ABSTRACT
Distributed Denial of Services (DDoS) Attacks are often the main source of cloud service disruptions. The considerable increase in DDoS attacks strength has drawn attention in detection and mitigation of DDoS attack. Due to use of more powerful botnets, DDoS attacks are harder to detect at the firewall, hence an efficient technique is required to mitigate DDoS attacks in cloud environment. In this paper, we present mitigation technique in cloud environment in swarm network with relay mechanism using Simulated Raindrop Algorithm (SRD), making it possible to model the defense strategy as mathematical optimization task. This algorithm is used with throughput maximization as fitness function. In the testbed setup, we have evaluated the performance of SRD with Intelligent Waterdrop Algorithm (IWD) through simulation and observed that SRD needs about 40%--45% less number of iterations for convergence. The results shows that proposed method can mitigate DDoS attack with high accuracy and achieves more robustness.
- Arbor Networks,, "Available from :,"http://arbornetworks.com/resources/infrastructure-security-report.Google Scholar
- Y. Shinoda, "What's happening out there? Global Information Security Threats Trend(2012)," in Cryptrec Symposim,2012.Google Scholar
- D. Anstee, "DDoS Attack Trends Through 2010," in 6th Annual Survey Infrastructure Security Report and ATLAS Initiative,2010.Google Scholar
- M. S. Obaidat and F. Zarai, "Novel algorithm for secured mobility and IP traceability for WLAN networks," in Journal of Convergence,vol. 3, no. 2, pp. 1--8,2012.Google Scholar
- K. Wang, C. -Y. Huang, S. -J. Lin, and Y. -D. Lin, "A fuzzy pattern based filtering algorithm for botnet detection," in Computer Networks,vol. 55,no. 15,pp. 3275--3286,2011. Google ScholarDigital Library
- H. Choi and H. Lee, "Identifying botnets by capturing group activities in DNS traffic," in Computer Networks,vol. 56,no. 1,pp. 20--33,2012. Google ScholarDigital Library
- W. T. Strayer, D. Lapsely, R. Walsh, and C. Livadas, "Botnet detection based on network behavior," in Advances in Information Security,vol. 36,pp. 1--24,2008.Google Scholar
- M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "A multifaceted approach to understanding the botnet phenomenon," in Proceedings of the 6th ACM SIGCOMM on Internet Measurement Conference (IMC 06),pp. 41--52,2006. Google ScholarDigital Library
- Shui Yu, Yonghong Tian, Song Guo and Dapeng Oliver Wu, "Can We Beat DDoS Attacks in Clouds?,," in IEEE Transactions on Parallel and Distributed Systems,vol. 25,no. 9,pp. 2245--2254,2014.Google ScholarCross Ref
- Cheng Jin, Hianing Wang and Kan G. Shin, "Hop-count filtering: An effective defense against spoofed DDoS traffic," in Proceedings of ACM Conference on Computer and Cornniuni- carions Security,vol. 22,no. 11,pp. 32--38,2003. Google ScholarDigital Library
- C. Dixon, T. Anderson, and A. Krishnamurthy, "Phalanx: Withstanding Multimillion-Node Botnets," in Proceeding 5th USENIX Symp. Networked Systems Design and Implementation,2008. Google ScholarDigital Library
- Ruiping Lua and Kin Choong Yow, "Mitigating DDoS Attacks with Transparent and Intelligent Fast-Flux Swarm Network," in IEEE Network,vol. 25,no. 4,pp. 28--33,2011.Google ScholarCross Ref
- H. Alijifri, "IP Traceback: A New Denial-of-Service Deterrent," in IEEE Security and Privacy,pp. 24--31,2003. Google ScholarDigital Library
- S. Bellovin, J. Schiller and C. Kaufman, "Security Mechanism for the Internet," in IETF RFC 3631,2003. Google ScholarDigital Library
- K. Houle et al., "Trends in Denial of Service Attack Technology," in www.cert.org/archive/pdf/, 2001.Google Scholar
- J. Joannidis and S. M. Bellovin, "Implementing Pushback: Router- Based Defense against DDoS Attacks," in Proc. Network and Distributed System Security Symp.,2002.Google Scholar
- Y. Kim, W. C. Lua, M. c. Chuah and H. J. Chao, "PacketScore: Statistics-Based Overload Control against Distributed Denial of Service Attack," in Proc. INFOCOM,2004.Google Scholar
- X. Wang, S. Chellappan, P. Boyer and D. Xuan, "On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks," in IEEE Trans. Parallel and Distributed Systems,2004. Google ScholarDigital Library
- T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. E. Seamons,, "Adaptive Trust Negotiation and Access Control," in Proc. ACM Symp. Access Control Models and Technologies, 2005. Google ScholarDigital Library
- S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly,, "DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection," in Proc. INFOCOM, 2006.Google Scholar
- P. Ning, S. Jajodia, and X. S. Wang,,, "Abstraction-Based Intrusion Detection in Distributed Environment," in ACM Trans. Information and System Security,pp. 407--452,2001. Google ScholarDigital Library
- K. Hwang, M. Cai, Y. Chen, and M. Qin,,, "Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes," in IEEE Trans. Dependable and Secure Computing,vol. 4,no. 1,pp. 41--55,2007. Google ScholarDigital Library
- I. Stoica, "Internet Indirection Infrastructure," in Proc.2002 Conf. Application, Technologies, Architectures, and Protocols for Comp. Commun.,2002. Google ScholarDigital Library
- A. Stavrou and A. D. Keromytis, "Counting DDoS attacks with stateless multipath overlays," in ACM Conference Comp. and Communication Security,2005. Google ScholarDigital Library
- Syam Kumar P,Subramanian R,, "Homomorpic Distributed Verification Protocol for Ensuring Data Storage Security in Cloud Computing," in Journal of Information,vol. 14,no. 10,pp. 3365--3476,2011.Google Scholar
- P. Syam Kumar, R. Subramanian,, "RSA-based Dynamic Public Audit Service for Integrity Verification of Data Storage in Cloud Computing using Sobol Sequence," in International Journal of Cloud Computing, InderScience Publications,vol. 1,no. 2/3,pp. 167--200,2012.Google Scholar
- M. Dash and H. Liu, "Feature selection for classification," in Intelligent Data Analysis,vol. 1,no. 1-4,pp. 131--156,1997. Google ScholarCross Ref
- A. James and S. Dimitrijev, "Ranked selection of nearest discriminating features," in Human-Centric Computing and Information Sciences,vol. 2,article12,2012.Google Scholar
- S. Farzi, "Efficient job scheduling in grid computing with modified artificial fish swarm algorithm," in International Journal of Computer Theory and Engineering,vol. 1,no. 1,pp. 13--18,2009.Google ScholarCross Ref
- C. -L. Huang and C. -J. Wang, "A GA-based feature selection and parameters optimizationfor support vector machines," in Expert Systems with Applications,vol. 31,no. 2,pp. 231--240,2006.Google ScholarCross Ref
- J. Kennedy and R. Eberhart, "Particle swarm optimization," in Proceedings of the IEEE International Conference on Neural Networks,vol. 2,pp. 1942--1948, Perth, Australia, 1995.Google ScholarCross Ref
- B. Singh and D. Lobiyal, "A novel energy-aware cluster head selection based on particle swarm optimization for wireless sensor networks," in Human-Centric Computing and Information Sciences,vol. 2,article13,2012.Google Scholar
- K. -C. Lin and H. -Y. Chien, "CSO-based feature selection and parameter optimization for support vector machine," in in Proceedings of the Joint Conferences on Pervasive Computing (JCPC 09), pp. 783--788,2009.Google Scholar
- M. Dorigo, V. Maniezzo, and A. Colorni, "Ant system: optimization by a colony of cooperating agents," in IEEE Transactions on Systems, Man, and Cybernetics B: Cybernetics,vol. 26,no. 1,pp. 29--41,1996. Google ScholarDigital Library
- X. L, Li, J. X. Qian, "Optimizing method based on autonomous animats: fish-swarm algorithm," in System Engineering Theory and Practice,vol. 22,no. 11,pp. 32--28,2002.Google Scholar
- X. -L. Li, Z. -J. Shao, and J. -X. Qian, "The Intelligent Water Drops Algorithm: A NatureInspired Swarm-Based Optimization Algorithm," in International. Journal on Bio-Inspired Computation,vol. 1, pp. 71--79,2009. Google ScholarDigital Library
- A. Ibrahim, S. Rahnamayan and M. V. Martin, "Simulated Raindrop algorithm for global optimization," in IEEE 27th Canadian Conference on Electrical and Computer Engineering,vol. 22,no. 11,pp. 32--38,2014.Google Scholar
- R. J. Lavery, "Throughput optimization for wireless data transmission," in M. S. Thesis, Polytechnic University,2001.Google Scholar
- A. Balamurugan, "Efficient fitness based routing protocol in wireless sensor networks," in ICTACT Journal on Communication Technology,vol. 05,2014.Google Scholar
- R. Kaur, A. Sangal, K. Kumar,, "Modeling and Simulation of DDoS Attack using Omnet++," in International Conference on Signal Processing and Integrated Networks,2014.Google Scholar
Index Terms
- Simulated Raindrop Algorithm to Mitigate DDoS Attacks in Cloud Computing
Recommendations
Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment
As Cloud computing is reforming the infrastructure of IT industries, it has become one of the critical security concerns of the defensive mechanisms applied to secure Cloud environment. Even if there are tremendous advancements in defense systems ...
Analysis of DDoS Attacks and an Introduction of a Hybrid Statistical Model to Detect DDoS Attacks on Cloud Computing Environment
ITNG '15: Proceedings of the 2015 12th International Conference on Information Technology - New GenerationsCloud service availability has been one of the major concerns of cloud service providers (CSP), while hosting different cloud based information technology services by managing different resources on the internet. The vulnerability of internet, the ...
Collaborative 'many to many' DDoS detection in cloud
Cloud computing provides a scalable and cost-effective environment for users to store and process data through the internet. However, it also causes distributed denial-of-service DDoS attacks. DDoS attacks risk systems outage and intend to disable the ...
Comments