Fadi SHAAR, Ahmet EFE

24515

DDoS attacks and impacts on various cloud computing components

DDoS attacks and impacts on various cloud computing components

Cloud computing is the subject of the era and is the current keen domain of interest of organizations. Therefore, the future outlook of this technology is optimisticly considered to be widely adapted in this domain. On the other hand, moving to cloud computing paradigm, new security mechanism and defense frameworks are being developed against all threats and malicious network attacks that threaten the service availability of cloud computing for continuity of public and private services. Considering the increasing usage of cloud services by government bodies poses an emerging threat to e-government and e-governance structures and continuity of public services of national and local government bodies. IoT, industry 4.0, smart cities and novel artificial intelligence applications that require devices to be connected and ever present cloud platforms, provide an increasing wide range of potential zombie armies to be used in Distributed Denial of Service DDoS attacks which are omongst the most critical attacks under cloud computing environment. In this survey, we have introduced the recent reports and trends of this attack and its effects on the service availability on various cloud components. Furthermore, we discuss in detail the classification of DDoS attacks threatening the cloud computing components and make analysis and assessments on the emerging usage of cloud infrastructures that poses both advantages and risks. We assert that considering various kinds of DDoS attack tools, proactive capabilities, virtual connecting infrastructures and innovative methods which are being developed by attackers very rapidly for compromising and halting cloud systems, it is of crucial importance for cyber security strategies of both national, central and local government bodies to consider pertinent preemptive countermeasures periodically and revise their cyber strategies and action plans dynamically.
Keywords:

Cloud Computing, Service availability, DDoS Malicious network attacks, E-government Security,

PDF

___

  • [1]. H. Nemati, Information Security and Ethics: Concepts, Methodologies, Tools, and Applications, New York: IGI Global, 2008, Ch.1.1.
  • [2]. P. Mell and T. Grance. “The NIST Definition of Cloud Computing”. National Institute of Standards and Technology (NIST) Special Publication. Gaithersburg, MD. https://csrc.nist.gov/publications/detail/sp/800- 145/final, 2011.
  • [3]. Z. Chiba, N.Abghour, K. Moussaid, and M. Rida, “ A Survey of Intrusion Detection Systems for Cloud Computing Environment”, International Conference on Engineering & MIS (ICEMIS) 2016; 1-13.
  • [4]. U. Oktay and O. K. Sahingoz, “Attack Types and Intrusion Detection Systems in Cloud Computing,” 6th Internatıonal Informatıon Securıty & Cryptology Conference, vol. 9, pp. 71–76, 2013.
  • [5]. J. Varia, “Best practices in architecting cloud applications in the AWS cloud”, Cloud Computing. Principles and Paradigms, John Wiley & Sons, Inc. Jan 2011, pp. 459-490.
  • [6]. K. C. Okafor, J. A. Okoye, and G. Ononiwu, “Vulnerability Bandwidth Depletion Attack on Distributed Cloud Computing Network: A QoS Perspective,” International Journal of Computer Applications, vol. 138, no. 7, pp. 18–30, 2016.
  • [7]. G. Somani, M. Singh, D. Sanghi, M. Conti, and R. Buyya, “DDoS attacks in cloud computing: Issues, taxonomy, and future directions,” Computer. Communications., vol. 107, pp. 30–48, 2017.
  • [8]. H. Kaur and S. Behal, “Characterization and Comparison of Distributed Denial of Service Attack Tools,” International Conference on Green Computing and Internet of Things (ICGCIoT), pp. 1139–1145, 2015.
  • [9]. M. J. Hashmi, M. Saxena, and R. Saini, “Classification of DDoS Attacks and their Defense Techniques using Intrusion Prevention System”, International Journal of Computer Science & Communication Networks, vol. 2, no. 5, pp. 607–614.
  • [10]. A. Khadke and M. Madankar, “Review on Mitigation of Distributed Denial of Service (DDoS) Attacks in Cloud Computing.”, 10th International Conference on Intelligent Systems and Control (ISCO), pp. 1-5, 2016.
  • [11]. K. N. Mallikarjunan, K. Muthupriya and S. M. Shalinie, "A survey of distributed denial of service attack," 10th International Conference on Intelligent Systems and Control (ISCO), Coimbatore, pp. 1-6, 2016.
  • [12]. B. Prabadevi, “Distributed Denial of service Attacks and its effects on Cloud Environment- a Survey”, Networks, Computers and Communications, The 2014 International Symposium, 2014.
  • [13]. O. Achbarou, M. Ahmed, and S. El Bouanani, “Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems”, International Journal of Interactive Multimedia and Artificial Intelligence, pp. 61–64, 2017.
  • [14]. R. M. Jabir, S. Ismail, R. Khanji, L. A. Ahmad, O. Alfandi, and H. Said, “Analysis of Cloud Computing Attacks and Countermeasures,” Advanced Communication Technology (ICACT), 2016 18th International Conference, pp. 117–123, 2016.
  • [15]. S. Singh, “Cloud computing attacks: a discussion with solutions”. Open Journal of Mobile Computing and Cloud Computing, 2014.
  • [16]. B. Grobauer, T. Walloschek, and E. Stocker “Understanding cloud computing vulnerabilities”. Security & privacy, IEEE, 9(2): 50–57, 2011.
  • [17]. S. VivinSandar, S. Shenai, “Economic denial of sustainability (EDoS) in cloud services using http and xml-based DDoS attacks”. International Journal of Computer Applications, 41(20): 11–16, 2012.
  • [18]. A. Bhardwaj, G. Subrahmanyam, V. Avasthi, and H. G. Sastry, “Solutions for DDoS attacks on cloud” 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence), Noida, pp. 163-167, 2016.
  • [19]. https://www.infosecurity-magazine.com/news/q1-2015- ddos-attacks-spike/, Security and technical news, ”Q1 2015 DDoS attacks spike, targeting cloud”, Latest Access Time for the website is 19 January 2018.
  • [20]. Arbor Networks, “10th Annual worldwide InfrastructureReport”.http://pages.arbornetworks.com/rs /arbor/images/WISR2014.pdf, 2014.
  • [21]. R. V Deshmukh and K. K. Devadkar, “Understanding DDoS Attack & Its Effect in Cloud Environment,” Procedia - Procedia Computer. Science., vol. 49, pp. 202–210, 2015.
