  19. 19.
    Kaspersky Labs. Global it security risks survey 2014 distributed denial of service (ddos) attacks (2014). http://media.kaspersky.com/en/B2B-International-2014-Survey-DDoS-Summary-Report.pdf
  20. 20.
    Latanicki, J., Massonet, P., Naqvi, S., Rochwerger, B., Villari, M.: Scalable cloud defenses for detection, analysis and mitigation of ddos attacks, In: Future Internet, Assembly, pp. 127–137 (2010)Google Scholar
  21. 21.
    Mao, M., Li, J., Humphrey, M.: Cloud auto-scaling with deadline and budget constraints. In: 2010 11th IEEE/ACM International Conference on Grid Computing (GRID), pp. 41–48. IEEE (2010)Google Scholar
  22. 22.
    Marck, S.J., Lyon, J.A., Smith, R.C.: System and method for mitigating application layer distributed denial of service attacks using human behavior analysis, 31 October 2013. US Patent App. 13/458,129Google Scholar
  23. 23.
    Masood, M., Anwar, Z., Raza, S.A., Hur, M.A.: Edos armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In: 2013 16th International Multi Topic Conference (INMIC), pp. 37–42, December 2013Google Scholar
  24. 24.
    Mirkovic, J., Reiher, P.: A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  25. 25.
    Mirkovic, J., Robinson, M., Reiher, P.: Alliance formation for ddos defense. In: Proceedings of the 2003 Workshop on New Security Paradigms, pp. 11–18. ACM (2003)Google Scholar
  26. 26.
    Mohan, S., Alam, F.M., Fowler, J.W., Gopalakrishnan, M., Printezis, A.: Capacity planning and allocation for web-based applications. Decis. Sci. 45(3), 535–567 (2014)CrossRefGoogle Scholar
  27. 27.
    Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. (TOCS) 24(2), 115–139 (2006)CrossRefGoogle Scholar
  28. 28.
    Morein, W.G., Stavrou, A., Cook, D.L., Keromytis, A.D., Misra, V., Rubenstein, D.: Using graphic turing tests to counter automated ddos attacks against web servers. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 8–19. ACM, New York (2003)Google Scholar
  29. 29.
    Munson, L.: Greatfire.org faces daily \({\$}\)30,000 bill from ddos attack (2015). https://nakedsecurity.sophos.com/2015/03/20/greatfire-org-faces-daily-30000-bill-from-ddos-attack/
  30. 30.
    Nah, F.F.-H.: A study on tolerable waiting time: how long are web users willing to wait? Behav. Inf. Technol. 23, 153–163 (2004)CrossRefGoogle Scholar
  31. 31.
    Naresh Kumar, M., Sujatha, P., Kalva, V., Nagori, R., Katukojwala, A.K., Kumar, M.: Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: Fourth International Conference on CICN, pp. 535–539. IEEE (2012)Google Scholar
  32. 32.
  33. 33.
    Arbor Networks. Understanding the nature of ddos attacks (2014). http://www.arbornetworks.com/asert/2012/09/understanding-the-nature-of-ddos-attacks/
  34. 34.
    SPAMfighter News. Survey - with ddos attacks companies lose around 100k/hr (2015). http://www.spamfighter.com/News-19554-Survey-With-DDoS-Attacks-Companies-Lose-around-100kHr.htm
  35. 35.
    Oikonomou, G., Mirkovic, J.: Modeling human behavior for defense against flash-crowd attacks. In: IEEE International Conference on Communications, 2009, ICC 2009, pp. 1–6. IEEE (2009)Google Scholar
  36. 36.
    Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput. Surv. 39(1) (2007)Google Scholar
  37. 37.
    Prolexic (2014). http://www.prolexic.com/
  38. 38.
    Saini, B., Somani, G.: Index page based EDoS attacks in infrastructure cloud. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 382–395. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  39. 39.
    Seals, T.: Q1 2015 ddos attacks spike, targeting cloud (2015). http://www.infosecurity-magazine.com/news/q1-2015-ddos-attacks-spike/
  40. 40.
    Sqalli, M.H., Al-Haidari, F., Salah, K.: EDoS-shield - A two-steps mitigation technique against EDoS attacks in cloud computing. In: UCC, pp. 49–56. IEEE Computer Society (2011)Google Scholar
  41. 41.
    Stillwell, M., Schanzenbach, D., Vivien, F., Casanova, H.: Resource allocation algorithms for virtualized service hosting platforms. J. Parallel Distrib. Comp. 70(9), 962–974 (2010)CrossRefzbMATHGoogle Scholar
  42. 42.
    Akamai Technologies. Akamai’s state of the internet q4 2013 executive summary vol. 6(4) (2013). http://www.akamai.com/dl/akamai/akamai-soti-q413-exec-summary.pdf
  43. 43.
    WAPT Load Testing Tool. Response time (2015). http://www.loadtestingtool.com/help/response-time.shtml
  44. 44.
    Vaquero, L.M., Rodero-Merino, L., Buyya, R.: Dynamically scaling applications in the cloud. SIGCOMM Comp. Comm. Rev. 41(1), 45–52 (2011)CrossRefGoogle Scholar
  45. 45.
    Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A.: A moving target ddos defense mechanism. Comput. Commun. 46, 10–21 (2014)CrossRefGoogle Scholar
  46. 46.
    Wang, J., Yang, X., Long, K.: Web ddos detection schemes based on measuring user’s access behavior with large deviation. In: Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE, pp. 1–5. IEEE (2011)Google Scholar
  47. 47.
    Yu, S., Tian, Y., Guo, S., Wu, D.: Can we beat ddos attacks in clouds? IEEE Trans. Parallel Distrib. Syst. 25(9), 2245–2254 (2013)CrossRefGoogle Scholar
  48. 48.
    Zhao, S., Chen, K., Zheng, W.: Defend against denial of service attack with vmm. In: Eighth International Conference on Grid and Cooperative Computing, 2009, GCC 2009, pp. 91–96. IEEE (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Gaurav Somani
    • 1
    • 2
    Email author
  • Abhinav Johri
    • 3
  • Mohit Taneja
    • 3
  • Utkarsh Pyne
    • 3
  • Manoj Singh Gaur
    • 2
  • Dheeraj Sanghi
    • 4
  1. 1.Central University of RajasthanAjmerIndia
  2. 2.Malaviya National Institute of TechnologyJaipurIndia
  3. 3.LNM Institute of Information TechnologyJaipurIndia
  4. 4.Indian Institute of TechnologyKanpurIndia

Personalised recommendations