Skip to main content
SpringerLink
Log in

A request aware module using CS-IDR to reduce VM level collateral damages caused by DDoS attack in cloud environment

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Distributed Denial of Service (DDoS) plays a significant role in threatening the cloud-based services. DDoS is a kind of attack which targets the CPU, bandwidth and other resources and makes them unavailable to benign users. The DDoS attack has an enormous impact on multi-tenant cloud network than the traditional network due to the cloud features like virtualization, load balancing, resource scaling and migrations. These features spread attack effects in the whole cloud network, which introduces the collateral damages to the non-target stakeholders. Some of these stakeholders are co-hosted virtual machines (VMs), host physical server, co-hosted physical server, cloud service providers and users, etc. Therefore, there is a need for a method that can reduce such collateral damages. In this work, we focus on reducing VM level collateral damages caused to the co-hosted VMs residing with the victim VM on the same host. The proposed architecture consists of: (i) a request awareness based module to reduce VM level collateral damages, (ii) to obtain the request awareness, a novel Cuckoo Search based IDentification of Request (CS-IDR) method using bivariate flight is also proposed. The CS-IDR method helps in taking the request-aware decision, which eventually reduces VM level collateral damages. The result also shows that the proposed method minimizes the CPU usage, RAM usage, power consumption, overall load, and incurred cost caused due to DDoS attack on non-target co-hosted VM, and hence reduces such collateral damages.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18

Similar content being viewed by others

References

  1. Aldossary, S., Allen, W.: Data security, privacy, availability and integrity in cloud computing: issues and current solutions. Int. J. Adv. Comput. Sci. Appl. 7(4), 485–498 (2016)

    Google Scholar 

  2. Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M., Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4(1), 22–32 (2017)

    Article  Google Scholar 

  3. Zlomisli, V., Fertalj, K., Sruk, V.: Denial of service attacks, defences and research challenges. Clust. Comput. 20(1), 661–671 (2017)

    Article  Google Scholar 

  4. Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)

    Article  Google Scholar 

  5. Shaar, F., Efe, A.: DDoS attacks and impacts on various cloud computing components. Int. J. Inf. Secur. Sci. 7, 26–48 (2018)

    Google Scholar 

  6. Somani, G., Gaur, M.S., Sanghi, D., Conti, M.: DDoS attacks in cloud computing: collateral damage to non-targets. Comput. Netw. 109, 157–171 (2016)

    Article  Google Scholar 

  7. Chen, Y., Hwang, K.:Collaborative change detection of DDoS attacks on community and ISP networks. International Symposium on Collaborative Technologies and Systems (CTS’06), Las Vegas, NV, 2006, pp. 401-410 (2006)

  8. Zhang, H., Gu, Z., Liu, C., Jie, T.:Detecting VoIP-specific denial-of-service using change-point method. In: 11th International Conference on Advanced Communication Technology, Phoenix Park, 2009, pp. 1059–1064 (2009)

  9. Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Proceedings DARPA Information Survivability Conference and Exposition, Washington, DC, USA, vol 1 pp. 303–314 (2003)

  10. Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. 24(2), 115–139 (2006)

    Article  Google Scholar 

  11. Yu, S., Thapngam, T., Liu, J., Wei, S., Zhou, W.: Discriminating DDoS flows from flash crowds using information distance. In: Third International Conference on Network and System Security, Gold Coast, QLD, 2009, pp. 351–356 (2009)

  12. Hamdi, M., Boudriga, N.: Detecting Denial-of-Service attacks using the wavelet transform. Comput. Commun. 30(16), 3203–3213 (2007)

    Article  Google Scholar 

  13. Carl, G., Brooks, R.R., Rai, S.: Wavelet based denial-of-service detection. Comput. Secur. 25(8), 600–615 (2006)

    Article  Google Scholar 

  14. Lombardi, F., Di Pietro, R.: Secure virtualization for cloud computing. J. Netw. Comput Appl. 34(4), 1113–1122 (2011)

    Article  Google Scholar 

  15. Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Buyya, R.: Service resizing for quick DDoS mitigation in cloud computing environment. Ann. Telecommun. 72(5–6), 237–252 (2017)

