Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment

Neural Computing and Applications

Volumn 28, Issue 12, 2017, Pages 3655-3682

  Gupta, B B ^a   Badve, Omkar P ^a  

^a NATIONAL INSTITUTE OF TECHNOLOGY   (India)

Author keywords

Artificial neural network; Cloud computing; DDoS attacks; DoS; GARCH model; Nonlinear time series model

Indexed keywords

ACCESS CONTROL; CLOUD COMPUTING; COMPUTER CRIME; DISTRIBUTED COMPUTER SYSTEMS; DOS; NETWORK SECURITY; NEURAL NETWORKS; TRANSMISSION CONTROL PROTOCOL;

CLOUD COMPUTING ENVIRONMENTS; CLOUD ENVIRONMENTS; DDOS ATTACK; DEFENSIVE MECHANISM; DISTRIBUTED DENIAL OF SERVICE ATTACK; GARCH MODELS; ISSUES AND CHALLENGES; NON-LINEAR TIME-SERIES MODELS;

DENIAL-OF-SERVICE ATTACK;

EID: 84963679961     PISSN: 09410643     EISSN: None     Source Type: Journal    
DOI: 10.1007/s00521-016-2317-5     Document Type: Review

References (92)

1. Mathew Prince (2013) The DDoS That Knoked Spamhaus Offline (And How We Mitigated It). CloudFlare Blog [Online] Available from: http://blog.Cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho/. Accessed on Sept 2014
2. Bhuyan MH et al (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surveys Tutor 16(1):303–336
3. Qi Chen, et al. (2011) CBF: a packet filtering method for DDoS attack defence in cloud environment. In: Ninth international conference on dependable, autonomic and secure computing, p. 427–434
4. Chonka Ashley, Singh Jaipal, Zhou Wanlei (2009) Chaos theory based detection against network mimicking DDoS attacks. Commun Lett IEEE 13(9):717–719
5. Chen Yonghong, Ma Xinlei, Xinya Wu (2013) DDoS detection algorithm based on preprocessing network traffic predicted method and chaos theory. Commun Lett IEEE 17(5):1052–1054
6. Tsallis C (1988) Possible generalization of Boltzmann-Gibbs statistics. J Stat Phys 52(1–2):479–487
7. Ma Xinlei, Chen Yonghong (2014) DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun Lett 18(1):114–117
8. Wu Xinya, Chen Yonghong (2013) Validation of chaos hypothesis in NADA and improved DDoS detection algorithm. Commun Lett IEEE 17(12):2396–2399
9. Kim Y, Lau WC, Chuah MC, Chao HJ (2006) PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans Dependable Secur Comput 3(2):141–155
10. Chonka A et al (2008) Detecting and tracing DDoS attacks by intelligent decision prototype. Pervasive computing and communications, 2008, Sixth annual IEEE international conference on
11. Savage S, Wetherall D, Karlin A, Anderson T (2001) Practical network support for IP traceback. SIGCOMM’00, Stockholm, Sweden, 2000
12. Belenky A, Ansari N (2003) Tracing multiple attackers with deterministic packet marking (DPM). In: Proceedings of IEEE Pacific rim conference on communications, computers and signal processing, 2003, PACRIM, vol. 1, p. 49–52
13. Chonka A, Wanlei Z, Yang X (2008) Protecting web services with service oriented traceback architecture. Computer and information technology, 2008, CIT 2008, 8th IEEE international conference on, 2008
14. Chonka et al (2010) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34(4):1097–1107 (Elsevier)
15. Ko R, Lee SSG (2013) Cloud computing vulnerability incidents: a statistical overview [Online] Available from: https://downloads.Cloudsecurityalliance.org/initiatives/cvwg/CSA_Whitepaper_Cloud_Computing_Vulnerability_Incidents.zip. Accessed on Sept 2014
16. Arbor Networks, Inc (2014) Worldwide infrastructure security report volume IX [Online]. Available from: http://pages.arbornetworks.com/rs/arbor/images/WISR2014.pdf [Accessed on Sept. 2014]
17. Incapsula Inc. (2014) 2013–2014 DoS threat landscape report [Online]. Available from: http://www.incapsula.com/blog/ddos-threat-landscape-report-2014.html. Accessed on Sept 2014
