Distributed denial of service (DDoS) attack in cloud infrastructure has shown the new effects towards the non-targets known as “collateral damages”. The cloud-hosted services generally run inside the virtual machine (VM). These services are co-located to each other which lie on the same OS of the VM and share the resources. When the DDoS attacker targets one service, its effects can be seen on other co-located services also. These effects are called “internal collateral damages”. Therefore this work, focuses on mitigating internal collateral damages caused by the DDoS attack in the cloud environment. Here the problem is considered as an OS level resources governance and isolation problem to minimize the effects of the attack on non-targets. The methods present in the literature are not capable enough to deal the problem of internal collateral damages effectively. Therefore, a novel service containerization approach is proposed to achieve resource governance and isolation between the co-located services. Moreover, the proposed approach improves service performance for benign users. The results also shows that the proposed approach is capable to reduce the collateral effects of DDoS attack on co-located services such as SSH and disk I/O by improving the service performance.

云基础架构中的分布式拒绝服务（DDoS）攻击已显示出对非目标的新影响，即“附带损害”。云托管服务通常在虚拟机（VM）内运行。这些服务位于虚拟机的相同OS上并共享资源，彼此位于同一位置。当DDoS攻击者将一项服务作为目标时，其影响也可以在其他位于同一地点的服务上看到。这些影响称为“内部附带损害”。因此，这项工作着重于减轻由云环境中的DDoS攻击引起的内部附带损害。在这里，该问题被视为操作系统级别的资源管理和隔离问题，以最大程度地减少攻击对非目标的影响。文献中存在的方法不足以有效地解决内部附带损害的问题。因此，提出了一种新颖的服务容器化方法来实现资源管理和位于同一地点的服务之间的隔离。此外，所提出的方法改善了良性用户的服务性能。结果还表明，所提出的方法能够通过改善服务性能来减少DDoS攻击对诸如SSH和磁盘I / O之类的共置服务的附带影响。