    Article  Google Scholar 

  16. Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M.: DDoS victim service containment to minimize the internal collateral damages in cloud computing. Comput. Electr. Eng. 59, 165–179 (2017)

    Article  Google Scholar 

  17. Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M.: Scale inside-out: rapid mitigation of cloud DDoS attacks. IEEE Trans. Dependable Secure Comput. 15(6), 959–973 (2017)

    Article  Google Scholar 

  18. Saxena, R., Dey, S.: DDoS attack prevention using collaborative approach for cloud computing. Clust. Comput. 23, 1329–1344 (2020)

    Article  Google Scholar 

  19. Hezavehi, S.M., Rahmani, R.: An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments. Clust Comput. 23, 2609–2627 (2020)

    Article  Google Scholar 

  20. Verma, P., Tapaswi, S., Godfrey, W.W.: An adaptive threshold-based attribute selection to classify requests under DDoS attack in cloud-based systems. Arab. J. Sci. Eng. 45, 2813–2834 (2020)

    Article  Google Scholar 

  21. Kesavamoorthy, R., Soundar, K.R.: Swarm intelligence based autonomous DDoS attack detection and defense using multi agent system. Clust. Comput. 22(4), 9469–9476 (2019)

    Article  Google Scholar 

  22. Kim, H., Kim, J., Kim, Y., Kim, I., Kim, K.J.: Design of network threat detection and classification based on machine learning on cloud computing. Clust. Comput. 22, 1–10, (2018)

    MATH  Google Scholar 

  23. Wang, C., Yao, H., Liu, Z.: An efficient DDoS detection based on SU-Genetic feature selection. Clust. Comput. 22, 1–11 (2018).

    Google Scholar 

  24. Vidal, J.M., Orozco, A.L.S., Villalba, L.J.G.: Adaptive artificial immune networks for mitigating DoS flooding attacks. Swarm Evol. Comput. 38, 94–108 (2018)

    Article  Google Scholar 

  25. Garg, S., Batra, S.: Fuzzified cuckoo based clustering technique for network anomaly detection. Comput. Electr. Eng. 71, 798–817 (2017)

    Article  Google Scholar 

  26. Velliangiri, S., Premalatha, J.: Intrusion detection of distributed denial of service attack in cloud. Clust. Comput. 22(5), 10615–10623 (2019)

    Article  Google Scholar 

  27. Velliangiri, S., Pandey, H.M.: Fuzzy-Taylor-elephant herd optimization inspired Deep Belief Network for DDoS attack detection and comparison with state-of-the-arts algorithms. Future Gener. Comput Syst. 110, 80–90 (2020)

    Article  Google Scholar 

  28. Prasad, K.M., Reddy, A.R., Rao, K.V.: BIFAD: Bio-inspired anomaly based HTTP-flood attack detection. Wirel. Pers. Commun. 97(1), 281–308 (2017)

    Article  Google Scholar 

  29. Buyya, R., Ranjan, R., Calheiros, R.N.: Modeling and simulation of scalable Cloud computing environments and the CloudSim toolkit: challenges and opportunities. In: 2009 International Conference on High Performance Computing and Simulation, pp. 1–11 (2009)

  30. Shehab, M., Khader, A.T., Al-Betar, M.A.: A survey on applications and variants of the cuckoo search algorithm. Appl. Soft Comput. 61, 1041–1059 (2017)

    Article  Google Scholar 

  31. Yang, X.S., Deb, S.: Cuckoo search via Levy flights. In: World Congress on Nature and Biologically Inspired Computing, pp. 210–214 (2009)

  32. Yang, X.S., Deb, S.: Engineering optimisation by cuckoo search. Int. J. Math. Model. Numer. Optim. 1(4), 330–343 (2010)

    MATH  Google Scholar 

  33. Mareli, M., Twala, B.: An adaptive cuckoo search algorithm for optimisation. Appl. Comput. Inform. 14(2), 107–115 (2017)

    Article  Google Scholar 

  34. Zheng, H., Zhou, Y.Q.: A novel Cuckoo Search optimization algorithm base on Gauss distribution. J. Comput. Inf. Syst. 8, 4193–4200 (2012)