  • [22]. https://nakedsecurity.sophos.com/2015/03/20/greatfireorg-faces-daily-30000-bill-from-ddos-attack/L, “Greatfire.org faces daily $30,0 0 0 bill from DDoS attack”, Latest Access Time for the website is 22 January 2018.
  • [23]. Kaspersky Labs, “Global IT security risks survey 2014 -distributed denial of service (DDoS) attacks”, https://media.kaspersky.com/en/B2BInternational2014-Survey-DDoS-Summary-Report.pdf, 2014.
  • [24]. Arbor Networks, “11th Annual worldwide InfrastructureReport”.https://www.arbornetworks.com/a rbor-networks-11th-annual-worldwide-infrastructuresecurity-report-finds-relentless-threat-environmentdriving-demand-for-managed-security-services-andincident-response-support, 2016.
  • [25]. Arbor Networks, “Understanding the nature of DDoS attacks”,https://www.arbornetworks.com/blog/asert/und erstanding-the-nature-of-ddos-attacks/, 2012.
  • [26]. Neustar News, “DDoS attacks and impact report finds unpredictable DDoSlandscape”, https://nscdn.neustar.biz/creative_services/biz/neustar/www/reso urces/whitepapers/it-security/ddos/2016-fall-ddosreport.pdf , 2016.
  • [27]. Cisco, “The Zettabyte Era — Trends and Analysis – Cisco”,https://www.cisco.com/c/en/us/solutions/collater al/service-provider/visual-networking-index-vni/vnihyperconnectivity-wp.html, 2016.
  • [28]. J. N. Ahamed, “A Review on Distributed Denial of Service (DDoS) Mitigation Techniques in Cloud Computing Environment,” International Journal of Security and its Applications, vol. 10, no. 8, pp. 277– 294, 2016.
  • [29]. Akamai, “Akamai Cloud Security Solutions: Comparing Approaches for Web, DNS, and InfrastructureSecurity”,https://www.akamai.com/es/es/ multimedia/documents/content/comparing-approachesfor-web-dns-infrastructure-security-white-paper.pdf, 2016.
  • [30]. Forescout, “Forescout IoT enterprise risk report” https://www.forescout.com/wpcontent/uploads/2016/10/ForeScout-IoT-EnterpriseRisk-Report.pdf, 2016.
  • [31]. https://www.helpnetsecurity.com/2016/10/31/extinguis h-mirai-threat/, “Can we extinguish the Mirai threat”, Latest access Time for the website is 22 January 2018.
  • [32]. https://blog.radware.com/security/2017/03/cost-ofddos-attack-darknet/, “The cost of a DDoS attack on thedarknet”, Latest Access Time for the website is 22 January 2018.
  • [33]. Cisco, “Fog Computing and Internet of Things: Extend the Cloud to Where the Things Are, A white paper,” Cisco Reports, pp. 1-6, April 2015.
  • [34]. https://krebsonsecurity.com/2016/09/krebsonsecurityhit-with-record-ddos/, KrebsOnSecurity Hit With Record DDoS, Latest Access Time for the website is 22 January 2018.
  • [35]. http://www.telegraph.co.uk/technology/2016/11/04/unp recedented-cyber-attack-takes-liberias-entire-internetdown/ , “Unprecedented Cyber Attack Takes Liberia’s Entire Internet Down”, Latest Access Time for the website is 22 January 2018.
  • [36]. http://www.bbc.com/news/technology-37859678, “Hack attacks cutt internet access in Liberia”, Latest Access Time for the website is 22 January 2018.
  • [37]. A. Efe, Risk Optimization as a Governance Goal of Regional Development Agencies in Turkey: An Analysis with COBIT-5 Framework, International Journal of Education, Science and Technology, 1 - 18, 2016.
  • [38]. F. Wong and C. Tan, “A survey of trends in massive DDoS attacks and cloud-based mitigations,” International Journal of Network Security & Its Applications (IJNSA), vol. 6, no. 3, pp. 57-71, May 2014.
  • [39]. P. Revathi, “Flow and rank correlation-based detection against Distributed Reflection Denial of Service attack in Recent Trends in Information Technology”, (ICRTIT), 2014 International Conference on. IEEE, 2014.
  • [40]. M. Masdari and M. Jalali, “A survey and taxonomy of DoS attacks in cloud computing,” Security and Communication Networks, John Wiley & Sons, Ltd, no. July, pp. 3724–3751, 2016.
  • [41]. M. Darwish, A. Ouda, and L. F. Capretz, “Cloud-based DDoS Attacks and Defenses,” Information Society (iSociety), 2013 International Conference on IEEE, pp. 67–71, 2013.
  • [42]. A. Colella, C. Colombini, “Amplification DDoS Attacks: Emerging Threats and Defense Strategies, in Availability, Reliability, and Security in Information Systems”. Springer, 298–310, 2014.
  • [43]. B. Sieklik, R. Macfarlane, and W. J. Buchanan, “Evaluation of TFTP DDoS amplification attack,” Computers & Security Elsevier, vol. 57, pp. 67–92, 2016.
  • [44]. K. Harrison and G. White, “A taxonomy of cyber events affecting communities”. In System Sciences (HICSS), 2011 44th Hawaii International Conference on. IEEE, 2011.
  • [45]. V. Zlomislic, K. Fertalj, and V. Sruk, “Denial of service attacks: an overview. In Information Systems and Technologies (CISTI), 2014 9th Iberian Conference on IEEE, 2014.
  • [46]. S. Shafieian, M. Zulkernine and A. Haque, "CloudZombie: Launching and Detecting Slow-Read Distributed Denial of Service Attacks from the Cloud," 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, Liverpool, pp. 1733-1740, 2015.
  • [47]. P. Farina, E. Cambiaso, G. Papaleo and M. Aiello, "Understanding DDoS Attacks from Mobile Devices," 2015 3rd International Conference on Future Internet of Things and Cloud, Rome, pp. 614-619, 2015.
  • [48]. M. Komu, M. Sethi, R. Mallavarapu, H. Oirola, R. Khan, and S. Tarkoma, “Secure Networking for Virtual Machines in the Cloud”. In CLUSTER Workshops, 88– 96, 2012.
  • [49]. J. Latanicki, P. Massonet, S. Naqvi, and B. Rochwerger, “Scalable Cloud Defenses for Detection, Analysis and and Mitigation of DDoS Attacks”, Towards the Future Internet G. Tselentis et al. (Eds.) IOS Press, doi:10.3233/978-1-60750-539-6-127, 2010.
  • [50]. A. Bakshi, B. Yogesh, “Securing cloud from DDoS attacks using intrusion detection system in virtual machine”. In Communication Software and Networks, 2010. ICCSN’10. Second International Conference on. IEEE, 2010.
  • [51]. R. Shea, J. Liu, “Understanding the impact of denialofservice attacks on virtual machines”. In Proceedings of the 2012 IEEE 20th International Workshop on Quality of Service. IEEE Press, 2012.
  • [52]. J. Szefer, E, Keller, R. Lee, and J. Rexford, “Eliminating the hypervisor attack surface for a more secure cloud”. In proceedings of the 18th ACM conference on Computer and communications, 401-412, 2011.
  • [53]. J. Szefer, R. Lee, “A case for hardware protection of guest vms from compromised hypervisors in cloud computing”. In Distributed Computing Systems Workshops (ICDCSW), 2011 31st International Conference on IEEE, 2011.
  • [54]. J. S. Reuben. “A Survey on Virtual Machine Security”, Vol. 2. Helsinki University of Technology: Helsinki, 36, 2007.
  • [55]. Z. Fangfei, M. Goel, P. Desnoyers, R. Sundaram, “Scheduler vulnerabilities and coordinated attacks in cloud computing”. Journal of Computer Security, 21(4): 533–559, 2013.
  • [56]. M. Masdari, S. S. Nabavi, V. Ahmadi, “An overview of virtual machine placement schemes in cloud computing”. Journal of Network and Computer Applications, 66: 106–127, 2016.
  • [57]. Y. Wang, J. Ma, D. Lu, X. Lu, L. Zhang, “From high availability to collapse: quantitative analysis of “CloudDroplet-Freezing” attack threats to virtual machine migration in cloud computing”. Cluster Computing, 17(4): 1369–1381, 2014.
  • [58]. K. Lazri, S. Laniepce, H. Zheng, J. Ben-Othman, “AMAD: Resource Consumption Profile-Aware Attack Detection in IaaS Cloud”. In Utility and Cloud Computing (UCC), 2014 IEEE/ACM 7th International Conference on. IEEE, 379–386, 2014.
  • [59]. S. Alarifi, S. D. Wolthusen, “Mitigation of cloudinternal denial of service attacks”. in Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on. IEEE, 2014.
  • [60]. M. A. Zardari, L. T. Jung, and N. Zakaria, “A quantitative analysis of cloud users’ satisfaction and data security in cloud models”. In Science and Information Conference (SAI), 2014. IEEE, 2014.
  • [61]. E. P. Krishna, E. Sandhya, and M. G. Karthik, “Managing DDoS attacks on virtual machines by segregated policy management”. Global Journal of Computer Science and Technology, 14(6); 20–24, 2014.
  • [62]. M. N. Ismail, A. Aborujilah, S. Musa, and A. Shahzad, “New framework to detect and prevent denial of service attack in cloud computing environment”. International Journal of Computer Science and Security (IJCSS), 6(4): 226, 2012.
  • [63]. M. Kazim, R. Masood, M. A. Shibli, and A. G. Abbasi, “Security aspects of virtualization in cloud computing”. In IFIP International Conference on Computer Information Systems and Industrial Management, Springer: Berlin Heidelberg, 229–240, 2013.
  • [64]. A. Chonka, J. Singh, and Z. Wanlei, “Chaos theorybased detection against network mimicking DDoS attacks”. Communications Letters, IEEE 2009, 13(9): 717 719, 2009.
  • [65]. B. Saini and G. Somani, “Index Page-based EDoS Attacks in Infrastructure Cloud, in Recent Trends in Computer Networks and Distributed Systems Security”, Springer: Springer Berlin Heidelberg, 382–395, 2014.
  • [66]. A. Koduru, T. Neelakantam, S. Saira Bhanu, “Detection of economic denial of sustainability using time spent on a web page in cloud”. In Cloud Computing in Emerging Markets (CCEM), 2013 IEEE International Conference on. IEEE, 2013.
  • [67]. M. Masdari, F. Salehi, M. Jalali, and M. Bidaki, “A Survey of PSO-Based Scheduling Algorithms in Cloud Computing”. Journal of Network and Systems Management, 1–37, 2016.
  • [68]. M. Masdari et al. “Towards workflow scheduling in cloud computing: a comprehensive analysis”. Journal of Network and Computer Applications, 66: 64–82, 2016.
  • [69]. T. Siva, E. S. P. Krishna, “Controlling various networkbased ADoS attacks in cloud computing environment: by using port hopping technique”. International Journal of Engineering Trends and Technology (IJETT), 4(5); 2099–2104, 2013.
  • [70]. F. Palmieri, S. Ricciardi, U. Fiore, M. Ficco, A. Castiglione, “Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures”. The Journal of Supercomputing, 71(5): 1620–1641, 2015.
  • [71]. M. Jensen, N. Gruschka, R. Herkenhöner, “A survey of attacks on web services”. Computer Science-Research and Development, 24(4): 185–197, 2009.
  • [72]. A. Falkenberg, C. Mainka, J. Somorovsky, and J. Schwenk, “A new approach towards DoS penetration testing on web services”. In Web Services (ICWS), 2013 IEEE 20th International Conference on. IEEE, 491– 498, 2013.
  • [73]. D. Holmes, “Mitigating DDoS attacks with F5 technology”. F5 Networks, Inc, 2099–2104, 2013.
  • [74]. P. Siriwardena, “Security by Design in Advanced API Security”. Springer, 11–31, 2014.
  • [75]. I. Siddavatam, J. Gadge, “Comprehensive test mechanism to detect attack on web services”. In Networks, 2008. ICON 2008. 16th IEEE International Conference on. IEEE, 2008.
  • [76]. S. Tiwari, P. Singh, “Survey of potential attacks on webservices and web service compositions”. In Electronics Computer Technology (ICECT), 2011 3rd International Conference on. IEEE, 2011.
  • [77]. P. Lindstrom, Attacking and defending web services. Whitepaper,https://www.cse.iitb.ac.in/~madhumita/sem inar/web%20services/Attacking%20and%20Defending %20Web%20Services.pdf, 2004.
  • [78]. M. Younis, K. Kifayat, “Secure cloud computing for critical infrastructure: a survey”. Liverpool John Moores University, United Kingdom, Tech. Rep, 2013.
  • [79]. A. Masood, “Cyber security for service oriented architectures in a Web 2.0 world: an overview of SOA vulnerabilities in financial services”. In Technologies for Homeland Security, 2013.
  • [80]. A. N. Gupta, D. P. S. Thilagam, “Attacks on web services need to secure XML on web”. Computer Science & Engineering, 3(5): 1, 2013.
  • [81]. M. Jensen, N. Gruschka, N. Luttenberger, “The impact of flooding attacks on network-based services”. In Availability, Reliability and Security, 2008. ARES 08. Third International Conference on. IEEE, 2008.
  • [82]. C. Mainka, J. Somorovsky, J. Schwenk, “Penetration testing tool for web services security”. In Services (SERVICES), 2012 IEEE Eighth World Congress on. IEEE, 2012.
