Security Scheme for Protecting Cloud Computing Services Against Bursty DDoS Attacks

Mazlina, Abdul Majid and Naser, Aws and Mohamad Fadli, Zolkipli and Khan, Nusrat Ullah (2015) Security Scheme for Protecting Cloud Computing Services Against Bursty DDoS Attacks. International Journal on Advances in Information Sciences and Service Sciences, 7 (1). pp. 39-45. ISSN 2233-9345. (Published)

[img]
Preview
PDF
fskkp-2014-mazlina-Security_Scheme_for_Protecting.pdf

Download (348kB)

Abstract

In cloud computing, data and applications are maintained on remote servers and accessed via the Internet. Virtualised resources such as dynamic servers are operated through the Internet, which increases the economic benefits accrued to customers from software. Cloud computing reduces customer concerns about software licenses, hardware, and overall system maintenance. Connections between web services are typically enabled using the simple object access protocol (SOAP), and extensible markup language (XML) or hypertext transport protocol (HTTP) is used to construct SOAP messages. Denial of service (DoS) and distributed DoS (DDoS) are two major problems affecting cloud computing services, and it is a challenge to resolve them completely. The identity of the perpetrators of these acts is usually difficult to ascertain especially when the attacks are carried out using spoofed IP addresses. Consequently, differentiating genuine packets from the packets sent by hackers is difficult. The addresses are spoofed with the intention of causing harm to cloud service provider communication channels. Distinguishing legitimate messages from illegitimate messages is an important step towards solving the problem of DDoS attacks. Modulo and CLASSIE methods effectively detect and reduce spoofing attacks using unique rulesets. In this paper, we propose using modulo packet marking and a method called reconstruct and drop (RAD) to differentiate and discard malicious packets. The proposed method improves the detection and filtering of DDoS attacks. Further, the results of comparisons conducted indicate that the proposed method requires fewer bits than Huffman code and its performance is better than that of cloud protector.

Item Type: Article
Uncontrolled Keywords: DDoS, reconstruct and drop (RAD), Huffman code
Subjects: T Technology > T Technology (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty/Division: Faculty of Computer System And Software Engineering
Depositing User: Dr. Mazlina Abdul Majid
Date Deposited: 30 Oct 2014 07:23
Last Modified: 01 Feb 2018 07:49
URI: http://umpir.ump.edu.my/id/eprint/7335
Download Statistic: View Download Statistics

Actions (login required)

View Item View Item