Skip to main content
SpringerLink
Log in

DDoS Attack and Defence in Cloud

  • Chapter
  • First Online:
Distributed Denial of Service Attack and Defense

Part of the book series: SpringerBriefs in Computer Science ((BRIEFSCOMPUTER))

Abstract

In this chapter, we explore DDoS attack and defence in the incoming dominant cloud computing platform. We firstly answer the question whether we can beat DDoS attacks in cloud with its current attack capability or not, and the cost for countering the attacks. We also discuss a possible architecture of cloud firewall against DDoS attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2009-28, Feb 2009.

    Google Scholar 

  2. C. Peng, M. Kim, Z. Zhang, and H. Lei, “Vdn: Virtual machine image distribution network for cloud data centers,” in Proceedings of the INFOCOM, 2012, pp. 181–189.

    Google Scholar 

  3. S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1–11, 2011.

    Article  Google Scholar 

  4. R. Bhadauria, R. Chaki, N. Chaki, and S. Sanyal, “A survey on security issues in cloud computing,” CoRR, vol. abs/1109.5388, 2011.

    Google Scholar 

  5. Z. Duan, X. Yuan, and J. Chandrashekar, “Controlling ip spoofing through interdomain packet filters,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 1, pp. 22–36, 2008.

    Article  Google Scholar 

  6. H. Wang, C. Jin, and K. G. Shin, “Defense against spoofed ip traffic using hop-count filtering,” IEEE/ACM Transactions on Networking, vol. 15, no. 1, pp. 40–53, 2007.

    Article  Google Scholar 

  7. Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, “Packetscore: A statistics-based packet filtering scheme against distributed denial-of-service attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 2, pp. 141–155, 2006.

    Article  Google Scholar 

  8. S. Yu, W. Zhou, W. Jia, S. Guo, Y. Xiang, and F. Tang, “Discriminating ddos attacks from flash crowds using flow correlation coefficient,” IEEE Transactions on Parallel Distributed Systems, vol. 23, no. 6, pp. 794–805, 2012.

    Article  Google Scholar 

  9. S. Yu, S. Guo, and I. Stojmenovic, “Can we beat legitimate cyber behavior mimicking attacks from botnets?” in Proceedings of the INFOCOM, 2012.

    Google Scholar 

  10. D. K. Y. Yau, J. C. S. Lui, F. Liang, and Y. Yam, “Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles,” IEEE/ACM Transactions on Networking, vol. 13, no. 1, pp. 29–42, 2005.

    Article  Google Scholar 

  11. R. Chen, J.-M. Park, and R. Marchany, “A divide-and-conquer strategy for thwarting distributed denial-of-service attacks,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 5, pp. 577–588, 2007.

    Article  Google Scholar 

  12. Y. Chen, K. Hwang, and W.-S. Ku, “Collaborative detection of ddos attacks over multiple network domains,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 12, pp. 1649–1662, 2007.

    Article  Google Scholar 

  13. J. Francois, I. Aib, and R. Boutaba, “Firecol, a collaborative protection network for the detection of flooding ddos attacks,” IEEE/ACM Transactions on Networking, vol. 20, no. 6, pp. 1828–1841, 2012.

    Article  Google Scholar 

  14. M. H. Sqalli, F. Al-Haidari, and K. Salah, “Edos-shield - a two-steps mitigation technique against edos attacks in cloud computing,” in Proceedings of the UCC, 2011, pp. 49–56.

    Google Scholar 

  15. J. Idziorek, M. Tannian, and D. Jacobson, “The insecurity of cloud utility models,” IT Professional, vol. 15, no. 2, pp. 22–27, 2013.

    Article  Google Scholar 

  16. A. El-Atawy, E. Al-Shaer, T. Tran, and R. Boutaba, “Adaptive early packet filtering for protecting firewalls against dos attacks,” in Proceedings of the INFOCOM, 2009.

    Google Scholar 

  17. R. Lua and K. C. Yow, “Mitigating ddos attacks with transparent and intelligent fast-flux swarm network,” IEEE Network, no. July/August, pp. 28–33, 2011.

    Google Scholar 

  18. J. Chen, Y. Wang, and X. Wang, “On-demand security architecture for cloud computing,” Computer, vol. 99, no. PrePrints, 2012.

    Google Scholar 

  19. CloudWatch, http://aws.amazon.com/cloudwatch/.

  20. http://aws.amazon.com/ec2/pricing/.

  21. R. Wartel, T. Cass, B. Moreira, E. Roche, M. Guijarro, S. Goasguen, and U. Schwickerath, “Image distribution mechanisms in large scale cloud providers,” in Proceedings of the CloudCom, 2010, pp. 112–117.

    Google Scholar 

  22. J. Zhu, Z. Jiang, and Z. Xiao, “Twinkle: A fast resource provisioning mechanism for internet services,” in Proceedings of the INFOCOM, 2011, pp. 802–810.

    Google Scholar 

  23. S. Yu, Y. Tian, S. Guo, and D. O. Wu, “Can we beat ddos attacks in clouds,” IEEE Transactions on Parallel Distributed Systems, vol. accepted, 2013.

    Google Scholar 

  24. H. Khazaei, J. V. Misic, and V. B. Misic, “Performance analysis of cloud computing centers using m/g/m/m+r queuing systems,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 5, pp. 936–943, 2012.

    Article  Google Scholar 

  25. J. F. C. Kingman, “The first erlang century - and the next,” Queueing Systems, vol. 63, no. 1–4, pp. 3–12, 2009.

    Article  MathSciNet  MATH  Google Scholar 

  26. L. Kleinrock, Queueing Systems. Wiley Interscience, 1975, vol. I: Theory.

    Google Scholar 

  27. D. Rovniagin and A. Wool, “The geometric efficient matching algorithm for firewalls,” IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 1, pp. 147–159, 2011.

    Article  Google Scholar 

  28. H. Hu, G.-J. Ahn, and K. Kulkarni, “Detecting and resolving firewall policy anomalies,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 3, pp. 318–331, 2012.

    Article  Google Scholar 

  29. K. Salah, K. Elbadawi, and R. Boutaba, “Performance modeling and analysis of network firewalls,” IEEE Transactions on Network and Service Management, vol. 9, no. 1, pp. 12–21, 2012.

    Article  Google Scholar 

  30. S. Yu, W. Zhou, R. Doss, and S. Guo, “A general cloud firewall framework with dynamic resource allocation,” in Proceedings of the IEEE ICC, 2013.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Information Theory, Deakin University, Melbourne, VIC, Australia

    Shui Yu

Authors
  1. Shui Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 The Author(s)

About this chapter

Cite this chapter

Yu, S. (2014). DDoS Attack and Defence in Cloud. In: Distributed Denial of Service Attack and Defense. SpringerBriefs in Computer Science. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9491-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-9491-1_5

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-9490-4

  • Online ISBN: 978-1-4614-9491-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation