DDoS attacks and impacts on various cloud computing components
DDoS attacks and impacts on various cloud computing components
Cloud computing is the subject of the era and is the current keen domain of interest of organizations. Therefore, the future outlook of this technology is optimisticly considered to be widely adapted in this domain. On the other hand, moving to cloud computing paradigm, new security mechanism and defense frameworks are being developed against all threats and malicious network attacks that threaten the service availability of cloud computing for continuity of public and private services. Considering the increasing usage of cloud services by government bodies poses an emerging threat to e-government and e-governance structures and continuity of public services of national and local government bodies. IoT, industry 4.0, smart cities and novel artificial intelligence applications that require devices to be connected and ever present cloud platforms, provide an increasing wide range of potential zombie armies to be used in Distributed Denial of Service DDoS attacks which are omongst the most critical attacks under cloud computing environment. In this survey, we have introduced the recent reports and trends of this attack and its effects on the service availability on various cloud components. Furthermore, we discuss in detail the classification of DDoS attacks threatening the cloud computing components and make analysis and assessments on the emerging usage of cloud infrastructures that poses both advantages and risks. We assert that considering various kinds of DDoS attack tools, proactive capabilities, virtual connecting infrastructures and innovative methods which are being developed by attackers very rapidly for compromising and halting cloud systems, it is of crucial importance for cyber security strategies of both national, central and local government bodies to consider pertinent preemptive countermeasures periodically and revise their cyber strategies and action plans dynamically.
___
- [1]. H. Nemati, Information Security and Ethics: Concepts,
Methodologies, Tools, and Applications, New York:
IGI Global, 2008, Ch.1.1.
- [2]. P. Mell and T. Grance. “The NIST Definition of Cloud
Computing”. National Institute of Standards and
Technology (NIST) Special Publication. Gaithersburg,
MD. https://csrc.nist.gov/publications/detail/sp/800-
145/final, 2011.
- [3]. Z. Chiba, N.Abghour, K. Moussaid, and M. Rida, “ A
Survey of Intrusion Detection Systems for Cloud
Computing Environment”, International Conference
on Engineering & MIS (ICEMIS) 2016; 1-13.
- [4]. U. Oktay and O. K. Sahingoz, “Attack Types and
Intrusion Detection Systems in Cloud Computing,” 6th
Internatıonal Informatıon Securıty & Cryptology
Conference, vol. 9, pp. 71–76, 2013.
- [5]. J. Varia, “Best practices in architecting cloud
applications in the AWS cloud”, Cloud Computing.
Principles and Paradigms, John Wiley & Sons, Inc. Jan
2011, pp. 459-490.
- [6]. K. C. Okafor, J. A. Okoye, and G. Ononiwu,
“Vulnerability Bandwidth Depletion Attack on
Distributed Cloud Computing Network: A QoS
Perspective,” International Journal of Computer
Applications, vol. 138, no. 7, pp. 18–30, 2016.
- [7]. G. Somani, M. Singh, D. Sanghi, M. Conti, and R.
Buyya, “DDoS attacks in cloud computing: Issues,
taxonomy, and future directions,” Computer.
Communications., vol. 107, pp. 30–48, 2017.
- [8]. H. Kaur and S. Behal, “Characterization and
Comparison of Distributed Denial of Service Attack
Tools,” International Conference on Green Computing
and Internet of Things (ICGCIoT), pp. 1139–1145,
2015.
- [9]. M. J. Hashmi, M. Saxena, and R. Saini, “Classification
of DDoS Attacks and their Defense Techniques using
Intrusion Prevention System”, International Journal of
Computer Science & Communication Networks, vol. 2,
no. 5, pp. 607–614.
- [10]. A. Khadke and M. Madankar, “Review on Mitigation of
Distributed Denial of Service (DDoS) Attacks in Cloud
Computing.”, 10th International Conference on
Intelligent Systems and Control (ISCO), pp. 1-5, 2016.
- [11]. K. N. Mallikarjunan, K. Muthupriya and S. M. Shalinie,
"A survey of distributed denial of service attack," 10th
International Conference on Intelligent Systems and
Control (ISCO), Coimbatore, pp. 1-6, 2016.
- [12]. B. Prabadevi, “Distributed Denial of service Attacks
and its effects on Cloud Environment- a Survey”,
Networks, Computers and Communications, The 2014
International Symposium, 2014.
- [13]. O. Achbarou, M. Ahmed, and S. El Bouanani,
“Securing Cloud Computing from Different Attacks
Using Intrusion Detection Systems”, International
Journal of Interactive Multimedia and Artificial
Intelligence, pp. 61–64, 2017.
- [14]. R. M. Jabir, S. Ismail, R. Khanji, L. A. Ahmad, O.
Alfandi, and H. Said, “Analysis of Cloud Computing
Attacks and Countermeasures,” Advanced
Communication Technology (ICACT), 2016 18th
International Conference, pp. 117–123, 2016.
- [15]. S. Singh, “Cloud computing attacks: a discussion with
solutions”. Open Journal of Mobile Computing and
Cloud Computing, 2014.
- [16]. B. Grobauer, T. Walloschek, and E. Stocker
“Understanding cloud computing vulnerabilities”.
Security & privacy, IEEE, 9(2): 50–57, 2011.
- [17]. S. VivinSandar, S. Shenai, “Economic denial of
sustainability (EDoS) in cloud services using http and
xml-based DDoS attacks”. International Journal of
Computer Applications, 41(20): 11–16, 2012.
- [18]. A. Bhardwaj, G. Subrahmanyam, V. Avasthi, and H. G.
Sastry, “Solutions for DDoS attacks on cloud” 2016 6th
International Conference - Cloud System and Big Data
Engineering (Confluence), Noida, pp. 163-167, 2016.
- [19]. https://www.infosecurity-magazine.com/news/q1-2015-
ddos-attacks-spike/, Security and technical news, ”Q1
2015 DDoS attacks spike, targeting cloud”, Latest
Access Time for the website is 19 January 2018.
- [20]. Arbor Networks, “10th Annual worldwide
InfrastructureReport”.http://pages.arbornetworks.com/rs
/arbor/images/WISR2014.pdf, 2014.
- [21]. R. V Deshmukh and K. K. Devadkar, “Understanding
DDoS Attack & Its Effect in Cloud Environment,”
Procedia - Procedia Computer. Science., vol. 49, pp.
202–210, 2015.
- [22]. https://nakedsecurity.sophos.com/2015/03/20/greatfireorg-faces-daily-30000-bill-from-ddos-attack/L,
“Greatfire.org faces daily $30,0 0 0 bill from DDoS
attack”, Latest Access Time for the website is 22
January 2018.
- [23]. Kaspersky Labs, “Global IT security risks survey 2014
-distributed denial of service (DDoS) attacks”,
https://media.kaspersky.com/en/B2BInternational2014-Survey-DDoS-Summary-Report.pdf, 2014.
- [24]. Arbor Networks, “11th Annual worldwide
InfrastructureReport”.https://www.arbornetworks.com/a
rbor-networks-11th-annual-worldwide-infrastructuresecurity-report-finds-relentless-threat-environmentdriving-demand-for-managed-security-services-andincident-response-support, 2016.
- [25]. Arbor Networks, “Understanding the nature of DDoS
attacks”,https://www.arbornetworks.com/blog/asert/und
erstanding-the-nature-of-ddos-attacks/, 2012.
- [26]. Neustar News, “DDoS attacks and impact report finds
unpredictable DDoSlandscape”, https://nscdn.neustar.biz/creative_services/biz/neustar/www/reso
urces/whitepapers/it-security/ddos/2016-fall-ddosreport.pdf , 2016.
- [27]. Cisco, “The Zettabyte Era — Trends and Analysis –
Cisco”,https://www.cisco.com/c/en/us/solutions/collater
al/service-provider/visual-networking-index-vni/vnihyperconnectivity-wp.html, 2016.
- [28]. J. N. Ahamed, “A Review on Distributed Denial of
Service (DDoS) Mitigation Techniques in Cloud
Computing Environment,” International Journal of
Security and its Applications, vol. 10, no. 8, pp. 277–
294, 2016.
- [29]. Akamai, “Akamai Cloud Security Solutions:
Comparing Approaches for Web, DNS, and
InfrastructureSecurity”,https://www.akamai.com/es/es/
multimedia/documents/content/comparing-approachesfor-web-dns-infrastructure-security-white-paper.pdf,
2016.
- [30]. Forescout, “Forescout IoT enterprise risk report”
https://www.forescout.com/wpcontent/uploads/2016/10/ForeScout-IoT-EnterpriseRisk-Report.pdf, 2016.
- [31]. https://www.helpnetsecurity.com/2016/10/31/extinguis
h-mirai-threat/, “Can we extinguish the Mirai threat”,
Latest access Time for the website is 22 January 2018.
- [32]. https://blog.radware.com/security/2017/03/cost-ofddos-attack-darknet/, “The cost of a DDoS attack on
thedarknet”, Latest Access Time for the website is 22
January 2018.
- [33]. Cisco, “Fog Computing and Internet of Things: Extend
the Cloud to Where the Things Are, A white paper,”
Cisco Reports, pp. 1-6, April 2015.
- [34]. https://krebsonsecurity.com/2016/09/krebsonsecurityhit-with-record-ddos/, KrebsOnSecurity Hit With
Record DDoS, Latest Access Time for the website is 22
January 2018.
- [35]. http://www.telegraph.co.uk/technology/2016/11/04/unp
recedented-cyber-attack-takes-liberias-entire-internetdown/ , “Unprecedented Cyber Attack Takes Liberia’s
Entire Internet Down”, Latest Access Time for the
website is 22 January 2018.
- [36]. http://www.bbc.com/news/technology-37859678,
“Hack attacks cutt internet access in Liberia”, Latest
Access Time for the website is 22 January 2018.
- [37]. A. Efe, Risk Optimization as a Governance Goal of
Regional Development Agencies in Turkey: An Analysis
with COBIT-5 Framework, International Journal of
Education, Science and Technology, 1 - 18, 2016.
- [38]. F. Wong and C. Tan, “A survey of trends in massive
DDoS attacks and cloud-based mitigations,”
International Journal of Network Security & Its
Applications (IJNSA), vol. 6, no. 3, pp. 57-71, May
2014.
- [39]. P. Revathi, “Flow and rank correlation-based detection
against Distributed Reflection Denial of Service attack
in Recent Trends in Information Technology”,
(ICRTIT), 2014 International Conference on. IEEE,
2014.
- [40]. M. Masdari and M. Jalali, “A survey and taxonomy of
DoS attacks in cloud computing,” Security and
Communication Networks, John Wiley & Sons, Ltd, no.
July, pp. 3724–3751, 2016.
- [41]. M. Darwish, A. Ouda, and L. F. Capretz, “Cloud-based
DDoS Attacks and Defenses,” Information Society (iSociety), 2013 International Conference on IEEE, pp.
67–71, 2013.
- [42]. A. Colella, C. Colombini, “Amplification DDoS
Attacks: Emerging Threats and Defense Strategies, in
Availability, Reliability, and Security in Information
Systems”. Springer, 298–310, 2014.
- [43]. B. Sieklik, R. Macfarlane, and W. J. Buchanan,
“Evaluation of TFTP DDoS amplification attack,”
Computers & Security Elsevier, vol. 57, pp. 67–92,
2016.
- [44]. K. Harrison and G. White, “A taxonomy of cyber
events affecting communities”. In System Sciences
(HICSS), 2011 44th Hawaii International Conference
on. IEEE, 2011.
- [45]. V. Zlomislic, K. Fertalj, and V. Sruk, “Denial of service
attacks: an overview. In Information Systems and
Technologies (CISTI), 2014 9th Iberian Conference on
IEEE, 2014.
- [46]. S. Shafieian, M. Zulkernine and A. Haque,
"CloudZombie: Launching and Detecting Slow-Read
Distributed Denial of Service Attacks from the Cloud,"
2015 IEEE International Conference on Computer and
Information Technology; Ubiquitous Computing and
Communications; Dependable, Autonomic and Secure
Computing; Pervasive Intelligence and Computing,
Liverpool, pp. 1733-1740, 2015.
- [47]. P. Farina, E. Cambiaso, G. Papaleo and M. Aiello,
"Understanding DDoS Attacks from Mobile Devices,"
2015 3rd International Conference on Future Internet
of Things and Cloud, Rome, pp. 614-619, 2015.
- [48]. M. Komu, M. Sethi, R. Mallavarapu, H. Oirola, R.
Khan, and S. Tarkoma, “Secure Networking for Virtual
Machines in the Cloud”. In CLUSTER Workshops, 88–
96, 2012.
- [49]. J. Latanicki, P. Massonet, S. Naqvi, and B.
Rochwerger, “Scalable Cloud Defenses for Detection,
Analysis and and Mitigation of DDoS Attacks”,
Towards the Future Internet G. Tselentis et al. (Eds.)
IOS Press, doi:10.3233/978-1-60750-539-6-127, 2010.
- [50]. A. Bakshi, B. Yogesh, “Securing cloud from DDoS
attacks using intrusion detection system in virtual
machine”. In Communication Software and Networks,
2010. ICCSN’10. Second International Conference on.
IEEE, 2010.
- [51]. R. Shea, J. Liu, “Understanding the impact of denialofservice attacks on virtual machines”. In Proceedings
of the 2012 IEEE 20th International Workshop on
Quality of Service. IEEE Press, 2012.
- [52]. J. Szefer, E, Keller, R. Lee, and J. Rexford,
“Eliminating the hypervisor attack surface for a more
secure cloud”. In proceedings of the 18th ACM
conference on Computer and communications, 401-412,
2011.
- [53]. J. Szefer, R. Lee, “A case for hardware protection of
guest vms from compromised hypervisors in cloud
computing”. In Distributed Computing Systems
Workshops (ICDCSW), 2011 31st International
Conference on IEEE, 2011.
- [54]. J. S. Reuben. “A Survey on Virtual Machine Security”,
Vol. 2. Helsinki University of Technology: Helsinki, 36,
2007.
- [55]. Z. Fangfei, M. Goel, P. Desnoyers, R. Sundaram,
“Scheduler vulnerabilities and coordinated attacks in
cloud computing”. Journal of Computer Security,
21(4): 533–559, 2013.
- [56]. M. Masdari, S. S. Nabavi, V. Ahmadi, “An overview of
virtual machine placement schemes in cloud
computing”. Journal of Network and Computer
Applications, 66: 106–127, 2016.
- [57]. Y. Wang, J. Ma, D. Lu, X. Lu, L. Zhang, “From high
availability to collapse: quantitative analysis of “CloudDroplet-Freezing” attack threats to virtual machine
migration in cloud computing”. Cluster Computing,
17(4): 1369–1381, 2014.
- [58]. K. Lazri, S. Laniepce, H. Zheng, J. Ben-Othman,
“AMAD: Resource Consumption Profile-Aware Attack
Detection in IaaS Cloud”. In Utility and Cloud
Computing (UCC), 2014 IEEE/ACM 7th International
Conference on. IEEE, 379–386, 2014.
- [59]. S. Alarifi, S. D. Wolthusen, “Mitigation of cloudinternal denial of service attacks”. in Service Oriented
System Engineering (SOSE), 2014 IEEE 8th
International Symposium on. IEEE, 2014.
- [60]. M. A. Zardari, L. T. Jung, and N. Zakaria, “A
quantitative analysis of cloud users’ satisfaction and
data security in cloud models”. In Science and
Information Conference (SAI), 2014. IEEE, 2014.
- [61]. E. P. Krishna, E. Sandhya, and M. G. Karthik,
“Managing DDoS attacks on virtual machines by
segregated policy management”. Global Journal of
Computer Science and Technology, 14(6); 20–24, 2014.
- [62]. M. N. Ismail, A. Aborujilah, S. Musa, and A. Shahzad,
“New framework to detect and prevent denial of service
attack in cloud computing environment”. International Journal of Computer Science and Security (IJCSS),
6(4): 226, 2012.
- [63]. M. Kazim, R. Masood, M. A. Shibli, and A. G. Abbasi,
“Security aspects of virtualization in cloud computing”.
In IFIP International Conference on Computer
Information Systems and Industrial Management,
Springer: Berlin Heidelberg, 229–240, 2013.
