Contents lists available at www.innovativejournal.in
Asian Journal of Computer Science And Information Technology
Journal Homepage: http://innovativejournal.in/ajcsit/index.php/ajcsit
ANALYSIS ON DDOS ATTACKS IN CLOUD NETWORKS
Davandeep Kaur1 , Gurjit Singh Bhathal2, Gaurav Gupta3
1M.tech Student Department of Computer Engineering, Punjabi University, Patiala. 2Assistant Proffessor, Department of Computer Engineering, Punjabi University, Patiala. 3Assistant Proffessor, Department of Computer Engineering, Punjabi University, Patiala.
ARTICLE INFO ABSTRACT Corresponding Author:
Davandeep Kaur
M.tech Student Department of Computer Engineering, Punjabi University, Patiala.
DOI:http://dx.doi.org/10.15520/aj csit.v7i2.55
Key Words: DDoS attack, cloud computing, IaaS, security.
Cloud computing is a rising technology that utilizes a combination of hardware and software to deliver services to the end users over the internet. As the internet is always prone to security threats, reliability and safety in cloud computing environment become a crucial concern. DDoS (Distributed Denial of Service) attack is the biggest threat to all the cloud computing users which is being used at present. The main motive behind the DDoS attack is to prevent the target users from utilizing the network resources efficiently. With the changes in the cloud computing environment, significant changes have been seen in techniques to prevent the DDoS attack. In this paper, we will focus on the cloud computing architecture and how DDoS attacks affect cloud computing environment. Along with this, different kind of DDoS attacks are explored, and various defense mechanism against these attacks are presented.
©2017, AJCSIT, All Right Reserved.
I. INTRODUCTION
Cloud computing is defined as the internet based computing system in which the computer shares all the processing resources and data to other devices on demand. It is the common pool of computing resources i.e. computer network, servers, storage, applications, services that are accessedupon request. It is the storage solution which provides services to store and process the data privately or by the third party. The cloud computing is ranging all over the world. It is sharing the resources to achieve the consistent relation over electricity network. It allows the company to avoid infrastructure costs on purchasing servers. Thus the organization wouldfocus on their core businesses rather than spend too much money and time on computer infrastructure. Cloud computing allow the organizations to run their business faster and improve the manageability and the resources meet the business demands rapidly. [2]
Figure 1: Cloud-Computing Service Stack [21]
This model is based on the “pay as you go” model which leads to high charges if the company does not adapt the cloud pricing model. In the year 2009 the high capacity network, low-cost computers and storage devices, service oriented architecture, and autonomic computing leads to the growth of cloud computing.
In the year 2013 the demand for the cloud computing get highly increase because of the high computing power, it has the low cost for services and its performance is high, it has the scalability, accessibility and it is easily available. It has booby trap which needs to be more addressed to make the services more reliable and user-friendly.
1.1.Characteristics of cloud computing
The major characteristics of cloud computing includes the following [9]:
1. The cloud computing increases the user flexibility by adding or expanding technological infrastructure. 2. The providers could reduce the cost of the network
and convert capital expenditure to operational expenditure. It is the cost saving system.
3. It is the independentnetwork which allows the user to access the system using the web browser not to mention their location and what kind of device they use. And the infrastructure which is provided by the third party can be accessed through the internet, and the user can connect from anywhere.
5. The performance is mainly monitored by the IT companies which provide the services using web services as the system interface.
6. The productivity increase when the multiple users work on same data without the need of waiting for either saving the data or emailing it.
7. The cloud computing network provides scalability and elasticity on demand. It gives the ability to scale up the services when needed. Similarly, the resources can be scaleddown when are not in use.
8. The centralization of dataimproves the security,which is proved to be better than other traditional systems. Along with this, the service providers provide the security solving services.
1.2.Attacks in a cloud environment
There are many attacks which affect the cloud
computing environment:
1) Denial of service attacks also known as DoS attacks:
In this attack, the attacker targets the cloud system with services request and stop responding to any new request and resources made unavailable to the user. Most of the cloud security providers find that the system mostly affected by the DoS attacks because so many users use the system. There are so many types of DDoS. [1] The attacker overloads the larger amount of junk data on the network which consume the bandwidth of the network. In various networking protocol, the attacker uses more blank space that overload the target network. It can make a lot of HTTP requests that cannot be handled by the server.
2) Malware injection attack in a cloud environment
In this attack, the attacker injects the malicious service into the cloud network. The attacker creates its malicious service implementation module like SaaS or PaaS or virtual machine instance like IaaS and tries to add all these into the cloud network. The attacker makes the valid services to the cloud system that it provides some new services among the valid instances and if the attacker succeeds then the cloud system automatically redirects the request of the user to the malicious service, and then the attacker code start to execute. [22]
The primary function of malware injection attack in a cloud environment is that the attacker transfers the malicious services into the cloud so that he will access the request services of the victim service. To accomplishthis, the attackertakes fullcontrolover the victim data in the cloud. It is exploiting the service to the cloud attack surface. In this attack, the attacker can perform any harmful activity in which he is interested such as data modification, changes in the full functionality of the data and blocking the data on the network.
3) Side channel attack
In this, the attacker places a malicious virtual machine in the cloud system and target the cloud server system and then creates a side channel attack. Side channel attack iseffective security threat which targets the cryptographic algorithms during the implementation of the system. To evaluate the resilience of the cryptographic system, it is important to secure the system design from the side channel attack. There are two steps involved in channel attack. These are:
VM CO- Residence and Placement- the attacker places his instance on the same physical machine as that of target instance.
VM Extraction- it refers to the ability of the malicious side channel attack to learn information about the resident instances. In this attack, the attacker quicklygains the secret information from the device.
4) Authentication attack
An attacker use authentication attack in the cloud computing to target the services. Most of the services use simple username and password which is based on knowledge. The financial institutions use different forms of secondary authentication which are mainly based on secret questions, based on site keys and virtual keyboards, etc. that make a difficult level for any attacker and secure the confidential information from the phishing attacks. Various types of authentication attacks include the following [21]:
a) Brute Force Attacks: In this, all possible combinations are applied to break the password. This is applied to crack the encrypted passwords which are present in the form of encrypted text.
B) Dictionary Attack: In this attack, the attacker tries to match words that are occurring in the daily life of the victim.
C) Replay attack: it is also known as the reflection attacks. It challenges the user authentication mechanism.
D) Phishing Attacks: this is the web-based attack in which the attacker diverts the user to any fake website to get his or her password.
1.3. DistributedDenial of service (DDoS)
DDOS stands for DistributedDenial service. A DDOS attack is to make an online service inaccessible to users. Not for permanent basis but usually for temporarily interrupting or to disconnect the hosting server. It is a single internet connected device used to flow resources in the packets. DDOS attacks launch from the various compromised device, and it referred as a botnet. [1]
When the attack goes on in the system, it leads to some technical problem with a particular network issue. The system becomes unable to manage the problems regarding the performance and maintenance of the scheme. Some of the main activities that emerge as a result of DDoS attack include:
- Unusually slow network performance occurs while
opening the documents and files.
- The unavailability of particular websites.
- There is a problem to access the particular website which we want to access the further information or
some work.
- Dramatic is increased in the form of spam in the websites when we receive our account.
DDOS attacks can broadly divide into three types [5]
1. Volume based attacks- Volume based attackis comprised ofICMP floods, UDP floods, and other floods. The main goal of these attacks is to accommodate the bandwidth. The magnitude of such kind of attack is measured in bits per second.
2. Protocol Attacks- These type of attacks include the SYN floods, Fragmented attacks, Ping of Death, and much more. This kind of attacks consumes the real resources i.e. Firewalls and load balancers. It measured in packet per second.
1.4.Specific DDOS attack types
Some specific and particularly dangerous types of DDoS attacks are described in this section. These include the following:
1. UDP-FLOOD- It is a user datagram protocol. It is a session less networking protocol. This kind of attacks occurs on a remote host with some UDP attacks. It helps us to check the application in the port and works with the ICMP destination packet.
2. ICMP-FLOOD- It is similar to the UDP flood attack. These attacks send the packets in a fast process without waiting for the replies. This pack includes both outgoing and incoming bandwidth. This attack makes the system slow.
