A Survey of DDoS Attack and Defense Technologies in Cloud Computing

被引:0
作者
Yue M. [1 ]
Wang H.-Y. [1 ]
Wu Z.-J. [1 ]
Liu L. [1 ]
机构
[1] School of Electronic Information and Automation, Civil Aviation University of China, Tianjin
来源
Jisuanji Xuebao/Chinese Journal of Computers | 2020年 / 43卷 / 12期
基金
中国国家自然科学基金;
关键词
Attack detection; Attack mitigation; Attack prevention; Cloud computing; Distributed denial of service attack;
D O I
10.11897/SP.J.1016.2020.02315
中图分类号
学科分类号
摘要
Cloud computing is an innovation of the service model. It centralizes physical resources (e.g., computing resources, storage resources, and data resources) and provides them to users on demand through the network. Cloud computing faces many security challenges (e.g., data privacy, resource management). Distributed Denial of Service (DDoS) attack is one of the major security threats to cloud computing. The DDoS attack seriously affects the continuity and availability of cloud computing. Although the DDoS attack has been prevalent in traditional networks, the application of cloud computing brings new challenges and opportunities to attack and defense. On the one hand, cloud computing empowers attacks. The large scale and centralization of cloud computing amplifies traditional attacks. In addition, the vulnerabilities of cloud computing itself can be exploited to organize new types of DDoS attacks. In this case, it is difficult for traditional defense technologies to deal with large-scale, diverse, and complex DDoS attacks in cloud computing. On the other hand, cloud computing empowers defense. The cloud computing provides large amounts of resources combined with new technologies such as Software Defined Network (SDN), auto-scaling to guarantee its own security and provide cloud security services to users. The current development trend is to take full advantage of new technologies of cloud computing to defense DDoS attacks. The DDoS attack in cloud computing has attracted extensive attentions. Currently, many researches have been devoted to exposing new vulnerabilities and designing effective anti-DDoS strategies. In order to enable researchers to comprehensively grasp the current research progress and excite them to develop new solutions against various DDoS attacks, this paper extensively reviews existing studies for a survey. First, we summarize the vulnerabilities of cloud computing in technology and service, and further reveal how to exploit these vulnerabilities to launch DDoS attacks. Next, we describe the organization approaches of DDoS attacks in cloud computing. In addition, we analyze the principles of various DDoS attacks in cloud computing and categorize them according to attack rate. Then, we present an overview of DDoS defense architecture in cloud computing. After that, we analyze and evaluate existing anti-DDoS technologies in detail from three aspects: attack prevention, attack detection and attack mitigation. The important thing is we compare advantages and disadvantages of these technologies. Beyond technology, we briefly extend our discussion on some important issues in service and management for anti-DDoS attack. Finally, we discuss current open issues and challenges, and prospect future research directions. We hope this paper can provide better understanding of the DDoS attack in cloud computing environment, current solution space, and future research scope to deal with such attacks more efficiently. © 2020, Science Press. All right reserved.
引用
收藏
页码:2315 / 2336
页数:21
相关论文
共 98 条
[1]  
Nikolai J, Wang Y., A system for detecting malicious insider data theft in IaaS cloud environments, Proceedings of the 59th IEEE Global Communications Conference, pp. 1-6, (2016)
[2]  
Feng Deng-Guo, Zhang Min, Zhang Yan, Et al., Study on cloud computing security, Journal of Software, 22, 1, pp. 71-83, (2011)
[3]  
Chen Xing-Shu, Ge Long, Cloud Security Principle and Practice, (2017)
[4]  
Somani G, Gaur M S, Sanghi D, Et al., Combating DDoS attacks in the cloud: Requirements, trends, and future directions, IEEE Cloud Computing, 4, 1, pp. 22-32, (2017)
[5]  
Hoque N, Bhattacharyya D K, Kalita J K., Botnet in DDoS attacks: Trends and challenges, IEEE Communications Surveys & Tutorials, 17, 4, pp. 2242-2270, (2015)
[6]  
Zhang Yu-Qing, Wang Xiao-Fei, Liu Xue-Feng, Et al., Survey on cloud computing security, Journal of Software, 27, 6, pp. 1328-1348, (2016)
[7]  
Li Ke, Fang Bin-Xing, Cui Xiang, Et al., Study of botnets trends, Journal of Computer Research and Development, 53, 10, pp. 2189-2206, (2016)
[8]  
Zand A, Modelo-Howard G, Tongaonkar A, Et al., Demystifying DDoS as a service, IEEE Communications Magazine, 55, 7, pp. 14-21, (2017)
[9]  
DDoS and application attacks, 5, 1, (2019)
[10]  
AWS Best Practices for DDoS Resiliency, (2016)