Skip to main content
SpringerLink
Log in

DARAC: DDoS Mitigation Using DDoS Aware Resource Allocation in Cloud

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9478))

Included in the following conference series:

Abstract

Internet-based computing has lead to an emergence of a large number of threats. One of the major threat is DDoS (Distributed Denial of Service) attack. Recent incidents have shown that DDoS attacks have the capability of shutting a business not for a day but weeks. DDoS attacks have a greater impact on multi-tenant clouds than traditional infrastructure. DDoS attacks in the cloud, take the shape of EDoS (Economic denial of sustainability) attacks. In EDoS, instead of “Service Denial”, economic harms occur due to fake resource usage and subsequent addition or buying of resources using on-demand provisioning. To detect and mitigate DDoS attacks in the cloud, we argue that on-demand resource allocation (known as auto-scaling) should also be looked, in addition to network or application layer mitigation. We have proposed a novel mitigation strategy, DARAC, which makes auto-scaling decisions by accurately differentiating between legitimate requests and attacker traffic. Attacker traffic is detected and dropped based on human behavior analysis based detection. We also argue that most of the solutions in the literature, do not pay much attention to the service quality to legitimate requests during an attack. We calculate the share of legitimate clients in resource addition/buying and make subsequent accurate auto-scaling decisions. Experimental results show that DARAC mitigates various DDoS attack sets and take accurate and quick auto-scaling decisions for various legitimate and attacker traffic combinations saving from EDoS. We also show how proposed mechanism could make “arms-race” very difficult for the attackers as the resource need to defeat DARAC mechanism on a very small capacity server is huge. Results also show significant improvements in the average response time of the web-service under attack, in addition to infrastructure cost savings up to 50 % in heavy attack cases.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chen, Q., Lin, W., Dou, W., Yu, S.: Cbf: a packet filtering method for ddos attack defense in cloud environment. In: IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing (DASC), pp. 427–434. IEEE (2011)

    Google Scholar 

  2. Clemente, L.: Auto scaling on aws: an overview (2013). http://www.luigiclemente.com/scalable-websites-on-aws-an-overview/

  3. Amazon CloudWatch (2014). https://aws.amazon.com/cloudwatch/

  4. Dean, D., Stubblefield, A.: Using client puzzles to protect tls. In: USENIX Security Symposium, vol. 42 (2001)

    Google Scholar 

  5. Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for ddos attack defense in cloud environment. Future Gener. Comput. Syst. 29(7), 1838–1850 (2013)

    Article  Google Scholar 

  6. Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)

    Article  Google Scholar 

  7. Du, P., Nakao, A.: Ddos defense as a network service. In: Network Operations and Management Symposium (NOMS), pp. 894–897. IEEE (2010)

    Google Scholar 

  8. Ismail, M.N., et al.: Detecting flooding based doS attack in cloud computing environment using covariance matrix approach. In: ICUIMC, p. 36. ACM (2013)

    Google Scholar 

  9. Huang, V.S., Huang, R., Chiang, M.: A ddos mitigation system with multi-stage detection and text-based turing testing in cloud computing. In: 2013 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 655–662. IEEE (2013)

    Google Scholar 

  10. Idziorek, J., Tannian, M., Jacobson, D.: Detecting fraudulent use of cloud resources. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security, pp. 61–72. ACM (2011)

    Google Scholar 

  11. Idziorek, J., Tannian, M., Jacobson, D.: Attribution of fraudulent resource consumption in the cloud. In: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD), pp. 99–106. IEEE (2012)

    Google Scholar 

  12. Jeyanthi, N., Iyengar, N.C.S.N., Mogan Kumar, P.C., Kannammal, A.: An enhanced entropy approach to detect and prevent ddos in cloud environment. Int. J. Commun. Netw. Inf. Secur. (IJCNIS) 5(2), 110–119 (2013)

    Google Scholar 

  13. Jia, Q., Wang, H., Fleck, D., Li, F., Stavrou, A., Powell, W.: Catch me if you can: a cloud-enabled ddos defense. In: 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 264–275. IEEE (2014)

