Skip to main content
SpringerLink
Log in

Service resizing for quick DDoS mitigation in cloud computing environment

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

Current trends in distributed denial of service (DDoS) attacks show variations in terms of attack motivation, planning, infrastructure, and scale. “DDoS-for-Hire” and “DDoS mitigation as a Service” are the two services, which are available to attackers and victims, respectively. In this work, we provide a fundamental difference between a “regular” DDoS attack and an “extreme” DDoS attack. We conduct DDoS attacks on cloud services, where having the same attack features, two different services show completely different consequences, due to the difference in the resource utilization per request. We study various aspects of these attacks and find out that the DDoS mitigation service’s performance is dependent on two factors. One factor is related to the severity of the “resource-race” with the victim web-service. Second factor is “attack cooling down period” which is the time taken to bring the service availability post detection of the attack. Utilizing these two important factors, we propose a supporting framework for the DDoS mitigation services, by assisting in reducing the attack mitigation time and the overall downtime. This novel framework comprises of an affinity-based victim-service resizing algorithm to provide performance isolation, and a TCP tuning technique to quickly free the attack connections, hence minimizing the attack cooling down period. We evaluate the proposed novel techniques with real attack instances and compare various attack metrics. Results show a significant improvement to the performance of DDoS mitigation service, providing quick attack mitigation. The presence of proposed DDoS mitigation support framework demonstrated a major reduction of more than 50% in the service downtime.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Abbas H, Latif R, Latif S, Masood A (2016) Performance evaluation of Enhanced Very Fast Decision Tree (EVFDT) mechanism for distributed denial-of-service attack detection in health care systems. Annales des Telecommunications pp 1–11

  2. Andreasson O (2016) Ipsysctl tutorial 1.0.4. https://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/tcpvariables.html

  3. Arbor Networks: Understanding the nature of DDoS attacks…. http://www.arbornetworks.com/asert/2012/09/understanding-the-nature-of-ddos-attacks/(2014)

  4. AWS Discussion Forum: https://forums.aws.amazon.com.https://forums.aws.amazon.com (2006)

  5. Cohen R (2009) Cloud Attack: Economic Denial of Sustainability (EDoS). http://www.elasticvapor.com/2009/01/cloud-attack-economic-denial-of.html

  6. Douligeris C, Mitrokotsa A (2004) DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput Netw 44(5):643–666

    Article  Google Scholar 

  7. Ficco M, Rak M (2015) Stealthy denial of service strategy in cloud computing. IEEE Trans Cloud Comput 3(1):80–94

    Article  Google Scholar 

  8. HTTP Archive: http://archive.org/compare.php (2016)

  9. Huang V, Huang R, Chiang M (2013) A DDoS Mitigation System with Multi-stage Detection and Text-Based Turing Testing in Cloud Computing. In: 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA). IEEE, pp 655–662

  10. Idziorek J, Tannian MF, Jacobson D (2013) The insecurity of cloud utility models. IT Prof 15(2):22–27

    Article  Google Scholar 

  11. Idziorek et al (2011) Exploiting cloud utility models for profit and ruin. In: Proceedings IEEE International Conference on Cloud Computing (4th IEEE CLOUD’11). IEEE Computer Society, DC, USA, pp 33–40

  12. Ismail MN, Aborujilah A, Musa S, Shahzad A (2013) Detecting flooding based dos attack in cloud computing environment using covariance matrix approach. In: Proceedings of the 7th International Conference Ubiquitous Information Management and Communication. ACM, p 36

  13. González J (2016) DDoS Deflate. https://github.com/jgmdev/ddos-deflate

  14. Jia Q, Wang H, Fleck D, Li F, Stavrou A, Powell W (2014) Catch me if you can: a cloud-enabled DDoS defense. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, pp 264– 275

  15. Kerrisk M (2016) SCHED_SETAFFINITY. http://man7.org/linux/man-pages/man2/sched_setaffinity.2.html

  16. Khor SH, Nakao A (2009) spow: On-demand cloud-based EDDoS mitigation mechanism. In: HotDep (Fifth Workshop on Hot Topics in System Dependability)

  17. Weins K (2015) Cloud Computing Trends: 2015 State of the Cloud Survey. http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2015-state-cloud-survey