3. SYN FLOOD- This attack creates the weakness in the TCP connection. In this assault, the requester sends the various numbers of requests to SYN request center. But the application does not respondto the host in the SYN attack. So the whole system waits for all the requests, and no new connection is bound to it while the application does not accept by the host. [1]
4. PING OF DEATH FLOOD- A ping of death attack includes that type of attacker which sends multiple sounds to the computer. Its maximum packet length is 65.535 bytes. In this assault, a large number of IP packets split into the variousnumbers of packets. It can overflow the memory buffers which are essential to the pack.
5. SLOWLORIS- slowloris is the extremely targeted attack. It allows one web server to record another server without disturbing the other services in the destination network. Slow loris helps to hold many connections to the web server, and it contributes to open for an extended time. Slowloris sends HTTP headers, but it never commits to complete the request. It leads the server to the false connections which remain open all the time.
6. NTP AMPLIFICATION- This attack exploits the publically accessible networks. In NTP amplification the response ratio is between 1:20 and 1:200. It means if an attackerhas open NTP then it can quickly generate high bandwidth and high volume DDOS attacks.
7. HTTP FLOOD- in HTTP flood DDOS attack the attacker requests to attack a web or applications on the internet. This attack is most active when it forces the server to allocate the maximum resources which are possible to response in each single request. [3]
8. Zero-day DDOS attacks- ZERO DAY attack are new attacks in the system. These attacksare related to the hacker community in which the practice of trading has become a favorite activity.
II. LITERATURE SURVEY
M. Darwish et al. [2013] analyzed the various DDoS (Distributed Denial of Service) attacks that occur in
the cloud computing and over the web. Nowadays, DDoS
attacks have become the major threat that is faced by the web users and cloud computing services. This study not only discussed the various threats but also provided the detail of the effects these attacks have on cloud computing resources, the defensemechanism to handle this kind of attacks and what can be the challenges while one trying to defend these attacks. Thus study provided proper insight into these attacks and recommended to use the hybrid mechanism to properly defence these attacks [1].
B. Wang et al. [2015]analyzed the impact that clouds computing and SDN (Software Defined Networking) had on the DDoS attacks defense and proposed a new defending mechanism for dealing with these DDoS attacks. The proposed model was DaMask architecture, designed using the SDN concept. This architecture contained two modules or components that are anomaly based attack detection called DaMask-D and second is an attack mitigation module known as DaMask-M. The study also analyzed the proposed model with respect to existing
solutions. Results obtained proved that DaMask
architecture was effective in dealing with the security challenges and detecting the attacks and study claimed that enterprises could defend the attacks if they properly design the SDN technology [2].
T. Vissers et al. [2014] introduced DDoS defense systems for the Web services in the cloud computing environment. The study first investigated the impact that DDoS attacks have on the web services and found that these attacks impact greatly onweb services. Thus the study proposed the intelligent system that can detect attacks which occur on application layers. Apart from these, the specified system was also able to detect the spoofing and flooding attacks. The outcome of the research emphasized that the suggested system was effective to detect the malicious attacks and also there was little overhead for the response time in this system [3].
K. Kalkan, F.Alagöz [ 2016] introduced a distributed filtering mechanism to defend the DDoS attacks. The mechanism was called Score for Core. The specified model was inspired by the proactive model, and it selected the most important factors when the attack occurred. It makes astatistical analysis and along with it also compares the current traffic with the usual traffic. The results obtained showed that it provided the prevention from various known attacks and also provided accuracy around 80% for unknown attacks [4].
C. Douligeris, A. Mitrokotsa [2004] presented the various DDoS attacks along with the features of each attack, defence system for each type of attack and what are the benefits and limitations of the defence mechanism if used against particular kind of attack. The denial of service attacks have become a major threat on the web today and can lead to exhaust the resources of the victim within a very little span of time. Thus the objective of the study was to list various kind of attacks so that techniques and methods can be developed to handle this kind of attacks [5].
K. Lee et al. [ 2008] introduced a proactive method for the detection of DDoS attacks that occur over the web and in cloud computing. The technique of detection was used along with cluster analysis for the detection of anattack. The evaluation of the proposed method was done using the 2000 DARPA intrusion detection data set. Results obtained cleared that method was able to detect the precursors of DDoS attacks [6].
H. Wang et al. [2002] proposed a mechanism for detection of SYN flooding attacks. This scheme was simple and robust that detects the SYN flooding attacks at the leaf routers that help in connecting the various end users to the Internet. The suggested method had low computation
overhead for detection of attacks. Here the
mechanism was able to achieve high detection accuracy and short detection latency [7].
Andrew Carlin et al. [2015] investigated the defense method for DDoS attacks in the cloud model. The study presented the detail about the cloud computing architecture, its pros, and cons, DDoS security threats faced in the cloud model, existing methods to handle the attacks with their merits and demerits. Apart from these, thestudy also discussed the various security problems, latest developments for thesecurity of virtual machines and latestdefense mechanisms. Thus study provided the detail for future research direction [8].
W. Dou et al. [2013]analyzed the confidence based filtering method for DDoS attacks defense in the
cloud environment. This method CBF has the
characteristic of correlation and to represent the distribution of attribute pairs. After that, this study defined the approach for generating the profile in which
confidence values were stored. Traditional
defensemechanisms can’t be appliedto thedefense of attacks because of their limitations like low efficiency, large storage and so on. Thus the specified technique was able to achieve accuracy, high speed, small storage for defending the attacks in cloud computing environment [9].
B. Wang et al. [2014] addressed the problem of DDoS attacks detection by providing the idea that SDN (Software Defined Networking) technology can help the enterprises in defending against the various DDoS attacks. The only need was that one need to design the defense architecture properly. The study proposed the DDoS attack mitigation method that could detect attacks and reactto these attacks. Simulations results showed that proposed method was helpful in dealing with these attacks [10].
G. Soman et al. [2017] presented the details about taxonomy for the classification of DDoS attacks,
their characterization, detection, mitigation and
prevention mechanisms. Apart from these, thestudy also discussed the various measures that could be used to evaluate the various solutions defined in the study. To sum up, thestudy provided the guidelines about how to build an effective mechanism for detection of attacks [11].
Y. Cui et al. [2016] introduced the mechanism for detecting the DDoS attacks in th Software Defined Networking. The proposed method consisted of four modules that are attack detection trigger, attack detection, attack mitigation and attack traceback. Also, the detection method thatwas based on neural networks was
implemented for detection. Experiments conducted
showed that specified method could detect the attacks fast and accurate [12].
S. Patil, S. Chaudhari[2016] discussed the attack prevention technique for the wireless sensor networks
(WSN). This methodwas enhancedby the existing method
of detection of DDoS attacks called Co-FAIS. The results indicated that specified method improved the accuracy of detection of attacks and also reduction in the false alarm rate was achieved with this approach [13].
R. Upadhyay et al. [2016] proposed a dynamic source routing for preventing the DDoS attacks on the wireless sensor networks. In this method nodes, energy had used for the attack detection and prevention. Also,simulationQualnet 5.2 was utilized in the research for providing the simulations results. Thus results obtained
indicated that proposed solution was able to prolong the network life by saving it from DDoS attacks [14].
P. A. R. Kumar, S. Selvakumar[2011] introduced the detection scheme for detecting the denial of service attacks. The scheme specified was based on the use of an ensemble of theneural classifier. The research also evaluated the performance of machine learning algorithms and chose the ResilientBackpropagation as a base classifier. RBP boost was achieved with the use of anensemble of classifier outputs and strategy of Neyman -Pearson cost minimization. Datasets such as KDD cup, CONFICKER, DARPA 2000 were used for simulation in the study. Simulation results indicated that the proposed scheme was able to achieve the accuracyupto 99.4% and also reduced the false alarms rates [15].
S. Gupta, P. Kumar, and A. Abraham (2012) presented the method for the prevention of a network for cloud environment security. In this research, theprofile based network was used for the security of cloud environment. A VM profile DB was created to describe the patterns of attack. It was used for aspecific time for detecting the attack of packet flooding e.g. denial-of -service attacks. For detecting TCP flooding, a prototype was implemented named as TCP SYN flooding which was re-used to detect other behavior based attacks of thenetwork. This research helped to identify the attacks based on thenetwork on cloud and then analyzed the security measures technique [16].