- [64]. A. Chonka, J. Singh, and Z. Wanlei, “Chaos theorybased detection against network mimicking DDoS
attacks”. Communications Letters, IEEE 2009, 13(9):
717 719, 2009.
- [65]. B. Saini and G. Somani, “Index Page-based EDoS
Attacks in Infrastructure Cloud, in Recent Trends in
Computer Networks and Distributed Systems Security”,
Springer: Springer Berlin Heidelberg, 382–395, 2014.
- [66]. A. Koduru, T. Neelakantam, S. Saira Bhanu, “Detection
of economic denial of sustainability using time spent on
a web page in cloud”. In Cloud Computing in Emerging
Markets (CCEM), 2013 IEEE International Conference
on. IEEE, 2013.
- [67]. M. Masdari, F. Salehi, M. Jalali, and M. Bidaki, “A
Survey of PSO-Based Scheduling Algorithms in Cloud
Computing”. Journal of Network and Systems
Management, 1–37, 2016.
- [68]. M. Masdari et al. “Towards workflow scheduling in
cloud computing: a comprehensive analysis”. Journal
of Network and Computer Applications, 66: 64–82,
2016.
- [69]. T. Siva, E. S. P. Krishna, “Controlling various networkbased ADoS attacks in cloud computing environment:
by using port hopping technique”. International Journal
of Engineering Trends and Technology (IJETT), 4(5);
2099–2104, 2013.
- [70]. F. Palmieri, S. Ricciardi, U. Fiore, M. Ficco, A.
Castiglione, “Energy-oriented denial of service attacks:
an emerging menace for large cloud infrastructures”.
The Journal of Supercomputing, 71(5): 1620–1641,
2015.
- [71]. M. Jensen, N. Gruschka, R. Herkenhöner, “A survey of
attacks on web services”. Computer Science-Research
and Development, 24(4): 185–197, 2009.
- [72]. A. Falkenberg, C. Mainka, J. Somorovsky, and J.
Schwenk, “A new approach towards DoS penetration
testing on web services”. In Web Services (ICWS), 2013
IEEE 20th International Conference on. IEEE, 491–
498, 2013.
- [73]. D. Holmes, “Mitigating DDoS attacks with F5
technology”. F5 Networks, Inc, 2099–2104, 2013.
- [74]. P. Siriwardena, “Security by Design in Advanced API
Security”. Springer, 11–31, 2014.
- [75]. I. Siddavatam, J. Gadge, “Comprehensive test
mechanism to detect attack on web services”. In
Networks, 2008. ICON 2008. 16th IEEE International
Conference on. IEEE, 2008.
- [76]. S. Tiwari, P. Singh, “Survey of potential attacks on
webservices and web service compositions”. In
Electronics Computer Technology (ICECT), 2011 3rd
International Conference on. IEEE, 2011.
- [77]. P. Lindstrom, Attacking and defending web services.
Whitepaper,https://www.cse.iitb.ac.in/~madhumita/sem
inar/web%20services/Attacking%20and%20Defending
%20Web%20Services.pdf, 2004.
- [78]. M. Younis, K. Kifayat, “Secure cloud computing for
critical infrastructure: a survey”. Liverpool John
Moores University, United Kingdom, Tech. Rep, 2013.
- [79]. A. Masood, “Cyber security for service oriented
architectures in a Web 2.0 world: an overview of SOA
vulnerabilities in financial services”. In Technologies
for Homeland Security, 2013.
- [80]. A. N. Gupta, D. P. S. Thilagam, “Attacks on web
services need to secure XML on web”. Computer
Science & Engineering, 3(5): 1, 2013.
- [81]. M. Jensen, N. Gruschka, N. Luttenberger, “The impact
of flooding attacks on network-based services”. In
Availability, Reliability and Security, 2008. ARES 08.
Third International Conference on. IEEE, 2008.
- [82]. C. Mainka, J. Somorovsky, J. Schwenk, “Penetration
testing tool for web services security”. In Services
(SERVICES), 2012 IEEE Eighth World Congress on.
IEEE, 2012.
- [83]. A. Chonka, Y. Xiang, W. Zhou, A. Bonti, “Cloud
security defence to protect cloud computing against
HTTP-DoS and XML-DoS attacks”. Journal of
Network and Computer Applications 2011, 34(4):
1097–1107, 2011.