    Google Scholar 

  14. Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds (awarded best student paper). In: NSDI, USENIX (2005)

    Google Scholar 

  15. Khor, S.H., Nakao, A.: spow: On-demand cloud-based eddos mitigation mechanism. In: HotDep (2009)

    Google Scholar 

  16. Khor, S.H., Nakao, A.: Daas: Ddos mitigation-as-a-service. In: 11th International Symposium on Applications and the Internet (SAINT), pp. 160–171. IEEE (2011)

    Google Scholar 

  17. Kim, S.H., Kim, J.H.: Method for detecting and preventing a ddos attack using cloud computing, and server, 12 July 2010. US Patent App. 13/386,516

    Google Scholar 

  18. Koduru, A., Neelakantam, T., Saira Bhanu, S.M.: Detection of economic denial of sustainability using time spent on a web page in cloud. In: 2013 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), pp. 1–4, October 2013

    Google Scholar 

  19. Kaspersky Labs. Global it security risks survey 2014 distributed denial of service (ddos) attacks (2014). http://media.kaspersky.com/en/B2B-International-2014-Survey-DDoS-Summary-Report.pdf

  20. Latanicki, J., Massonet, P., Naqvi, S., Rochwerger, B., Villari, M.: Scalable cloud defenses for detection, analysis and mitigation of ddos attacks, In: Future Internet, Assembly, pp. 127–137 (2010)

    Google Scholar 

  21. Mao, M., Li, J., Humphrey, M.: Cloud auto-scaling with deadline and budget constraints. In: 2010 11th IEEE/ACM International Conference on Grid Computing (GRID), pp. 41–48. IEEE (2010)

    Google Scholar 

  22. Marck, S.J., Lyon, J.A., Smith, R.C.: System and method for mitigating application layer distributed denial of service attacks using human behavior analysis, 31 October 2013. US Patent App. 13/458,129

    Google Scholar 

  23. Masood, M., Anwar, Z., Raza, S.A., Hur, M.A.: Edos armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In: 2013 16th International Multi Topic Conference (INMIC), pp. 37–42, December 2013

    Google Scholar 

  24. Mirkovic, J., Reiher, P.: A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  25. Mirkovic, J., Robinson, M., Reiher, P.: Alliance formation for ddos defense. In: Proceedings of the 2003 Workshop on New Security Paradigms, pp. 11–18. ACM (2003)

    Google Scholar 

  26. Mohan, S., Alam, F.M., Fowler, J.W., Gopalakrishnan, M., Printezis, A.: Capacity planning and allocation for web-based applications. Decis. Sci. 45(3), 535–567 (2014)

    Article  Google Scholar 

  27. Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. (TOCS) 24(2), 115–139 (2006)

    Article  Google Scholar 

  28. Morein, W.G., Stavrou, A., Cook, D.L., Keromytis, A.D., Misra, V., Rubenstein, D.: Using graphic turing tests to counter automated ddos attacks against web servers. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 8–19. ACM, New York (2003)

    Google Scholar 

  29. Munson, L.: Greatfire.org faces daily \({\$}\)30,000 bill from ddos attack (2015). https://nakedsecurity.sophos.com/2015/03/20/greatfire-org-faces-daily-30000-bill-from-ddos-attack/

  30. Nah, F.F.-H.: A study on tolerable waiting time: how long are web users willing to wait? Behav. Inf. Technol. 23, 153–163 (2004)

    Article  Google Scholar 

  31. Naresh Kumar, M., Sujatha, P., Kalva, V., Nagori, R., Katukojwala, A.K., Kumar, M.: Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: Fourth International Conference on CICN, pp. 535–539. IEEE (2012)

    Google Scholar 

  32. Nelson, P.: Cybercriminals moving into cloud big time, report says (2015). http://www.networkworld.com/article/2900125/malware-cybercrime/criminals-moving-into-cloud-big-time-says-report.html

  33. Arbor Networks. Understanding the nature of ddos attacks (2014). http://www.arbornetworks.com/asert/2012/09/understanding-the-nature-of-ddos-attacks/

