Skip to main content
SpringerLink
Log in

Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment

  • Review
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

As Cloud computing is reforming the infrastructure of IT industries, it has become one of the critical security concerns of the defensive mechanisms applied to secure Cloud environment. Even if there are tremendous advancements in defense systems regarding the confidentiality, authentication and access control, there is still a challenge to provide security against availability of associated resources. Denial-of-service (DoS) attack and distributed denial-of-service (DDoS) attack can primarily compromise availability of the system services and can be easily started by using various tools, leading to financial damage or affecting the reputation. These attacks are very difficult to detect and filter, since packets that cause the attack are very much similar to legitimate traffic. DoS attack is considered as the biggest threat to IT industry, and intensity, size and frequency of the attack are observed to be increasing every year. Therefore, there is a need for stronger and universal method to impede these attacks. In this paper, we present an overview of DoS attack and distributed DoS attack that can be carried out in Cloud environment and possible defensive mechanisms, tools and devices. In addition, we discuss many open issues and challenges in defending Cloud environment against DoS attack. This provides better understanding of the DDoS attack problem in Cloud computing environment, current solution space, and future research scope to deal with such attacks efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Mathew Prince (2013) The DDoS That Knoked Spamhaus Offline (And How We Mitigated It). CloudFlare Blog [Online] Available from: http://blog.Cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho/. Accessed on Sept 2014

  2. Bhuyan MH et al (2014) Network anomaly detection: methods, systems and tools. IEEE Commun Surveys Tutor 16(1):303–336

    Article  Google Scholar 

  3. Qi Chen, et al. (2011) CBF: a packet filtering method for DDoS attack defence in cloud environment. In: Ninth international conference on dependable, autonomic and secure computing, p. 427–434

  4. Chonka Ashley, Singh Jaipal, Zhou Wanlei (2009) Chaos theory based detection against network mimicking DDoS attacks. Commun Lett IEEE 13(9):717–719

    Article  Google Scholar 

  5. Chen Yonghong, Ma Xinlei, Xinya Wu (2013) DDoS detection algorithm based on preprocessing network traffic predicted method and chaos theory. Commun Lett IEEE 17(5):1052–1054

    Article  Google Scholar 

  6. Tsallis C (1988) Possible generalization of Boltzmann-Gibbs statistics. J Stat Phys 52(1–2):479–487

    Article  MathSciNet  MATH  Google Scholar 

  7. Ma Xinlei, Chen Yonghong (2014) DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun Lett 18(1):114–117

    Article  Google Scholar 

  8. Wu Xinya, Chen Yonghong (2013) Validation of chaos hypothesis in NADA and improved DDoS detection algorithm. Commun Lett IEEE 17(12):2396–2399

    Article  MathSciNet  Google Scholar 

  9. Kim Y, Lau WC, Chuah MC, Chao HJ (2006) PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans Dependable Secur Comput 3(2):141–155

    Article  Google Scholar 

  10. Chonka A et al (2008) Detecting and tracing DDoS attacks by intelligent decision prototype. Pervasive computing and communications, 2008, Sixth annual IEEE international conference on

  11. Savage S, Wetherall D, Karlin A, Anderson T (2001) Practical network support for IP traceback. SIGCOMM’00, Stockholm, Sweden, 2000

  12. Belenky A, Ansari N (2003) Tracing multiple attackers with deterministic packet marking (DPM). In: Proceedings of IEEE Pacific rim conference on communications, computers and signal processing, 2003, PACRIM, vol. 1, p. 49–52

  13. Chonka A, Wanlei Z, Yang X (2008) Protecting web services with service oriented traceback architecture. Computer and information technology, 2008, CIT 2008, 8th IEEE international conference on, 2008

  14. Chonka et al (2010) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34(4):1097–1107 (Elsevier)

    Article  Google Scholar 

  15. Ko R, Lee SSG (2013) Cloud computing vulnerability incidents: a statistical overview [Online] Available from: https://downloads.Cloudsecurityalliance.org/initiatives/cvwg/CSA_Whitepaper_Cloud_Computing_Vulnerability_Incidents.zip. Accessed on Sept 2014

  16. Arbor Networks, Inc (2014) Worldwide infrastructure security report volume IX [Online]. Available from: http://pages.arbornetworks.com/rs/arbor/images/WISR2014.pdf [Accessed on Sept. 2014]

  17. Incapsula Inc. (2014) 2013–2014 DoS threat landscape report [Online]. Available from: http://www.incapsula.com/blog/ddos-threat-landscape-report-2014.html. Accessed on Sept 2014

