Analysis on Distributed Denial of Service Attack Prevention in Cloud Computing

rajat saxena

Abstract


Distributed Denial of Service (DDoS) attacks are among one of the complex security problems to address evolution of Cloud computing, because they are simple to implement, hard to prevent, and difficult to trace. Ideally, the network traffic of an attack should include information for identification of the sources. In a DDoS attack, the victim host or network is usually attacked by a large number of spoofed IP packets coming from multiple sources.  Since, attackers can spoof the source addresses and can use zombie and repeaters for attack, so, it is difficult to detect the attackers in a DDoS attack.

In this paper, we survey all the aspect of prevention of DDoS  attack in cloud computing.


Full Text:

PDF

References


L. Garber Denial-of-service attacks rip the Internet. IEEE Computer 33, 4 (April 2000), 12-17.

Australian Computer Emergency Response Team, 2004 Australian Computer

Crime and Security Survey, 2004.

Gordon, L. A., Loeb, M. P., Lucyshyn, W., and Richardson, R. 2005. 2005

CSI/FBI Computer Crime and Security Survey.

Arbor Networks, ”Worldwide Infrastructure Security Report”, Volume IV, October 2008.

S. M. Specht and R. B. Lee, ”Distributed denial of service: Taxonomies of attacks, tools, and countermeasures,” in the Proceedings of the International Workshop on Security in Parallel and Distributed Systems, 2004, pp. 543-550.

P. J. Criscuolo, ”Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319,” DTIC Document,

TFreak. smurf.c, www.phreak.org. Oct 1997. www.phreak.org/archives/exploits/denial/smurf.c (6 May 2003).

TFreak. fraggle.c, www.phreak.org. www.phreak.org/archives/exploits/denial/fraggle.c (6 May 2003).

K. J. Houle, ”Trends in Denial of Service Attack Technology,” CERT Coordination Center, Carnegie Mellon Software Engineering Institute, oct

V. Company, ”Distributed Denial of Service (DDoS) and Botnet Attacks,” An iDefense Security Report, 2006.

D. Dittrich, ”The Tribe Flood Network,” distributed denial of service attack tool, 199l. Available at: http://staff.washington.edu/dittrich/misc/tfn.analysis.

N. L. Sven Dietrich, David Dittrich, ”Analyzing Distributed Denial Of Service Tools: The Shaft Case,” in Proceedings of the 14th Systems Administration Conference (LISA 2000), New Orleans, Louisiana, USA, December 3 8, 2000, p. 12.

D. Dittrich, ”The stacheldraht,” distributed denial of service attack tool, 1999.

Available: http://staff.washington.edu/dittrich/misc/stacheldraht.analysis.

G. W. David Dittrich , Sven Dietrich , Neil Long, ”The mstream,” distributed denial of service attack tool, 2000. Available at: http://staff.washington.edu/dittrich/misc/mstream.analysis.txt.

B. Hancock, ”Trinity v3, a DDoS tool, hits the streets,” Computers & Security, vol. 19, pp. 574-574, 2000.

Bysin, knight.c sourcecode,” 2001. Available at:

http://packetstormsecurity.org/distributed/ knight.c

Jose Nazario, , BlackEnergy DDoS Bot Analysis, Arbor Networks, 2007. Available at: http://atlas- public.ec2.arbor.net/docs/BlackEnergy+DDoS+Bot+Analysis.pdf.

Arbor Sert, ” DDoS and Security Reports: The Arbor Networks Security

Blog,” 2011. Available at: http://ddos.arbornetworks.com/2012/02/ddos-tools/.

David Mankins, Rajesh Krishnan, Ceilyn Boyd, John Zao, and Michael Frentz, Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing, Computer Security Applications Conference, 2001. ACSAC

Proceedings 17th Annual, pp. 411-421, 2001.

Joao B. D. Cabrera, Lundy Lewis, Xinzhou Qin, Wenke Lee, Ravi K.

Prasanth, B. Ravichandran, and Ramon K. Mehra, Proactive Detection of Distributed Denial of Service Attacks Using MIB Traffic Variables A Feasibility Study, Integrated Network Management Proceedings, pp. 609-622,

David K. Yau, John C. S. Lui, and Feng Liang, Defending Against Distributed Denial of Service Attacks with Max-min Fair Server-centric Router Throttles, Quality of Service, 2002 Tenth IEEE International Workshop, pp. 35-44,

Nathalie Weiler. Honeypots for Distributed Denial of Service, Enabling

Technologies: Infrastructure for Collaborative Enterprises, 2002. WET ICE

Proceedings. Eleventh IEEE International Workshops, 2002. pp. 109-

Thomas E. Daniels and Eugene H. Spafford, Network Traffic Tracking Systems: Folly in the Large?, Proceedings of the 2000 Workshop on New Security Paradigms, Feb. 2001.

Vern Paxon, An Analysis of Using Reflectors for Distributed Denial of Service

Attacks, ACM SIGCOMM Computer Communication Review, Vol. 31, Iss.

, Jul 2001.

V.Murali Bhaskkara, A.M Natarajan and S.N. Sivanandam,” New promising IP traceback approach and its comparison with existing approaches”, Infor- mation Technology Journal 6 (2):182-188, 2007.

P. Ferguson and D. Senie, Network ingress filtering: Defeating denial- of- service attacks which employ IP source address spoofing, RFC 2827, 2000.

J. Glave. (1998) Smurfing cripples ISPs.Wired Technology News http://www.wired.com/news/news/technology/story/9506.

H. Burch and B. Cheswick, Tracing anonymous packets to their approximate source, in Proc. 2000 USENIX LISA Conf., Dec. 2000, pp.319327.

R. Stone, CenterTrack: An IP overlay network for tracking DoS floods, in

Proc 2000 USENIX Security Symp., July 2000, pp.199212.

M. Bellovin, ICMP traceback messages,, Internet Draft:draft-bellovin-itrace-

txt, 2000.

D.X. Song and A. Perrig, Advanced and Authenticated Marking Schemes for

IP Traceback, Proc. IEEE INFOCOM 01, pp. 878-886, April. 2001.

Stefan Savage, DavidWetherall, Anna Karlin, and Tom Anderson. Practical Network Support for IP Traceback. Technical report, Department of Computer Science and Engineering, University of Washington, 2000.

K. Park and H. Lee, ”On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack”, IEEE INFOCOMM, Apr.

, pp. 338-347.

A. Belenky, and N. Ansari, ”Tracing Multiple Attackers with Deterministic Packet Marking (DPM)”, IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, 2003, pp.49-52.

Yang Xiang and Wanlei Zhou, ” A Defense System Against DDoS Attacks by Large-Scale IP Traceback” , In Proceedings of the Third International Conference on Information Technology and Applications (ICITA05), 20005, pp. 56-62.

A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchak- ountio, B. Schwartz, S. T. Kent, and W. T. Strayer; ”Single-packet IP Traceback”;IEEE/ACM Transactions on Networking (ToN), 10(6) [December

.

D. Dean, M. Franklin, and A. Stubblefield, An Algebraic Approach to IP Traceback, ACM Trans. Information and System Security, vol. 5, no. 2, pp.

-137, 2002.

Harendra A.Alwis, Robin C.Doss, Praveen S.Hewage ,Morshed U. U. Chowd- hury Topology Based Packet Marking for IP Traceback, 2006.




DOI: http://dx.doi.org/10.24294/jche.v1i2.468

Refbacks

  • There are currently no refbacks.




Creative Commons License

This site is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.