Extended DDoS Confirmation & Attack Packet Dropping Algorithm in On-Demand Grid Computing Platform

DDoS attacks are thrown through carriage of a large amount of packets to an objective machine, using instantaneous teamwork of numerous hosts which are scattered throughout the Grid computing environment. Nowadays DDoS attacks on the Internet in general and particularly in Grid computing environment has become a visible issue in computer networks and communications. DDoS attacks are cool to provoke but their uncovering is a very problematic and grim task and therefore, an eye-catching weapon for hackers. DDoS torrents do not have familiar characteristics; therefore currently existing IDS cannot identify and discover these attacks perfectly. Correspondingly, there implementation is a puzzling task. In practice, Gossip based DDoS attacks detection apparatus are used to detect such types of attacks in computer networks, by exchanging stream of traffic over line. Gossip based techniques results in network overcrowding and have upstairs of superfluous and additional packets. Keeping the above drawbacks in mind, we have proposed a DDoS detection and prevention mechanism in [1], that has the attractiveness of being easy to adapt and more trustworthy than existing counterparts. We have introduced entropy based detection mechanism for DDoS attack detection. Our proposed solution has no overhead of extra packets, hence resulting in good QoS. Once DDoS is detected, any prevention technique can be used to prevent DDoS in Grid environment. In this paper we are going to extend our idea. A confirmation mechanism is introduced herewith

A secure virtualization model for cloud computing to defend against distributed denial-of service attacks

Cloud computing is based on three principles which are distributed systems, grid computing and utility computing. It provides high performance infrastructure according usage of Virtualization to offer capabilities such as on demand self-service, pay per use, highly scalable, rapid elasticity and huge amount of resource pools through the Internet. Everything in cloud environment is used as a service. The cloud technology transformed the desktop computing into service based computing by getting advantages of using data centers and server cluster technology. Even with all advantages which could bring for both Cloud Providers and Cloud consumers still security is one of the most significant concerns in this environment such as Confidentiality, Integrity, Availability, Authenticity, and privacy. A lack of security in Infrastructure as a Service (IaaS) as a fundamental delivery layer in cloud computing has an effective impact on the others delivery layers which are built on top of this layer. One of the most serious threats against the availability of cloud resources comes from Distributed Denial-of Service (DDoS) attack. This kind of attack is a large scalable and organized attack against availability of services and resources of the victim. This attack is launched by getting usage of sending tremendously large volumes of request to the target through the huge number of distributed compromised systems. The purpose of this study is to propose a new model for preventing disruption of available resources in terms of attack period. Based on previous research there is not a proper model that completely defense against DDoS attack, so the aim of this model is proposed to enhance the availability of cloud resources