A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing

Cloud Computing is a computingmodel that allows ubiquitous, convenient and on-demand access to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services). Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain

IoT Networks: Using Machine Learning Algorithm for Service Denial Detection in Constrained Application Protocol

The paper discusses the potential threat of Denial of Service (DoS) attacks in the Internet of Things (IoT) networks on constrained application protocols (CoAP). As billions of IoT devices are expected to be connected to the internet in the coming years, the security of these devices is vulnerable to attacks, disrupting their functioning. This research aims to tackle this issue by applying mixed methods of qualitative and quantitative for feature selection, extraction, and cluster algorithms to detect DoS attacks in the Constrained Application Protocol (CoAP) using the Machine Learning Algorithm (MLA). The main objective of the research is to enhance the security scheme for CoAP in the IoT environment by analyzing the nature of DoS attacks and identifying a new set of features for detecting them in the IoT network environment. The aim is to demonstrate the effectiveness of the MLA in detecting DoS attacks and compare it with conventional intrusion detection systems for securing the CoAP in the IoT environment. Findings The research identifies the appropriate node to detect DoS attacks in the IoT network environment and demonstrates how to detect the attacks through the MLA. The accuracy detection in both classification and network simulation environments shows that the k-means algorithm scored the highest percentage in the training and testing of the evaluation. The network simulation platform also achieved the highest percentage of 99.93% in overall accuracy. This work reviews conventional intrusion detection systems for securing the CoAP in the IoT environment. The DoS security issues associated with the CoAP are discussed

Ensemble Approach for DDoS Attack Detection in Cloud Computing Using Random Forest and GWO

When multiple technologies are added to a traditional network, it becomes increasingly difficult to meet newly imposed requirements, such as those regarding security. Since the widespread adoption of telecommunication technologies for the past decade, there have been an enhancement in the number of security threats that are more appealing. However, many new security concerns have arisen as a consequence of the introduction of the novel technology. One of the most significant of these is the potential for distributed denial of service attacks. Therefore, a DDoS detection method based on Random Forest Classifier and Grey Wolf Optimization algorithms in this work was developed to mitigate the DDoS threat. The results of the evaluation show that the Random Forest Classifier can achieve substantial performance improvements with respect to 99.96% accuracy. Comparison is also made to several state-of-the-art techniques for detecting of DDoS attacks for the real dataset

Improved Multi-Verse Optimizer Feature Selection Technique With Application To Phishing, Spam, and Denial Of Service Attacks

Intelligent classification systems proved their merits in different fields including cybersecurity. However, most cybercrime issues are characterized of being dynamic and not static classification problems where the set of discriminative features keep changing with time. This indeed requires revising the cybercrime classification system and pick a group of features that preserve or enhance its performance. Not only this but also the system compactness is regarded as an important factor to judge on the capability of any classification system where cybercrime classification systems are not an exception. The current research proposes an improved feature selection algorithm that is inspired from the well-known multi-verse optimizer (MVO) algorithm. Such an algorithm is then applied to 3 different cybercrime classification problems namely phishing websites, spam, and denial of service attacks. MVO is a population-based approach which stimulates a well-known theory in physics namely multi-verse theory. MVO uses the black and white holes principles for exploration, and wormholes principle for exploitation. A roulette selection schema is used for scientifically modeling the principles of white hole and black hole in exploration phase, which bias to the good solutions, in this case the solutions will be moved toward the best solution and probably to lose the diversity, other solutions may contain important information but didn’t get chance to be improved. Thus, this research will improve the exploration of the MVO by introducing the adaptive neighborhood search operations in updating the MVO solutions. The classification phase has been done using a classifier to evaluate the results and to validate the selected features. Empirical outcomes confirmed that the improved MVO (IMVO) algorithm is capable to enhance the search capability of MVO, and outperform other algorithm involved in comparison

Mitigating Denial of Service Attacks with Load Balancing

Denial of service (DoS) attack continues to pose a huge risk to online businesses. The attack has moved from attack at the network level – layer 3 and layer 4 to the layer 7 of the OSI model. This layer 7 attack or application layer attack is not easily detectable by firewalls and most intrusion Detection systems and other security tools but have the capability of bringing down a well-equipped web server. The wide availability and easy accessibility of the attack tools makes this type of security risk very easy to execute, very prolific and difficult to completely mitigate. There have been an increasing number of such attacks against the web server infrastructures of many organisations being recorded. The aim of this research is to look at some layer 7 application DDoS attack tools and test open source tools that offer some form of defense against these attacks. The research deployed open source load balancing software, HAProxy as a first line of defense against Denial of Service attack. The three components of the popular free open source data analysis tool, Elastic stack framework- Logstash, Elasticsearch and Kibana were used to collect logs from the web server, filter and query the logs and then display results in dashboards and graphs to help in the identification of an attack by analysing the visually displayed log data. Rules are also setup to alert the business of anomalies detected based on pre-determined benchmarks

Analysis of DDoS Attack Detection Techniques for Securing Software- Defined Networks

Software-Defined Networks (SDN) is an important technology that enables a new approach to how we develop and manage networks. SDN divides the data plane and control plane and supports the logical centralization of network control. However, the centralized architecture of SDN is also a potential vulnerability for various types of malicious attacks. The paper elaborates on the security aspects of virtualization as a basic concept of SDN architecture. Among the many types of attack, one of the most frequent and destructive are Distributed Denial of Service (DDoS) attacks. This paper presents an analysis of techniques to detect DDoS attacks in SDN networks. It first describes the SDN architecture and then elaborates on different detection techniques for DDoS attacks. Additionally, this paper emphasizes the types, components, and categories of detection solutions according to the techniques or methods used. The important approaches and those that can answer the complexity of detecting DDoS attacks in SDN are the detection schemes based on entropy and machine learning principles. This paper in general focuses on these two detection techniques and summarizes their benefits and drawbacks and finally provides a guideline for future research directions related to DDoS detection techniques in SDN networks.12 International scientific conference “Archibald Reiss Days” - Investigating and Proving Contemporary Forms of Crime: Scientific Approaches, Belgrade, 8-9 November 202

A Survey of Denial-of-Service and Distributed Denial of Service Attacks and Defenses in Cloud Computing

Cloud Computing is a computing model that allows ubiquitous, convenient and on-demand access to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services). Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain