Proactive Approach for the Prevention of DDoS Attacks in Cloud Computing Environments

被引:1
作者
Alshehry, Badr [1 ]
Allen, William [1 ]
机构
[1] Florida Inst Technol, Sch Comp, Melbourne, FL 32901 USA
来源
APPLIED COMPUTING AND INFORMATION TECHNOLOGY | 2017年 / 695卷
关键词
Distributed denial-of-service attacks; Cloud computing; Proxy firewall; Threat intelligence; Computer security;
D O I
10.1007/978-3-319-51472-7_9
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Contemporary security systems attempt to provide protection against distributed denial-of-service (DDoS) attacks; however, they mostly use a variety of computing and hardware resources for load distribution and request delays. As a result, ordinary users and website visitors experience timeouts, captchas, and low-speed connections. In this paper, we propose a highly inventive multilayer system for protection against DDoS in the cloud that utilizes Threat Intelligence techniques and a proactive approach to detect traffic behavior anomalies. The first layer of the model analyzes the source IP address in the header of incoming traffic packets and the second layer analyzes the speed of requests and calculates the threshold of the attack speed. If an attack remains undetected, the incoming traffic packets are analyzed against the behavior patterns in the third layer. The fourth layer reduces the traffic load by dispatching the traffic to the proxy, if required, and the fifth layer establishes the need for port hopping between the proxy and the target website if the attack targets a specific web-application. A series of experiments were performed and the results demonstrate that this multilayer approach can detect and mitigate DDoS attacks from a variety of known and unknown sources.
引用
收藏
页码:119 / 133
页数:15
相关论文
共 33 条
[1]   On Evaluating IP Traceback Schemes: A Practical Perspective [J].
Aghaei-Foroushani, Vahid ;
Zincir-Heywood, A. Nur .
IEEE CS SECURITY AND PRIVACY WORKSHOPS (SPW 2013), 2013, :127-134
[2]  
Akamai, 2015, STAT INT REP
[3]  
Amin S. O., 2006, EMERGING DIRECTIONS
[4]  
Amin S. O, 2006, 8 INT C ADV COMM TEC, V3, P2139
[5]  
[Anonymous], 2014, CYB THREAT INT GET A
[6]  
Arbor Networks, 2016, APNIC C
[7]  
Cho J.H., 2015, DDoS Prevention System Using Multi-Filtering Method
[8]   Understanding DDoS Attack & Its Effect In Cloud Environment [J].
Deshmukh, Rashmi V. ;
Devadkar, Kailas K. .
PROCEEDINGS OF 4TH INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATION AND CONTROL(ICAC3'15), 2015, 49 :202-210
[9]  
Farnham G., 2013, Tools and Standards for Cyber Threat Intelligence Projects
[10]   Deterministic and Authenticated Flow Marking for IP Traceback [J].
Foroushani, Vahid Aghaei ;
Zincir-Heywood, A. Nur .
2013 IEEE 27TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA), 2013, :397-404