  18. Mell P, Grance T (2011) The NIST definition of cloud computing (Draft), special publication 800-145 (Draft). National Institute of Standards and Technology, Gaithersburg

    Google Scholar 

  19. Google App Engine, Google Inc., http://Cloud.google.com/appengine. Accessed on Sept 2014

  20. Azure: Microsoft’s Cloud Platform, Microsoft Corporation, http://azure.microsoft.com/en-us/. Accessed on Sept 2014

  21. Amazon Elastic Compute Cloud (Amazon EC2), Amazon, http://aws.amazon.com/ec2/, Amazon. Accessed on Sept 2014

  22. IBM Cloud Computing, IBM, http://www.ibm.com/Cloud-computing/in/en/. Accessed on Sept 2014

  23. Amazon VPC, Amazon, http://aws.amazon.com/vpc/. Accessed on Sept 2014

  24. Subashini Subashini, Kavitha V (2011) A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 34(1):1–11

    Article  Google Scholar 

  25. Gartner: Seven Cloud Computing Security Risks, Networkworld, http://www.networkworld.com/article/2281535/data-center/gartner–seven-Cloud-computing-security-risks.html. Accessed on Sept 2014

  26. Fernandes DAB et al (2014) Security issues in cloud environments: a survey. Int J Inf Secur 13(2):113–170

    Article  Google Scholar 

  27. Behl A (2011) Emerging security challenges in cloud computing: an insight to cloud security challenges and their mitigation. In: Information and communication technologies (WICT), 2011 world congress on, p. 217–222, 2011

  28. Sharma Juhi et al (2012) Cloud security challenges. Int J Comput Sci Inf Technol (IJCSIT) 3(3):4514–4515

    Google Scholar 

  29. Salah K, Calero JA (2013) Using Cloud computing to implement a security overlay network. IEEE Secur Privacy 11(1):44–53

    Google Scholar 

  30. Sabahi F (2011) Cloud computing security threats and responses. In: Communication software and networks (ICCSN), 2011 IEEE 3rd international conference on. IEEE, 2011

  31. Liu, H (2010) A new form of DOS attack in a cloud and its avoidance mechanism. In: Proceedings of the 2010 ACM workshop on cloud computing security workshop, ACM, 2010

  32. Carl G, Kesidis G, Brooks RR, Rai S (2006) Denial-of-service attack-detection techniques. IEEE Trans Intern Comput 10(1):82–89

    Article  Google Scholar 

  33. Hackers break into server for Obamacare website: U.S. officials, Reuters, 2014 http://www.reuters.com/article/2014/09/04/us-usa-healthcare-cybersecurity-idUSKBN0GZ2RF20140904. Accessed on Sept 2014

  34. CERT Advisory, CA-1996-01, Carnegie Mellon University, 2014, http://www.cert.org/historical/advisories/CA-1996-01.cfm. Accessed on Sept 2014

  35. DDoS Attack Types and Mitigation Methods, IncapsulaInc, 2014, http://www.incapsula.com/ddos/ddos-attacks/. Accessed on Sept 2014

  36. DoS Attacks and Free DoS Attacking Tools, Infosec Institute, 2014, http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/. Accessed on Sept 2014

  37. CERT Advisory CA-1997-28, Carnegie Mellon University, 2014, http://www.cert.org/historical/advisories/ca-1997-28.cfm. Accessed on Sept 2014

  38. CERT Advisory CA-1996-21, Carnegie Mellon University, 2014 http://www.cert.org/historical/advisories/ca-1996-21.cfm. Accessed on Sept 2014

  39. The NSL-KDD Dataset, http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html. Accessed 18 Mar 2016

  40. Bujlow T, Carela-Español V, Barlet-Ros P (2014) Extended independent comparison of popular deep packet inspection (DPI) Tools for Traffic Classification, [Online]. Available from: http://vbn.aau.dk/files/179043085/TBU_Extended_dpi_report.pdf

  41. Pepitone J (2014) Hackers mount denial-of-service attack with computer clock tool, NBC News, [Online] Available From: http://www.nbcnews.com/tech/security/hackers-mount-denial-service-attack-computer-clock-tool-n27646. Accessed on Sept 2014

  42. Dittrich D (1999) The DoS project’s “trinoo” distributed denial of service attack tool, http://staff.washington.edu/dittrich/misc/trinoo.analysis.txt. Accessed on Sept 2014