18. Mell P, Grance T (2011) The NIST definition of cloud computing (Draft), special publication 800-145 (Draft). National Institute of Standards and Technology, Gaithersburg
19. Google App Engine, Google Inc., http://Cloud.google.com/appengine. Accessed on Sept 2014
20. Azure: Microsoft’s Cloud Platform, Microsoft Corporation, http://azure.microsoft.com/en-us/. Accessed on Sept 2014
21. Amazon Elastic Compute Cloud (Amazon EC2), Amazon, http://aws.amazon.com/ec2/, Amazon. Accessed on Sept 2014
22. IBM Cloud Computing, IBM, http://www.ibm.com/Cloud-computing/in/en/. Accessed on Sept 2014
23. Amazon VPC, Amazon, http://aws.amazon.com/vpc/. Accessed on Sept 2014
24. Subashini Subashini, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11
25. Gartner: Seven Cloud Computing Security Risks, Networkworld, http://www.networkworld.com/article/2281535/data-center/gartner–seven-Cloud-computing-security-risks.html. Accessed on Sept 2014
26. Fernandes DAB et al (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13(2):113–170
27. Behl A (2011) Emerging security challenges in cloud computing: an insight to cloud security challenges and their mitigation. In: Information and communication technologies (WICT), 2011 world congress on, p. 217–222, 2011
28. Sharma Juhi et al (2012) Cloud security challenges. Int J Comput Sci Inf Technol (IJCSIT) 3(3):4514–4515
29. Salah K, Calero JA (2013) Using Cloud computing to implement a security overlay network. IEEE Secur Privacy 11(1):44–53
30. Sabahi F (2011) Cloud computing security threats and responses. In: Communication software and networks (ICCSN), 2011 IEEE 3rd international conference on. IEEE, 2011
31. Liu, H (2010) A new form of DOS attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM workshop on cloud computing security workshop, ACM, 2010
32. Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack-detection techniques. IEEE Trans Intern Comput 10(1):82–89
33. Hackers break into server for Obamacare website: U.S. officials, Reuters, 2014 http://www.reuters.com/article/2014/09/04/us-usa-healthcare-cybersecurity-idUSKBN0GZ2RF20140904. Accessed on Sept 2014
34. CERT Advisory, CA-1996-01, Carnegie Mellon University, 2014, http://www.cert.org/historical/advisories/CA-1996-01.cfm. Accessed on Sept 2014
35. DDoS Attack Types and Mitigation Methods, IncapsulaInc, 2014, http://www.incapsula.com/ddos/ddos-attacks/. Accessed on Sept 2014
36. DoS Attacks and Free DoS Attacking Tools, Infosec Institute, 2014, http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/. Accessed on Sept 2014
37. CERT Advisory CA-1997-28, Carnegie Mellon University, 2014, http://www.cert.org/historical/advisories/ca-1997-28.cfm. Accessed on Sept 2014
38. CERT Advisory CA-1996-21, Carnegie Mellon University, 2014 http://www.cert.org/historical/advisories/ca-1996-21.cfm. Accessed on Sept 2014
39. The NSL-KDD Dataset, http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html. Accessed 18 Mar 2016
40. Bujlow T, Carela-Español V, Barlet-Ros P (2014) Extended independent comparison of popular deep packet inspection (DPI) Tools for Traffic Classification, [Online]. Available from: http://vbn.aau.dk/files/179043085/TBU_Extended_dpi_report.pdf
41. Pepitone J (2014) Hackers mount denial-of-service attack with computer clock tool, NBC News, [Online] Available From: http://www.nbcnews.com/tech/security/hackers-mount-denial-service-attack-computer-clock-tool-n27646. Accessed on Sept 2014
42. Dittrich D (1999) The DoS project’s “trinoo” distributed denial of service attack tool, http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt. Accessed on Sept 2014