- [84]. S. Farahmandian, M. Zamani, A. Akbarabadi, Y.
Moghimi, S. M. Mirhosseini Zadeh, S. A.
Farahmandian, “survey on methods to defend against
DDoS attack in cloud computing”. System 2013, 6(22):
26, 2013.
- [85]. E, Anitha, S. Malliga, “A packet marking approach to
protect cloud environment against DDoS attacks”. In
Information Communication and Embedded Systems
(ICICES), 2013 International Conference on. IEEE,
2013.
- [86]. M. Bhuyan, H. Kashyap, D. Bhattacharyya, J. Kalita,
“Detecting distributed denial of service attacks:
methods, tools and future directions,” The Computer
Journal, pp. 6-20, March 2013.
- [87]. M. Alenezi, M. Reed, “Methodologies for detecting
DoS/DDoS attacks against network servers”. In ICSNC
2012, The Seventh International Conference on Systems
and Networks Communications. 2012.
- [88]. T. Alharbi, A. Aljuhani and H. Liu, “Holistic DDoS
mitigation using NFV,” 2017 IEEE 7th Annual
Computing and Communication Workshop and
Conference (CCWC), Las Vegas, NV, pp. 1-4, 2017.
- [89]. D. Tang, A. Tang, E. Lee and L. Tao, "Mitigating
HTTP Flooding Attacks with Meta
-data Analysis,"
2015 IEEE 17th International Conference on High
Performance Computing and Communications, New
York, NY, pp. 1406
-1411, 2015.
- [90]. J. Zhang, P. Liu, J. He and Y. Zhang, "A Hadoop Based
Analysis and Detection Model for IP Spoofing Typed
DDoS Attack," 2016 IEEE Trustcom/BigDataSE/ISPA,
Tianjin, pp. 1976
-1983, 2016.
- [91]. C. Buragohain and N. Medhi, "FlowTrApp: An SDN
based architecture for DDoS attack detection and
mitigation in data centers," 2016 3rd International
Conference on Signal Processing and Integrated
Networks (SPIN), Noida, pp. 519
-524, 2016.
- [92]. N. Beigi
-Mohammadi, C. Barna, M. Shtern, H. Khazaei
and M. Litoiu, "CAAMP: Completely automated DDoS
attack mitigation platform in hybrid clouds," 2016 12th
International Conference on Network and Service
Management (CNSM), Montreal, QC, pp. 136
-143,
2016.
- [93]. S. F. Lai, H. K. Su, W. H. Hsiao and K. J. Chen,
"Design and implementation of cloud security defense
system with software defined networking technologies,"
2016 International Conference on Information and
Communication Technology Convergence (ICTC), Jeju,
pp. 292
-297, 2016.
- [94]. M. Mizukoshi and M. Munetomo, "Distributed denial
of services attack protection system with genetic
algorithms on Hadoop cluster computing framework,"
2015 IEEE Congress on Evolutionary Computation
(CEC), Sendai, pp. 1575
-1580, 2015.
- [95].
]L. Ingle and G. K. Pakle, "NIDSV: Network based
Intrusion Detection and counter
-measure excerption in
virtual environment using AODV protocol," 2016
International Conference on Inventive Computation
Technologies (ICICT), Coimbatore, pp. 1
-6, 2016.
- [96]. A. Y. Oktoberry, “The Role of The Law in Combating
DDoS Attacks against e
- Government A Comparative
Analysis of The Substantive detection against network
mimicking DDoS attacks”. Communications Letters,
IEEE, 13(9): 717 719, 2009.
- [97]. A. Efe
, A Model Proposal for Organizational Prudence
and Wisdom within Governance of Business and
Enterprise IT. ISACA Journal, 2017.
- [98]. A. Efe, Unearthing and Enhancing Intelligence and
Wisdom Within the COBIT 5 Governance of
Information Model. ISACA Journal, 2016.
- [99]. A. Efe, COBIT
-5 Framework As A Model For The
Regional Development Agencies. International Journal
Of Ebusiness And Egovernment Studies, 33
-43, 2013.