  18. Koduru A, Neelakantam T, Bhanu S, Mary S (2013) Detection of Economic Denial of Sustainability Using Time Spent on a Web Page in Cloud. In: IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), pp 1–4

  19. Latanicki J, Massonet P, Naqvi S, Rochwerger B, Villari M (2010) Scalable cloud defenses for detection, analysis and mitigation of DDoS attacks. In: Future Internet Assembly, pp 127– 137

  20. Lopez MA, Ferrazani Mattos DM, Duarte OCMB (2016) An elastic intrusion detection system for software networks. Ann Telecommun:1–11

  21. Love RM (2016) Taskset Command. http://www.linuxcommand.org/man_pages/taskset1.html

  22. Mirkovic J, Reiher P (2004) A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput Commun Rev 34(2):39–53. doi:10.1145/997150.997156

    Article  Google Scholar 

  23. Mirkovic J, Robinson M, Reiher P (2003) Alliance formation for DDoS defense. In: Proceedings of the 2003 workshop on New security paradigms. ACM, pp 11–18

  24. Mohammad RM, Mauro C, Ville L (2015) EyeCloud: A BotCloud detection system. In: Proceedings of the 5th IEEE International Symposium on Trust and Security in Cloud Computing (IEEE TSCloud. IEEE, Helsinki, Finland, p 2015

  25. Moore D, Shannon C, Brown DJ, Voelker GM, Savage S (2006) Inferring internet denial-of-service activity. ACM Trans Comput Syst (TOCS) 24(2):115–139

    Article  Google Scholar 

  26. Netfilter/iptables project home page: www.netfilter.org. (2016)

  27. Networks A (2015) Worldwide infrastructure security report volume XI

  28. Osanaiye O et al (2015) IP spoofing detection for preventing DDoS attack in Cloud Computing. In: 18th International Conference on Intelligence in Next Generation Networks (ICIN). IEEE, pp 139–141

  29. Palmieri F, Ricciardi S, Fiore U (2011) Evaluating NetworkBased DoS attacks under the energy consumption perspective: new security issues in the coming green ICT area. In: BWCCA, International Conference on, pp 374–379

  30. Peng T, Leckie C, Ramamohanarao K (2007) Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv 39(1)

  31. Prolexic: http://www.prolexic.com/ (2014)

  32. Sahay R, Blanc G, Zhang Z, Debar H (2015) Towards autonomic DDoS mitigation using software defined networking. SENT 15

  33. Santanna JJ, Van Rijswijk-Deij R, Hofstede R, Sperotto A, Wierbosch M, Granville LZ, Pras A (2015) Booters—An analysis of DDoS-as-a-service attacks. In: IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, pp 243–251

  34. Sarra A, Rose G (2015) DDoS attacks in service clouds. In: 48th Hawaii International Conference on System Sciences. IEEE Computer Society

  35. Shameli-Sendi A, Pourzandi M, Fekih-Ahmed M, Cheriet M (2015) Taxonomy of distributed denial of service mitigation approaches for cloud computing. Journal of Network and Computer Applications pp –

  36. Shea R, Liu J (2012) Understanding the impact of denial of service attacks on virtual machines. In: Proceedings 20th International Workshop on Quality of Service, vol 27. IEEE Press

  37. Sides M, Bremler-Barr A, Rosensweig E (2015) Yo-yo attack: vulnerability in auto-scaling mechanism. SIGCOMM Comput Commun Rev 45(4):103–104. http://doi.acm.org/10.1145/2829988.2790017

    Article  Google Scholar 

  38. Somani G, Gaur MS, Sanghi D (2015) DDoS protection and security assurance in cloud. In: Guide to Security Assurance for Cloud Computing, Computer and Communications and Networks. Springer

  39. Somani G, Gaur MS, Sanghi D (2015) DDoS/EDoS attack in cloud: affecting everyone out there!. ACM, NY, USA

  40. Somani G, Gaur MS, Sanghi D, Conti M (2016) DDoS attacks in Cloud Computing: Collateral Damage to Non-targets Computer Networks

  41. Somani G, Gaur MS, Sanghi D, Conti M, Buyya R (2015) DDoS Attacks in Cloud Computing: Issues, Taxonomy, and Future Directions. arXiv:1512.08187