  34. SPAMfighter News. Survey - with ddos attacks companies lose around 100k/hr (2015). http://www.spamfighter.com/News-19554-Survey-With-DDoS-Attacks-Companies-Lose-around-100kHr.htm

  35. Oikonomou, G., Mirkovic, J.: Modeling human behavior for defense against flash-crowd attacks. In: IEEE International Conference on Communications, 2009, ICC 2009, pp. 1–6. IEEE (2009)

    Google Scholar 

  36. Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput. Surv. 39(1) (2007)

    Google Scholar 

  37. Prolexic (2014). http://www.prolexic.com/

  38. Saini, B., Somani, G.: Index page based EDoS attacks in infrastructure cloud. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 382–395. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  39. Seals, T.: Q1 2015 ddos attacks spike, targeting cloud (2015). http://www.infosecurity-magazine.com/news/q1-2015-ddos-attacks-spike/

  40. Sqalli, M.H., Al-Haidari, F., Salah, K.: EDoS-shield - A two-steps mitigation technique against EDoS attacks in cloud computing. In: UCC, pp. 49–56. IEEE Computer Society (2011)

    Google Scholar 

  41. Stillwell, M., Schanzenbach, D., Vivien, F., Casanova, H.: Resource allocation algorithms for virtualized service hosting platforms. J. Parallel Distrib. Comp. 70(9), 962–974 (2010)

    Article  MATH  Google Scholar 

  42. Akamai Technologies. Akamai’s state of the internet q4 2013 executive summary vol. 6(4) (2013). http://www.akamai.com/dl/akamai/akamai-soti-q413-exec-summary.pdf

  43. WAPT Load Testing Tool. Response time (2015). http://www.loadtestingtool.com/help/response-time.shtml

  44. Vaquero, L.M., Rodero-Merino, L., Buyya, R.: Dynamically scaling applications in the cloud. SIGCOMM Comp. Comm. Rev. 41(1), 45–52 (2011)

    Article  Google Scholar 

  45. Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A.: A moving target ddos defense mechanism. Comput. Commun. 46, 10–21 (2014)

    Article  Google Scholar 

  46. Wang, J., Yang, X., Long, K.: Web ddos detection schemes based on measuring user’s access behavior with large deviation. In: Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE, pp. 1–5. IEEE (2011)

    Google Scholar 

  47. Yu, S., Tian, Y., Guo, S., Wu, D.: Can we beat ddos attacks in clouds? IEEE Trans. Parallel Distrib. Syst. 25(9), 2245–2254 (2013)

    Article  Google Scholar 

  48. Zhao, S., Chen, K., Zheng, W.: Defend against denial of service attack with vmm. In: Eighth International Conference on Grid and Cooperative Computing, 2009, GCC 2009, pp. 91–96. IEEE (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Central University of Rajasthan, Ajmer, India

    Gaurav Somani

  2. Malaviya National Institute of Technology, Jaipur, India

    Gaurav Somani & Manoj Singh Gaur

  3. LNM Institute of Information Technology, Jaipur, India

    Abhinav Johri, Mohit Taneja & Utkarsh Pyne

  4. Indian Institute of Technology, Kanpur, India

    Dheeraj Sanghi

Authors
  1. Gaurav Somani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abhinav Johri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohit Taneja
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Utkarsh Pyne
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Manoj Singh Gaur
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Dheeraj Sanghi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaurav Somani .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, Fairfax, Virginia, USA

    Sushil Jajoda

  2. Jadavpur University, Kolkata, India

    Chandan Mazumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Somani, G., Johri, A., Taneja, M., Pyne, U., Gaur, M.S., Sanghi, D. (2015). DARAC: DDoS Mitigation Using DDoS Aware Resource Allocation in Cloud. In: Jajoda, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2015. Lecture Notes in Computer Science(), vol 9478. Springer, Cham. https://doi.org/10.1007/978-3-319-26961-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26961-0_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26960-3

  • Online ISBN: 978-3-319-26961-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation