International Journal of Computer Networks and Applications

Open Access Open Access  Restricted Access Subscription Access

A Novel Three Layer Filtering (3L-F) Framework for Prevention of DDoS Attack in Cloud Environment


Affiliations
1 PG & Research Department of Computer Science, Chikkanna Government Arts College, Tirupur, Tamil Nadu, India
 

Data security is an integral requirement of any modern information system as attackers are gaining chances due to the prompt improvement in digital technology. However, in the current decade, the use of cloud computing is rising steeply, and so is network traffic. As the cloud computing model is based on the distributed computing, cloud servers are widely distributed and cloud users can access the service from anywhere and at any time. This makes the cloud servers, a target for the adversaries. The most common attack in a cloud environment is the DDoS attack that causes bulky and abnormal traffic to the cloud server. The cloud server is incapable to manage such unusual traffic and stops momentarily by making the server down with excessive traffic. DDoS attacks can be avoided by diligent traffic control prior to the DDoS attack. This paper proposes a novel three-layer filtering mechanism to prevent various forms of DDoS attacks. The first layer of the proposed DDoS attack prevention mechanism uses two-level authentication processes. Second layer filtering verifies whether the user accesses the resources within the pre-defined limits and the third layer filtering sieves out the spoofed packets. The proposed model has been analyzed for evaluating the performance in terms of CPU overhead and load, the throughput of the victim, the reduction in connection delay. The result analysis shows that the proposed model has improved performance with a higher detection rate of 0.92 and a lower dropout rate of 0.10.

Keywords

DDoS Attack, Cloud Computing, Cloud Security, Attack Prevention and Cloud Server.
User
Notifications
Font Size

  • K. C. Okafor, J. A. Okoyeand G. Ononiwu, “Vulnerability bandwidth depletion attack on distributed cloud computing network: A QoS perspective”. International Journal of Computer Applications, vol. 138, no. 7, pp.18-30, 2016.

  • F. Shaarand A. Efe, “DDoS attacks and impacts on various cloud computing components”, International Journal of Information Security Science, vol.7, no.1, pp.26-48, 2018.

  • G. Somani, M. S. Gaur, D. Sanghi and M. Conti, “DDoS attacks in cloud computing: Collateral damage to non-targets”, Computer Networks, vol. 109, pp.157-171, 2016.

  • S. Yu, Y. Tian, S. Guo and D. O. Wu, “Can we beat DDoS attacks in clouds?”, IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 9, pp. 2245-2254,2013.

  • O. Terzo and L. Mossucca, “Cloud Computing with E-science Applications”, CRC Press, 2017.

  • A. M. Lonea, D. E. Popescu andH. Tianfield, “Detecting DDoS attacks in cloud computing environment”, International Journal of Computers Communications & Control, vol. 8, no. 1, pp. 70-78, 2012.

  • A. Bremler-Barr, E. Brosh and M. Sides, DDoS attack on cloud auto-scaling mechanisms”, In IEEE INFOCOM Conference on Computer Communications, IEEE, pp. 1-9, 2017.

  • P. Shamsolmoali and M. Zareapoor,“Statistical-based filtering system against DDOS attacks in cloud computing”. In International Conference on Advances in Computing, Communications and Informatics, IEEE, pp. 1234-1239, 2014.

  • J. Latanicki, P. Massonet, S. Naqvi, B. Rochwerger andM. Villari, “Scalable Cloud Defenses for Detection, Analysis and Mitigation of DDoS Attacks”, In Future Internet Assembly, pp. 127-137, 2010.

  • G. Somani, M. S. Gaur, D. Sanghi, M. Conti and R. Buyya, “DDoS attacks in cloud computing: Issues, taxonomy, and future directions”. Computer Communications, vol. 107, pp. 30-48, 2017.

  • A. R. Wani, Q. P. Rana, U. Saxena andN. Pandey, “Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques”, In Amity International conference on artificial intelligence, IEEE, pp. 870-875, 2019.

  • M. Darwish, A. Ouda L. F. Capretz, “Cloud-based DDoS attacks and defences”, In International Conference on Information Society, IEEE, pp. 67-71, 2013.

  • R. Saxena and S. Dey, “DDoS attack prevention using collaborative approach for cloud computing”, Cluster Computing, pp. 1-16, 2019.

  • V. Chouhan andS. K. Peddoju, “Packet monitoring approach to prevent DDoS attack in cloud computing”, InternationalJournal of Computer Science and Electronic Engineering, vol. 1, no. 2, pp. 2315-4209, 2013.

  • A. N. Jaber, M. F. Zolkipli, H. A. Shakir and M. R. Jassim, “Host based intrusion detection and prevention model against DDoS attack in cloud computing”, In International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, Springer, Cham, pp. 241-252, 2017.

  • H. Luo, Y. Lin, H. Zhang andM. Zukerman, “Preventing DDoS attacks by identifier/locator separation",IEEE Network, vol. 27, no. 6, pp. 60-65, 2013.

  • R. Patgiri, S. Nayak andS. K. Borgohain, “Preventing ddos using bloom filter: A survey”, arXiv preprint arXiv:1810.06689, 2018.

  • N. Patani and R. Patel, “A mechanism for prevention of flooding based DDoS attack”, International Journal of Computational Intelligence Research”,vol. 13,no. 1, pp. 101-111, 2013.

  • O. Osanaiye, H. Cai, K. K. R. Choo, A. Dehghantanha, Z. Xu and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing”, EURASIP Journal on Wireless Communications and Networking, vol. 1, pp. 1-10, 2016.

  • A. S. Navaz, V. Sangeetha andC. Prabhadevi, “Entropy based anomaly detection system to prevent DDoS attacks in cloud”, arXiv preprint arXiv:2013,1308.6745, 2013.

  • N. Jeyanthi, N. C. S. Iyengar, P. M. Kumar and A. Kannammal, “An enhanced entropy approach to detect and prevent DDoS in cloud environment”, International Journal of Communication Networks and Information Security, vol. 5, no. 2, pp. 110, 2013.

  • X. Wang, “Mitigation of DDoS Attacks through Pushback and Resource Regulation”,In International Conference on Multimedia and Information Technology, IEEE,pp. 225-228, 2008.

  • S. S. Chapade, K. U. Pandey and D. S. Bhade, “Securing cloud servers against flooding based DDoS attacks”. In International Conference on Communication Systems and Network Technologies (CSNT), IEEE,pp.524-528, 2013.

  • P. Shamsolmoali, M. A. Alam and R. Biswas, “C2DF: High rate DDOS filtering method in cloud computing”, International Journal of Computer Network and Information Security, vol. 6, no. 9, p.43, 2014.

  • A. Saravanan, S. Sathya Bama, S. Kadry and L. K. Ramasamy, “A new framework to alleviate DDoS vulnerabilities in cloud computing”. International Journal of Electrical & Computer Engineering, vol. 9, no. 5, pp. 2088-8708, 2019.

  • K. Shridhar and N. Gautam, “A prevention of DDoS attacks in cloud using honeypot”. International Journalof Science and Research (IJSR), vol. 3, Issue. 11,pp. 2319-7064, 2012.

  • K. Kalkan and F. Alagöz, “A distributed filtering mechanism against DDoS attacks: ScoreForCore”, Computer Networks, vol. 108, pp.199-209, 2016.

  • K. S. Bhosale, M. Nenova andG. Iliev, “The distributed denial of service attacks (DDoS) prevention mechanisms on application layer”. In International Conference on Advanced Technologies, Systems and Services in Telecommunications (TELSIKS), IEEE, pp. 136-139, 2017.

  • K. Srinivasan, A. Mubarakali, A. S. Alqahtani and A. D. Kumar, “A Survey on the Impact of DDoS Attacks in Cloud Computing: Prevention, Detection and Mitigation Techniques”, In Intelligent Communication Technologies and Virtual Mobile Networks, Springer, Cham, pp. 252-270, 2019.

  • G. Somani, A. Johri, M. Taneja, U. Pyne, M. S. Gaur and Sanghi, “DARAC: DDoS mitigation using DDoS aware resource allocation in the cloud",In International Conference on Information Systems Security, Springer, Cham, pp. 263-282, 2015.

  • C. Jin, H. Wang and K. G. Shin, “Hop-count filtering: an effective defense against spoofed DDoS traffic”, In Proceedings of the ACM conference on Computer and communications security,pp. 30-41, 2013.

  • S. Lagishetty, P. Sabbu and K. Srinathan, “DMIPS-Defensive Mechanism against IP Spoofing”, In Australasian Conference on Information Security and Privacy, Springer, Berlin, Heidelberg, pp. 276-291, 2011.

  • S. S. Kolahi, A. A. Alghalbi, A. F. Alotaibi, S. S. Ahmed and D. Lad, “Performance comparison of defense mechanisms against TCP SYN flood DDoS attack”, In Innovations in Computer Science and Engineering, Springer, Singapore, pp. 1-10, 2014.

  • “Netwag Tool,” 2007. Available: http://ntwag.sourceforge.net/.

  • G. Dayanandam, T. V. Rao, D. B. Babu andS. N. Durga, “DDoS attacks—analysis and prevention. In Innovations in Computer Science and Engineering”, Springer, Singapore, pp. 1-10, 2019.


Abstract Views: 302

PDF Views: 2




  • A Novel Three Layer Filtering (3L-F) Framework for Prevention of DDoS Attack in Cloud Environment

Abstract Views: 302  |  PDF Views: 2

Authors

A. Somasundaram
PG & Research Department of Computer Science, Chikkanna Government Arts College, Tirupur, Tamil Nadu, India
V. S. Meenakshi
PG & Research Department of Computer Science, Chikkanna Government Arts College, Tirupur, Tamil Nadu, India

Abstract


Data security is an integral requirement of any modern information system as attackers are gaining chances due to the prompt improvement in digital technology. However, in the current decade, the use of cloud computing is rising steeply, and so is network traffic. As the cloud computing model is based on the distributed computing, cloud servers are widely distributed and cloud users can access the service from anywhere and at any time. This makes the cloud servers, a target for the adversaries. The most common attack in a cloud environment is the DDoS attack that causes bulky and abnormal traffic to the cloud server. The cloud server is incapable to manage such unusual traffic and stops momentarily by making the server down with excessive traffic. DDoS attacks can be avoided by diligent traffic control prior to the DDoS attack. This paper proposes a novel three-layer filtering mechanism to prevent various forms of DDoS attacks. The first layer of the proposed DDoS attack prevention mechanism uses two-level authentication processes. Second layer filtering verifies whether the user accesses the resources within the pre-defined limits and the third layer filtering sieves out the spoofed packets. The proposed model has been analyzed for evaluating the performance in terms of CPU overhead and load, the throughput of the victim, the reduction in connection delay. The result analysis shows that the proposed model has improved performance with a higher detection rate of 0.92 and a lower dropout rate of 0.10.

Keywords


DDoS Attack, Cloud Computing, Cloud Security, Attack Prevention and Cloud Server.

References





DOI: https://doi.org/10.22247/ijcna%2F2021%2F209700