A Study of Very Short Intermittent DDoS Attacks on the Performance of Web Services in Clouds

Distributed Denial-of-Service (DDoS) attacks for web applications such as e-commerce are increasing in size, scale, and frequency. The emerging elastic cloud computing cannot defend against ever-evolving new types of DDoS attacks, since they exploit various newly discovered network or system vulnerabilities even in the cloud platform, bypassing not only the state-of-the-art defense mechanisms but also the elasticity mechanisms of cloud computing. In this dissertation, we focus on a new type of low-volume DDoS attack, Very Short Intermittent DDoS Attacks, which can hurt the performance of web applications deployed in the cloud via transiently saturating the critical bottleneck resource of the target systems by means of external attack HTTP requests outside the cloud or internal resource contention inside the cloud. We have explored external attacks by modeling the n-tier web applications with queuing network theory and implementing the attacking framework based-on feedback control theory. We have explored internal attacks by investigating and exploiting resource contention and performance interference to locate a target VM (virtual machine) and degrade its performance

Integrating the EGC, EF, and ECS Trio Approaches to Ensure Security and Load Balancing in the Cloud

According to data protection studies, "Distributed Denial-of-Service (DDoS)" threats have cost governments and businesses throughout the globe a large number of financial resources. Despite this, the existing practices fall short of the standards set by "Cloud Computing (CC)" monitoring technology. They ignore the "Intrusion Detection Systems (IDS)" techniques, which take advantage of the CC's multiple tenants and elasticity qualities, and also the hardware limitations. Attackers are finding increasing ways to effectively exploit them because of their rising complexity. DDoS assaults of this scale have never been observed online before 2018. As online services get more popular, so does the amount of DDoS assaults and malevolent hackers leading to terrible. Numerous IDS for DDoS are already in place to address this problem. One of the most challenging aspects of virtualization is establishing a "Trust Model (TM)" between the many "Virtual Machines (VMs)". The lack of a standard formulation for generating a TM would be the primary reason. As a consequence, the integrity of every VM might not have been recognized by an independent trust, which might lead to a decrease in trust value. In this research for TM creation, "Enhanced Graph Based Clustering (EGC)" is proposed, while "Enhanced Fuzzy (EF)" is used for detecting attacks, and the "Enhanced Cuckoo Search (ECS)" method is used to find the ideal "Load Balancing (LB)" distribution. By creating a new TM, the proposed (EGC-EF-ECS) system strengthens trust value. To expand the CC model's stability, it optimizes attacker recognition percentage and makes better use of resources by restricting each VM's processing, bandwidth, and storage requirements. The proposed EGC-EF-ECS outperformed the previously used BPA-SAB, and DCRI-RI approaches in terms of the "Intrusion-Detection-Rate (IDR)", "Load-Balancing-Efficiency (LBE)", and "Data-Accessing-Time (DAT)" evaluation metrics

On the placement of security-related Virtualised Network Functions over data center networks

Middleboxes are typically hardware-accelerated appliances such as firewalls, proxies, WAN optimizers, and NATs that play an important role in service provisioning over today's data centers. Reports show that the number of middleboxes is on par with the number of routers, and consequently represent a significant commitment from an operator's capital and operational expenditure budgets. Over the past few years, software middleboxes known as Virtual Network Functions (VNFs) are replacing the hardware appliances to reduce cost, improve the flexibility of deployment, and allow for extending network functionality in short timescales. This dissertation aims at identifying the unique characteristics of security modules implementation as VNFs in virtualised environments. We focus on the placement of the security VNFs to minimise resource usage without violating the security imposed constraints as a challenge faced by operators today who want to increase the usable capacity of their infrastructures. The work presented here, focuses on the multi-tenant environment where customised security services are provided to tenants. The services are implemented as a software module deployed as a VNF collocated with network switches to reduce overhead. Furthermore, the thesis presents a formalisation for the resource-aware placement of security VNFs and provides a constraint programming solution along with examining heuristic, meta-heuristic and near-optimal/subset-sum solutions to solve larger size problems in reduced time. The results of this work identify the unique and vital constraints of the placement of security functions. They demonstrate that the granularity of the traffic required by the security functions imposes traffic constraints that increase the resource overhead of the deployment. The work identifies the north-south traffic in data centers as the traffic designed for processing for security functions rather than east-west traffic. It asserts that the non-sharing strategy of security modules will reduce the complexity in case of the multi-tenant environment. Furthermore, the work adopts on-path deployment of security VNF traffic strategy, which is shown to reduce resources overhead compared to previous approaches

Managing DDoS attacks on Virtual Machines by Segregated Policy Management

Security is considered as most crucial aspect in cloud computing. It has attracted lots of research in the recent years. On the other hand, attackers are exploring and exploiting the vulnerabilities in cloud. The heart of the Cloud computing lies in Virtualization technology. Attackers are taking the advantage of vulnerabilities in Virtual Machines and they can able to compromise virtual machines thereby launching DDOS attacks. Services such as Saas,IaaS which are meant to support end users may get affected and attackers may launch attacks either directly or by using zombies. Generally, Data Centres own security policies for dealing with security issues. Suppose incase of DDoS attacks, only the policies which deals with it ,can only been applied. However, in datacenters, all the security policies are commonly been applied on the applications irrespective of their category or security threats that it face. The existing approach consumes lots of time and wastage of resources. In this paper, we have developed an approach to segregate the applications as per the type or threats (by adapting detection mechanisms) being faced . Based on the zone in which it is lying , only the relevant security policies will only be applied. This approach is optimized where we can efficiently reduce the latency associated with applying security policies