43. Houle K, Dougherty C (2000) Mstream, Incident Notes, IN-2000-05, Carnegie Mellon University http://www.cert.org/historical/incident_notes/IN-2000-05.cfm. Accessed on Sept. 2014
44. LOIC, Sourceforge.net, 2014, http://sourceforge.net/projects/loic/. Accessed on Sept 2014
45. XOIC, Sourceforge.net, 2014, http://sourceforge.net/projects/xoic/. Accessed on Sept 2014
46. Zargar ST, Joshi J, Tipper D (2013) A survey of defence mechanisms against distributed denial of service (DDoS) flooding attacks. Commun Surveys Tutor IEEE 15(4):2046–2069
47. Ferguson P, Senie D (2000) Network ingress filtering: defeating denial of service attacks that employ IP source address spoofing, Internet RFC 2827, 2000
48. Mirkovic J, Prier G, Reiher P (2002) Attacking DDoS at the source. In: Proceedings of the 10th IEEE international conference on network protocols (ICNP’02), Washington DC, USA, 2002
49. Gil TM, Poletto M (2001) MULTOPS: a data-structure for bandwidth attack detection. In: USENIX security symposium, 2001
50. Abdelsayed S, Glimsholt D, Leckie C, Ryan S, Shami S (2003) An efficient filter for denial-of-service bandwidth attacks. In: Proceedings of the 46th IEEE global telecommunications conference (GLOBECOM03), p. 1353–1357, 2003
51. Mananet, Reverse Firewall, [online] Available from: http://www.cs3–inc.com/pubs/ReverseFireWall.pdf. Accessed on Sept 2014
52. John A, Sivakumar T (2009) DDoS: survey of traceback methods. In: International journal of recent trends in engineering ACEEE (association of computer electronics and electrical engineers), vol. 1, no. 2, May 2009
53. Cabrera JD et al (2001) Proactive detection of distributed denial of service attacks using MIB traffic variables a feasibility study. In: Integrated network management proceedings, p. 609–622, 2001
54. Abliz M (2011) Internet denial of service attacks and defence mechanisms. University of Pittsburgh, Department of Computer Science, Technical Report, TR-11-178, March 2011
55. Kim Y, Lau WC, Chuah MC, Chao HJ (2006) “PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans Depend Secure Comput 3(2):141–155
56. Chan EYK et al (2006) Intrusion detection routers: design, implementation and evaluation using an experimental testbed. IEEE J Sel Areas Commun 24(10):1889–1900
57. Mirkovic J, Reiher P, Robinson M (2003) Forming alliance for DDoS defence. In: Proceeding of new security paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, 2003
58. Sung Minho, Jun Xu (2013) IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. Parallel Distrib Syst IEEE Trans 14(9):861–872
59. KDD CUP 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed on Sept 2014
60. DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html. Accessed on Sept 2014
61. Cloud Intrusion Detection Dataset, http://www.di.unipi.it/~hkholidy/projects/cidd/index.html. Accessed on Dec 2014
62. DEFCON, The Shmoo group http://cctf.shmoo.com/. Accessed on Sept 2014
63. CAIDA Data, Center for applied internet and data analysis, http://www.caida.org/data/. Accessed on Sept 2014
64. LBNL/ICSI Enterprise tracing project, http://www.icir.org/enterprise-tracing/. Accessed on Sept 2014
65. UNIBS: Data Sharing http://www.ing.unibs.it/ntw/tools/traces/. Accessed on Sept 2014
66. ISCX-UNB, Datasets- Information Security Center for eXcellence, http://www.iscx.ca/datasets. Accessed on Sept 2014
67. Manpage of TCPDUMP, http://www.tcpdump.org/tcpdump_man.html. Accessed on Sept 2014
68. Wireshark- Go Deep, https://www.wireshark.org/. Accessed on Sept 2014
69. Firewall Log and Rule Analysis, Security audit, change management—firewall analyzer, ManageEngine 2014, http://www.manageengine.com/products/firewall/. Accessed on Sept 2014
70. SNMP Network Monitoring Tool, SpiceWorks, 2014, http://www.spiceworks.com/it-articles/snmp-network-monitoring/. Accessed on Sept 2014
71. Bandwidth Reporting:: NetFlowAnalyzer, ManageEngine 2014, http://www.manageengine.com/products/netflow/. Accessed on Sept 2014
72. Network Monitoring Software, Network Performance Management, Paessler AG, http://www.paessler.com/. Accessed on Sept 2014
73. Network Monitoring Software, SolarWinds, 2014, http://www.solarwinds.com/network-performance-monitor.aspx. Accessed on Sept 2014
74. Network Performance Management Software, ManageEngine, 2014, http://www.manageengine.com/network-performance-management.html. Accessed on Sept 2014
75. Weber RH, Weber R (2010) Internet of things legal perspectives. Springer, Berlin Heidelberg
76. Krutz RL, Vines RD (2010) Cloud security: a comprehensive guide to secure cloud computing. Wiley Publishing, Hoboken
77. Chen D, Zhao H (2012) Data security and privacy protection issues in cloud computing. In: Computer science and electronics engineering (ICCSEE), 2012 international conference on, IEEE, Hangzhou, vol. 1, p. 647–651, 2012
78. Hwang K, Dongarra J, Fox GC (2013) Distributed and cloud computing: from parallel processing to the internet of things, Morgan Kaufmann, 2013
79. Hwang K, Kulkareni S, Hu Y (2009) Cloud security with virtualized defense and reputation-based trust management. In: Dependable, autonomic and secure computing, 2009. DASC ‘09. Eighth IEEE international conference on, Chengdu, p. 717–722
80. Marchette DJ (2013) Computer intrusion detection and network monitoring: a statistical viewpoint. Springer Science & Business Media, Berlin
81. Enrico C et al (2013) Slow DoS attacks: definition and categorisation. Int J Trust Manage Comput Commun 1:300–319
82. Singh J, Grewal V (2015) A survey of different strategies to pacify ARP poisoning attacks in wireless networks. Int J Comput Appl 11:25–28
83. Lau F, Rubin SH, Smith MH, Trajkovic L (2000) Distributed denial of service attacks. In: Systems, man, and cybernetics, 2000 IEEE international conference on, Nashville, TN, p. 2275–2280 vol. 3, 2000
84. Gupta BB, Joshi RC, Misra M (2010) Distributed denial of service prevention techniques. Int J Comput Electr Eng 2(2):1793–8163
85. Badve OP, Gupta BB et al (2015) DDoS detection and filtering technique in cloud environment using GARCH model. In: The proceedings of IEEE GCCE-2015, p. 584–586, Osaka, Japan, 2015
86. Chhabra Meghna, Gupta BB (2014) An efficient scheme to prevent DDoS flooding attacks in mobile ad-hoc network (MANET). Res J Appl Sci Eng Technol 7(10):2033–2039
87. Alomari E, Manickam S, Gupta BB, Singh P, Anbar M (2014) Design, deployment and use of HTTP-based Botnet (HBB) Testbed. In proceedings of 16th IEEE international conference on advanced communication technology (ICACT), pp. 1265–1269, South Korea, 2014
88. Negi P, Mishra A, Gupta BB (2013) Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv, p. 1304.7073, 2013
89. Chhabra M, Gupta BB, Almomani A (2013) A novel solution to handle DDOS attack in MANET. J Inf Secur. 4(3):165–179
90. Agrawal PK, Gupta BB, Jain S (2011) SVM based scheme for predicting number of zombies in a DDoS attack. 2011 European intelligence and security informatics conference (EISIC), p. 178–182, Greece, 2011
91. Missbach M, Staerk T, Gardiner C, McCloud J, Madl R, Tempes M, Anderson G (2016) Securing SAP on the Cloud. In SAP on the Cloud, Springer, Berlin Heidelberg, pp. 75–120
92. Ficco M, Massimiliano R (2016) Economic denial of sustainability mitigation in cloud computing. In: Organizational innovation and change, Springer, Berlin p. 229–238