A DDoS Mitigation System with Multi-Stage Detection and Text-Based Turing Testing in Cloud Computing

An important trend in the computer science is towards Cloud Computing and we can see that many cloud services are proposed and developed in the Internet. An important cloud service like the IaaS as AWS EC2 can help many companies to build data centers with high performance computing resources and reduce the cost of maintaining the computing hardware. A data center which provides internet service may suffer from many security risks including Distributed Denial of Service (DDOS) attack. We believe that most of the cloud services, like Gmail, Dropbox, Google Document, and etc., are based on HTTP connection. Hence, we aim at HTTP-based connection and propose a low reflection ratio mitigation system against the DDoS attacks. Our system is in the front of an IaaS that all of the virtual data centers in the IaaS are our protection targets. Our system consists of Source Checking, Counting, Attack Detection, Turing Test, and Question Generation modules. We provide a multi-stage detection to more precisely detect the possible attackers and a text-based turing test with question generation module to challenge the suspected requesters who are detected by the detection module. We implemented the proposed system and evaluated the performance to show that our system works efficiently to mitigate the DDoS traffic from the Internet.