  43. Houle K, Dougherty C (2000) Mstream, Incident Notes, IN-2000-05, Carnegie Mellon University http://www.cert.org/historical/incident_notes/IN-2000-05.cfm. Accessed on Sept. 2014

  44. LOIC, Sourceforge.net, 2014, http://sourceforge.net/projects/loic/. Accessed on Sept 2014

  45. XOIC, Sourceforge.net, 2014, http://sourceforge.net/projects/xoic/. Accessed on Sept 2014

  46. Zargar ST, Joshi J, Tipper D (2013) A survey of defence mechanisms against distributed denial of service (DDoS) flooding attacks. Commun Surveys Tutor IEEE 15(4):2046–2069

    Article  Google Scholar 

  47. Ferguson P, Senie D (2000) Network ingress filtering: defeating denial of service attacks that employ IP source address spoofing, Internet RFC 2827, 2000

  48. Mirkovic J, Prier G, Reiher P (2002) Attacking DDoS at the source. In: Proceedings of the 10th IEEE international conference on network protocols (ICNP’02), Washington DC, USA, 2002

  49. Gil TM, Poletto M (2001) MULTOPS: a data-structure for bandwidth attack detection. In: USENIX security symposium, 2001

  50. Abdelsayed S, Glimsholt D, Leckie C, Ryan S, Shami S (2003) An efficient filter for denial-of-service bandwidth attacks. In: Proceedings of the 46th IEEE global telecommunications conference (GLOBECOM03), p. 1353–1357, 2003

  51. Mananet, Reverse Firewall, [online] Available from: http://www.cs3–inc.com/pubs/ReverseFireWall.pdf. Accessed on Sept 2014

  52. John A, Sivakumar T (2009) DDoS: survey of traceback methods. In: International journal of recent trends in engineering ACEEE (association of computer electronics and electrical engineers), vol. 1, no. 2, May 2009

  53. Cabrera JD et al (2001) Proactive detection of distributed denial of service attacks using MIB traffic variables a feasibility study. In: Integrated network management proceedings, p. 609–622, 2001

  54. Abliz M (2011) Internet denial of service attacks and defence mechanisms. University of Pittsburgh, Department of Computer Science, Technical Report, TR-11-178, March 2011

  55. Kim Y, Lau WC, Chuah MC, Chao HJ (2006) “PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks. IEEE Trans Depend Secure Comput 3(2):141–155

    Article  Google Scholar 

  56. Chan EYK et al (2006) Intrusion detection routers: design, implementation and evaluation using an experimental testbed. IEEE J Sel Areas Commun 24(10):1889–1900

    Article  Google Scholar 

  57. Mirkovic J, Reiher P, Robinson M (2003) Forming alliance for DDoS defence. In: Proceeding of new security paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, 2003

  58. Sung Minho, Jun Xu (2013) IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. Parallel Distrib Syst IEEE Trans 14(9):861–872

    Article  Google Scholar 

  59. KDD CUP 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed on Sept 2014

  60. DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html. Accessed on Sept 2014

  61. Cloud Intrusion Detection Dataset, http://www.di.unipi.it/~hkholidy/projects/cidd/index.html. Accessed on Dec 2014

  62. DEFCON, The Shmoo group http://cctf.shmoo.com/. Accessed on Sept 2014

  63. CAIDA Data, Center for applied internet and data analysis, http://www.caida.org/data/. Accessed on Sept 2014

  64. LBNL/ICSI Enterprise tracing project, http://www.icir.org/enterprise-tracing/. Accessed on Sept 2014

  65. UNIBS: Data Sharing http://www.ing.unibs.it/ntw/tools/traces/. Accessed on Sept 2014

  66. ISCX-UNB, Datasets- Information Security Center for eXcellence, http://www.iscx.ca/datasets. Accessed on Sept 2014

  67. Manpage of TCPDUMP, http://www.tcpdump.org/tcpdump_man.html. Accessed on Sept 2014

  68. Wireshark- Go Deep, https://www.wireshark.org/. Accessed on Sept 2014

  69. Firewall Log and Rule Analysis, Security audit, change management—firewall analyzer, ManageEngine 2014, http://www.manageengine.com/products/firewall/. Accessed on Sept 2014

  70. SNMP Network Monitoring Tool, SpiceWorks, 2014, http://www.spiceworks.com/it-articles/snmp-network-monitoring/. Accessed on Sept 2014