Q. Yan, F. Richard, Q. Gong, and Jianqiang (2015)analyzed about distributed denial of service and software-defined networking attacks in cloud computing. In this research, reasons for the distributed denial of service attacks in cloud computing are discussed and then summarized the difficulties which occur in defeating DDoS. The software-defined network has features which help in defeating the DDoS attacks. In this research, methods are discussed to defeat DDoS attack in application-level using thesoftware-defined network, the methods to implement them at multiple locations, analysis of cross-layer traffic, build atolerant system of DDoS attack [17].
B. Khadka, C. Withana, A. Alsadoon, A.
Elchouemi(2014) presented various methods to detect and prevent the network from the attack of distributed denial of service on thecloud. This research presented security methods to prevent from DDoS attack and the cloud systems advantages, features, deployment models of cloud computing. Also, described the Usnort which is very beneficial in prevention and detection of DDoS. It also increases the performance of CPU under the attack of DDoS. In this research, firstly characteristics of DDoS attack are identified, and then Intrusion Detection System tool was used to detect DDoS which is based on Snort [18].
D. Parwani, A. Dutta, P. K. Shukla and M.
security from different attacks at the network, power consumption, and computational cost [19].
Sandeep K. Sood(2012) explained methods of data security in the cloud computing by checking the integrity, privacy, and authentication. In this research, firstly data was divided into sections which werethen authenticated and verified the digital signature to provide availability, flexibility, integrity, and reliability of data. It improved many issues such as tampering of data, data leakage, and unauthorized access [20].
II. FINDINGS
The table below shows the different outcomes of previous researches done over detection and protection of cloud computing environment from different attacks.
Table 1: Techniques and outcomes of previous studies
Author Technique Results
M. Darwish et al.
[2013]
Hybrid mechanism to
defend DDoS attacks. Improved mechanism. Defense
Bing Wang et al.
[2015]
DaMask architecture. Detection and
Protection of DDoS
attacks.
T. Vissers et al.
[2014]
Intelligent system. Detection and Filtration
of attacks.
K.Kalkan,
F.Alagöz [2016]
ScoreForCore Prevention of attacks.
C. Douligeris,
A.Mitrokotsa
[2004]
Detail about attacks
and defense system.
Insight for creation for
defense methods.
K. Lee et al.
[2008]
A proactive method. Detect precursors of
DDoS attack as well as
the attack itself.
H. Wang et al.
[2002]
A mechanism for detection of SYN
flooding attacks.
High detection accuracy and short detection
latency.
Andrew Carlin et
al. [2015]
Investigation of
defense mechanisms.
Insight for future
research.
W. Dou et al.
[2013]
CBF. Achieved accuracy, high
speed, and small
storage.
B. Wang et al.
[2014]
SDN Method. Effective in detecting
DDoS attacks.
III. CONCLUSION
Security and reliability being the major concern in the cloud computing environment became the main focus of the research. DDoS attacks presently work against the availability and accessibility of different cloud computing services. Every time a defense mechanism is developed to combat the impact of the DDoS attack, an improved attackappears in front of the users. Thus a hybrid mechanism including the strengths of numerous techniques could be beneficial to counteract the DDoS attacks. Thus, in this paper, we have reviewed various defense mechanisms which exist at present. Along with this, the limitations and drawbacks of all these defense
mechanisms havebeen reviewed in this paper. The
information gathered from this review will help to explore the research on the next level.
IV. REFERENCES
[1] M. Darwish, A. Ouda and L. F. Capretz, "Cloud-based DDoS attacks and defenses," International Conference on Information Society (i-Society 2013), Toronto, ON, 2013, pp. 67-71.
[2] Wang, B., Zheng, Y., Lou, W., &Hou, Y. T. (2015). DDoS attack protection in the era of cloud computing and Software-Defined Networking. Computer Networks, 81, 308-319. doi:10.1016/j.comnet.2015.02.026
[3] Vissers, T., Somasundaram, T. S., Pieters, L.,
Govindarajan, K., &Hellinckx, P. ( 2014).