  42. Somani G, Johri A, Taneja M, Pyne U, Gaur MS, Sanghi D (2015) DARAC: DDoS mitigation using DDoS aware resource allocation in cloud. In: 11th International Conference, ICISS. Proceedings, Kolkata, India, pp 16–20

  43. SPAMfigpthter News: Survey - With DDoS Attacks Companies Lose around 100k/Hr. http://www.spamfighter.com/News-19554-Survey-With-DDoS-Attacks-Companies-Lose-around-100kHr.htm (2015)

  44. Tara Seals: Q1 2015 DDoS Attacks Spike, Targeting Cloud. http://www.infosecurity-magazine.com/news/q1-2015-ddos-attacks-spike/ (2015)

  45. Wang H, Jia Q, Fleck D, Powell W, Li F, Stavrou A (2014) A moving target DDoS defense mechanism. Comput Commun 46:10–21

    Article  Google Scholar 

  46. Wang X, Chen M, Xing C (2015) SDSNM: A software-defined security networking mechanism to defend against DDoS attacks. In: Ninth International Conference on Frontier of Computer Science and Technology (FCST). IEEE, pp 115–121

  47. Xu Z, Wang H, Xu Z, Wang X (2014) Power attack: an increasing threat to data centers. In: Proceedings of NDSS, vol 14

  48. Yan Q, Yu R, Gong Q, Li J (2015) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor PP(99):1–1

    Google Scholar 

  49. Yossi G, Amir H, Michael S, Michael G (2015) CDN-on-demand: an affordable DDoS defense via untrusted clouds. In: NDSS 2016

  50. Yu S, Doss R, Zhou W, Guo S (2013) A general cloud firewall framework with dynamic resource allocation. In: ICC. IEEE, pp 1941–1945

  51. Yu S, Tian Y, Guo S, Wu DO (2014) Can we beat ddos attacks in clouds?. IEEE Trans Parallel Distrib Syst 25(9):2245– 2254

    Article  Google Scholar 

  52. Zhang Jian et al (2015) A robust and efficient detection model of DDoS attack for cloud services. In: Algorithms and Architectures for Parallel Processing. Springer International Publishing, pp 611–624

  53. Zhao S, Chen K, Zheng W (2009) Defend against denial of service attack with VMM. In: GCC’09. Eighth International Conference on Grid and Cooperative Computing. IEEE, pp 91– 96

Download references

Acknowledgments

This work is supported by a Teacher Fellowship under Faculty Development Program funded by University Grants Commission, Government of India, under XII Plan (2012–2017). Experimental setup for this work is supported by SAFAL (Security Analysis Framework for Android Platform) project funded by Department of Electronics and Information Technology, Government of India. Mauro Conti is supported by a Marie Curie Fellowship funded by the European Commission (agreement PCIG11-GA-2012-321980). This work is also partially supported by the EU TagItSmart! Project (agreement H2020-ICT30-2015-688061), the EU-India REACH Project (ICI+/2014/342-896), the Italian MIUR-PRIN TENACE Project (agreement 20103P34XC), and by the projects “Tackling Mobile Malware with Innovative Machine Learning Techniques,” “Physical-Layer Security for Wireless Communication,” and “Content Centric Networking: Security and Privacy Issues” funded by the University of Padua. Rajkumar Buyya is supported by a Future Fellowship funded by the Australian Research Council.

Author information

Authors and Affiliations

  1. Central University of Rajasthan, Rajasthan, India

    Gaurav Somani

  2. Malaviya National Institute of Technology, Rajasthan, India

    Gaurav Somani & Manoj Singh Gaur

  3. Indian Institute of Technology, Kanpur, India

    Dheeraj Sanghi

  4. University of Padua, Padua, Italy

    Mauro Conti

  5. The University of Melbourne, Parkville, Australia

    Rajkumar Buyya

Authors
  1. Gaurav Somani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manoj Singh Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dheeraj Sanghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mauro Conti
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rajkumar Buyya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaurav Somani.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Somani, G., Gaur, M.S., Sanghi, D. et al. Service resizing for quick DDoS mitigation in cloud computing environment. Ann. Telecommun. 72, 237–252 (2017). https://doi.org/10.1007/s12243-016-0552-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-016-0552-5

Keywords

Search

Navigation