  • [83]. A. Chonka, Y. Xiang, W. Zhou, A. Bonti, “Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks”. Journal of Network and Computer Applications 2011, 34(4): 1097–1107, 2011.
  • [84]. S. Farahmandian, M. Zamani, A. Akbarabadi, Y. Moghimi, S. M. Mirhosseini Zadeh, S. A. Farahmandian, “survey on methods to defend against DDoS attack in cloud computing”. System 2013, 6(22): 26, 2013.
  • [85]. E, Anitha, S. Malliga, “A packet marking approach to protect cloud environment against DDoS attacks”. In Information Communication and Embedded Systems (ICICES), 2013 International Conference on. IEEE, 2013.
  • [86]. M. Bhuyan, H. Kashyap, D. Bhattacharyya, J. Kalita, “Detecting distributed denial of service attacks: methods, tools and future directions,” The Computer Journal, pp. 6-20, March 2013.
  • [87]. M. Alenezi, M. Reed, “Methodologies for detecting DoS/DDoS attacks against network servers”. In ICSNC 2012, The Seventh International Conference on Systems and Networks Communications. 2012.
  • [88]. T. Alharbi, A. Aljuhani and H. Liu, “Holistic DDoS mitigation using NFV,” 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, pp. 1-4, 2017.
  • [89]. D. Tang, A. Tang, E. Lee and L. Tao, "Mitigating HTTP Flooding Attacks with Meta -data Analysis," 2015 IEEE 17th International Conference on High Performance Computing and Communications, New York, NY, pp. 1406 -1411, 2015.
  • [90]. J. Zhang, P. Liu, J. He and Y. Zhang, "A Hadoop Based Analysis and Detection Model for IP Spoofing Typed DDoS Attack," 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, pp. 1976 -1983, 2016.
  • [91]. C. Buragohain and N. Medhi, "FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers," 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN), Noida, pp. 519 -524, 2016.
  • [92]. N. Beigi -Mohammadi, C. Barna, M. Shtern, H. Khazaei and M. Litoiu, "CAAMP: Completely automated DDoS attack mitigation platform in hybrid clouds," 2016 12th International Conference on Network and Service Management (CNSM), Montreal, QC, pp. 136 -143, 2016.
  • [93]. S. F. Lai, H. K. Su, W. H. Hsiao and K. J. Chen, "Design and implementation of cloud security defense system with software defined networking technologies," 2016 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, pp. 292 -297, 2016.
  • [94]. M. Mizukoshi and M. Munetomo, "Distributed denial of services attack protection system with genetic algorithms on Hadoop cluster computing framework," 2015 IEEE Congress on Evolutionary Computation (CEC), Sendai, pp. 1575 -1580, 2015.
  • [95]. ]L. Ingle and G. K. Pakle, "NIDSV: Network based Intrusion Detection and counter -measure excerption in virtual environment using AODV protocol," 2016 International Conference on Inventive Computation Technologies (ICICT), Coimbatore, pp. 1 -6, 2016.
  • [96]. A. Y. Oktoberry, “The Role of The Law in Combating DDoS Attacks against e - Government A Comparative Analysis of The Substantive detection against network mimicking DDoS attacks”. Communications Letters, IEEE, 13(9): 717 719, 2009.
  • [97]. A. Efe , A Model Proposal for Organizational Prudence and Wisdom within Governance of Business and Enterprise IT. ISACA Journal, 2017.
  • [98]. A. Efe, Unearthing and Enhancing Intelligence and Wisdom Within the COBIT 5 Governance of Information Model. ISACA Journal, 2016.
  • [99]. A. Efe, COBIT -5 Framework As A Model For The Regional Development Agencies. International Journal Of Ebusiness And Egovernment Studies, 33 -43, 2013.
International Journal of Information Security Science-Cover
  • Yayın Aralığı: Yılda 4 Sayı
  • Başlangıç: 2012
  • Yayıncı: Şeref SAĞIROĞLU
Arşiv
Sayıdaki Diğer Makaleler

DDoS attacks and impacts on various cloud computing components

Fadi SHAAR, Ahmet EFE

Security of NEQR Quantum Image by Using Quantum Fourier Transform with Blind Trent

İhsan YILMAZ, Engin ŞAHİN

PairTRU: Pairwise Non-commutative Extension of The NTRU Public key Cryptosystem

Amir Hassani KARBASİ, Reza Ebrahimi ATANİ, Shahabaddin Ebrahimi ATANİ

A Scheme to Passcode Generation

Ahmad Yusairi Bani HASHİM