    Google Scholar 

  35. Zaw, M.M., Mon, E.E.: Web document clustering using Gauss distribution based cuckoo search clustering algorithm. Int. J. Sci. Eng. Technol. Res. 3(13), 2945–2949 (2014)

    Google Scholar 

  36. Thang, N.T.: Economic emission load dispatch with multiple fuel options using Hopfield Lagrange Network. Int. J. Adv. Sci. Technol. 57, 9–24 (2013)

    Google Scholar 

  37. Nguyen, T.T., Vo, D.N., Dinh, B.H.: Cuckoo search algorithm using different distributions for short-term hydrothermal scheduling with reservoir volume constraint. Int. J. Electr. Eng. Inform. 8(1), 76–92 (2016)

    Google Scholar 

  38. Tusiy, S.I., Shawkat, N., Ahmed, M., Panday, B., Sakib, N.: Comparative analysis on improved Cuckoo search algorithm and artificial Bee colony algorithm on continuous optimization problems. Int. J. Adv. Res. Artif. Intell. 4(2), 14–19 (2015)

    Google Scholar 

  39. Tuba, M., Subotic, M., Stanarevic, N.:Modified cuckoo search algorithm for unconstrained optimization problems. In: Proceedings of the 5th European conference on European Computing Conference on World Scientific and Engineering Academy and Society (WSEAS), pp. 263–268 (2011)

  40. NSL-KDD Dataset. http://www.unb.ca/cic/datasets/nsl.html

  41. Phyu, T.Z., Oo, N.N.: Performance comparison of feature selection methods. MATEC Web Conf. (2016). https://doi.org/10.1051/matecconf/20164206002

    Article  Google Scholar 

  42. Jin, C., De-Lin, L., Fen-Xiang, M.: An improved ID3 decision tree algorithm. In: 4th International Conference on Computer Science and Education, pp. 127–130 (2009)

  43. Lecture Notes on Bivariate Distribution. University of Washington, Department of Statistics. https://www.cl.cam.ac.uk/teaching/0708/Probabilty/prob10.pdf

  44. Calheiros, R.N., Ranjan, R., Beloglazov, A., De Rose, C.A., Buyya, R.: CloudSim: a toolkit for modeling and simulation of cloud computing environments and evaluation of resource provisioning algorithm. Softw. Pract. Exp. 41(1), 23–50 (2011)

    Article  Google Scholar 

  45. Beloglazov, A., Buyya, R.: Managing overloaded hosts for dynamic consolidation of virtual machines in cloud data centers under quality of service constraints. IEEE Trans. Parallel Distrib. Syst. 24(7), 1366–1379 (2013)

    Article  Google Scholar 

  46. Jena, U.K., Das, P.K., Kabat, M.R.: Hybridization of meta-heuristic algorithm for load balancing in cloud computing environment. J. King Saud Univ. Comput. Inf. Sci. (2020) https://doi.org/10.1016/j.jksuci.2020.01.012

    Article  Google Scholar 

  47. Al-Haidari, F., Sqalli, M., Salah, K.: Evaluation of the impact of EDoS attacks against cloud computing services. Arab. J. Sci. Eng. 40(3), 773–785 (2015)

    Article  Google Scholar 

  48. Amazon. Amazon EC2 Pricing (2017). https://aws.amazon.com/ec2/pricing/on-demand/

Download references

Author information

Authors and Affiliations

  1. Atal Bihari Vajpayee-Indian Institute of Information Technology and Management, Gwalior, India

    Priyanka Verma, Shashikala Tapaswi & W. Wilfred Godfrey

Authors
  1. Priyanka Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shashikala Tapaswi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. W. Wilfred Godfrey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Priyanka Verma.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Verma, P., Tapaswi, S. & Godfrey, W.W. A request aware module using CS-IDR to reduce VM level collateral damages caused by DDoS attack in cloud environment. Cluster Comput 24, 1917–1933 (2021). https://doi.org/10.1007/s10586-021-03234-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-021-03234-2

Keywords

Search

Navigation