DDoSdefensesystem for web services in a cloud
environment. Future Generation Computer Systems, 37, 37 -45. doi:10.1016/j.future.2014.03.003
[4] Kalkan, K., &Alagöz, F. (2016). A distributed filtering mechanism against DDoS attacks: ScoreForCore. Computer
Networks, 108, 199-209.
doi:10.1016/j.comnet.2016.08.023
[5] Douligeris, C., &Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: classification and state-of-the -art. Computer Networks, 44(5), 643-666. doi:10.1016/j.comnet.2003.10.003
[6] Lee, K., Kim, J., Kwon, K. H., Han, Y., & Kim, S. (2008). DDoS attack detection method using cluster analysis. Expert Systems with Applications, 34(3), 1659-1665. doi:10.1016/j.eswa.2007.01.040
[7]Haining Wang, Danlu Zhang and Kang G. Shin,
"Detecting SYN flooding attacks," Proceedings.Twenty-First
Annual Joint Conference of the IEEE Computer and Communications Societies, New York, NY, USA, 2002, pp. 1530-1539.
[8] Carlin, A., Hammoudeh, M., &Aldabbas, O. ( 2015). Defence for Distributed Denial of Service Attacks in Cloud Computing. Procedia Computer Science, 73, 490-497. doi:10.1016/j.procs.2015.12.037
[9] Dou, W., Chen, Q., & Chen, J. (2013). A confidence -based filtering method for DDoS attack defense in acloud environment. Future Generation Computer Systems, 29(7), 1838-1850. doi:10.1016/j.future.2012.12.011
[10] Wang, B., Zheng, Y., Lou, W., &Hou, Y. T. (2014). DDoS Attack Protection in the Era of Cloud Computing and
Software-Defined Networking. 2014 IEEE 22nd
International Conference on Network Protocols, 624-629. doi:10.1109/icnp.2014.99
[11] Somani, G., Gaur, M. S., Sanghi, D., Conti, M., &Buyya, R. (2017). DDoS attacks in cloud computing:
Issues, taxonomy, and future directions. Computer
Communications, 107, 30-48.
doi:10.1016/j.comcom.2017.03.010
[12] Cui, Y., Yan, L., Li, S., Xing, H., Pan, W., Zhu, J., & Zheng, X. ( 2016). SD-Anti-DDoS: Fast and efficient DDoSdefense in software-defined networks. Journal of Network and Computer Applications, 68, 65-79. doi:10.1016/j.jnca.2016.04.005
[13] Patil, S., &Chaudhari, S. ( 2016). DoS Attack
Prevention Technique in Wireless Sensor Networks.
Procedia Computer Science, 79, 715-721. doi:10.1016/j.procs.2016.03.094
[14] Upadhyay, R., Bhatt, U. R., &Tripathi, H. (2016). DDOS Attack Aware DSR Routing Protocol in WSN. Procedia Computer Science, 78, 68-74. doi:10.1016/j.procs.2016.02.012
[15] Raj Kumar, P. A., &Selvakumar, S. (2011). Distributed denial of service attack detection using an ensemble of theneural classifier. Computer Communications, 34(11), 1328-1341. doi:10.1016/j.comcom.2011.01.012
[16] S. Gupta, P. Kumar, and A. Abraham. “A Profile Based Network Intrusion Detection and Prevention System for Securing Cloud Environment.” International Journal of Distributed Sensor Networks, Volume- 2013, Article ID -364575, 2012.
[18] B. Khadka, C. Withana, A. Alsadoon, A. Elchouemi. “Distributed Denial of Service attack on Cloud: Detection and Prevention.”
[19] D. Parwani, A. Dutta, P. K. Shukla, and M. Tahiliyani. “Various Techniques of DDoS Attacks Detection and Prevention at Cloud: A Survey.” An International Open Free Access, Peer Reviewed Research Journal, Vol. - 8, Issue No .-2, August 2015.
[20] Sandeep K. Sood. “A combined approach to ensure data security in cloud computing.” Journal of Network and Computer Applications, Volume-35, 2012.
[21] Singh, S., Jeong, Y., & Park, J. H. (2016). A survey on cloud computing security: Issues, threats, and solutions. Journal of Network and Computer Applications, 75, 200 -222. doi:10.1016/j.jnca.2016.09.002
![Figure 1: Cloud-Computing Service Stack [21] This model is based on the “pay as you go](https://thumb-us.123doks.com/thumbv2/123dok_us/9925885.1980094/1.595.43.318.623.801/figure-cloud-computing-service-stack-model-based-pay.webp)