  71. Bandwidth Reporting:: NetFlowAnalyzer, ManageEngine 2014, http://www.manageengine.com/products/netflow/. Accessed on Sept 2014

  72. Network Monitoring Software, Network Performance Management, Paessler AG, http://www.paessler.com/. Accessed on Sept 2014

  73. Network Monitoring Software, SolarWinds, 2014, http://www.solarwinds.com/network-performance-monitor.aspx. Accessed on Sept 2014

  74. Network Performance Management Software, ManageEngine, 2014, http://www.manageengine.com/network-performance-management.html. Accessed on Sept 2014

  75. Weber RH, Weber R (2010) Internet of things legal perspectives. Springer, Berlin Heidelberg

    Book  Google Scholar 

  76. Krutz RL, Vines RD (2010) Cloud security: a comprehensive guide to secure cloud computing. Wiley Publishing, Hoboken

    Google Scholar 

  77. Chen D, Zhao H (2012) Data security and privacy protection issues in cloud computing. In: Computer science and electronics engineering (ICCSEE), 2012 international conference on, IEEE, Hangzhou, vol. 1, p. 647–651, 2012

  78. Hwang K, Dongarra J, Fox GC (2013) Distributed and cloud computing: from parallel processing to the internet of things, Morgan Kaufmann, 2013

  79. Hwang K, Kulkareni S, Hu Y (2009) Cloud security with virtualized defense and reputation-based trust management. In: Dependable, autonomic and secure computing, 2009. DASC ‘09. Eighth IEEE international conference on, Chengdu, p. 717–722

  80. Marchette DJ (2013) Computer intrusion detection and network monitoring: a statistical viewpoint. Springer Science & Business Media, Berlin

    MATH  Google Scholar 

  81. Enrico C et al (2013) Slow DoS attacks: definition and categorisation. Int J Trust Manage Comput Commun 1:300–319

  82. Singh J, Grewal V (2015) A survey of different strategies to pacify ARP poisoning attacks in wireless networks. Int J Comput Appl 11:25–28

  83. Lau F, Rubin SH, Smith MH, Trajkovic L (2000) Distributed denial of service attacks. In: Systems, man, and cybernetics, 2000 IEEE international conference on, Nashville, TN, p. 2275–2280 vol. 3, 2000

  84. Gupta BB, Joshi RC, Misra M (2010) Distributed denial of service prevention techniques. Int J Comput Electr Eng 2(2):1793–8163

    Google Scholar 

  85. Badve OP, Gupta BB et al (2015) DDoS detection and filtering technique in cloud environment using GARCH model. In: The proceedings of IEEE GCCE-2015, p. 584–586, Osaka, Japan, 2015

  86. Chhabra Meghna, Gupta BB (2014) An efficient scheme to prevent DDoS flooding attacks in mobile ad-hoc network (MANET). Res J Appl Sci Eng Technol 7(10):2033–2039

    Google Scholar 

  87. Alomari E, Manickam S, Gupta BB, Singh P, Anbar M (2014) Design, deployment and use of HTTP-based Botnet (HBB) Testbed. In proceedings of 16th IEEE international conference on advanced communication technology (ICACT), pp. 1265–1269, South Korea, 2014

  88. Negi P, Mishra A, Gupta BB (2013) Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv, p. 1304.7073, 2013

  89. Chhabra M, Gupta BB, Almomani A (2013) A novel solution to handle DDOS attack in MANET. J Inf Secur. 4(3):165–179

    Google Scholar 

  90. Agrawal PK, Gupta BB, Jain S (2011) SVM based scheme for predicting number of zombies in a DDoS attack. 2011 European intelligence and security informatics conference (EISIC), p. 178–182, Greece, 2011

  91. Missbach M, Staerk T, Gardiner C, McCloud J, Madl R, Tempes M, Anderson G (2016) Securing SAP on the Cloud. In SAP on the Cloud, Springer, Berlin Heidelberg, pp. 75–120

  92. Ficco M, Massimiliano R (2016) Economic denial of sustainability mitigation in cloud computing. In: Organizational innovation and change, Springer, Berlin p. 229–238

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology Kurukshetra, Kurukshetra, India

    B. B. Gupta & Omkar P. Badve

Authors
  1. B. B. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Omkar P. Badve
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. B. Gupta.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gupta, B.B., Badve, O.P. Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment. Neural Comput & Applic 28, 3655–3682 (2017). https://doi.org/10.1007/s00521-016-2317-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-016-2317-5

Keywords

Search

Navigation