DDoS Protection System for Cloud: Architecture and Tool

      

ABSTARCT :

Background: Many organization are using Cloud for hosting their web applications. The attackers can try to attack these webservers for achieving Denial of Service attack. Specifically, Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network of Cloud infrastructure by overwhelming the target or its surrounding infrastructure with a flood of internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems assources of attack traffic. Exploited machines can include computers and other networked resources. Therefore, it is essential to develop appropriate security tools to counter and protect against these attacks. Description: The most obvious symptom of a DDoS attack is that a website or service suddenly becomes slow or unavailable. But since a number of causes such a legitimate spike in traffic can create similar performance issues, further investigation is usually required. Therefore, suitable analytics tools need to be developed to clearly identify an attack as DDoS. Following are some of the patterns for a DDoS attack: 1. Suspicious amounts of traffic originating from a single IP address or IP range 2. A flood of traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version 3. An unexplained surge in requests to a single page or endpoint 4. Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes) There are other, more specific signs of DDoS attack that can vary depending on the type of attack. The tool developer should be creative to consider other signs also. For the above problem statements, following assumptions can be made: 1. Cloud is hosting a website and providing some services to its users. 2. The website should be always up and providing services to its users (high availability). 3. The attackers can flood the website directly or via other nodes (DDoS). 4. The attacker can also sabotage the link between a client and webserver. 5. The attack can come from outside or from within the cloud infrastructure. A solution needs to be built by suitably designing the cloud architecture and developing some tool (s) to automatically detect and recover from the DDoS attack. Expected Solution: A set of developed tool(s) along with a suitable Cloud architecture to be demonstrated. The demonstrated website should be protected well against different types of DDoS attack. In case of an attack, the developed security tools should be able to automatically detect and protect a website hosted on cloud infrastructure against DDoS attacks. The solution should also demonstrate the automatic recovery from the attack. As high availability is an essential feature, the down time (recovery time) should be minimized to the extent possible.

EXISTING SYSTEM :

DDoS attacks are major security risks in a cloud computing environment, where resources are shared by many users. A DDoS attack targets resources or services in an attempt to render them unavailable by flooding system resources with heavy amounts of unreal traffic. The objective of DDoS attacks is to consume resources, such as memory, CPU processing space, or network bandwidth, in an attempt to make them unreachable to end users by blocking network communication or denying access to services. Dealing with DDoS attacks at all layers in cloud systems is a major challenge due to the difficulty of distinguishing the attacker’s requests from legitimate user requests, even though the former come from a large number of distributed machines. In this paper, we present an in-depth analysis of DDoS attacks in cloud computing and discuss the challenges in defending against these attacks.

DISADVANTAGE :

Cost: High Expenses: Advanced DDoS protection services, especially those with traffic scrubbing, can be costly. The cost can scale with the level of protection and traffic volume. Performance Impact: Latency: Traffic scrubbing and filtering can introduce latency as requests are analyzed and cleaned before reaching the destination. Bandwidth Limits: Some services may have bandwidth limitations, potentially impacting legitimate traffic during high-volume attacks. Scalability Issues: Resource Limitations: Some tools may not scale effectively with sudden, massive increases in traffic, potentially leading to service degradation during a large-scale attack. False Positives and Negatives: Blocking Legitimate Traffic: Overly aggressive filters or misconfigured rules might block legitimate traffic, leading to potential service disruptions. Evasion Techniques: Sophisticated attackers might use techniques to bypass DDoS protection, such as using smaller, more frequent attacks that are harder to detect. Dependency on Provider: Vendor Lock-In: Relying on a specific cloud provider’s DDoS protection service may create dependency and limit flexibility in choosing or switching providers.

PROPOSED SYSTEM :

The main drawback in detecting a DDoS attack is that it cannot be said for sure that the packet received is from a legitimate source. If we can tell for sure if the connection request is from a legitimate source, then we can surely proceed further in detecting and preventing the attack being carried on. The proposed system uses a new method called Double TCP for establishing a TCP/IP connection between the server and the client which can tell whether the packet is coming from the source as mentioned in the header or if it is spoofed. Using Double TCP, the Layer 4 DoS and DDoS attack performed on the server can also be prevented as no Transmission Control Block (TCB) is created until and unless the client replies back to the server with the pattern to authenticate itself. On connection established, the system needs to check further chances of Layer 7 attacks hidden in HTTP or XML requests. The request is forwarded to the Probability-based Malicious Request Detection (PBMRD) system which handles these requests for a safe execution. The Double TCP connection mechanism and the PBMRD System are explained in the sections below followed by the explanation on the Hidden Markov Model and its use in the proposed system.

ADVANTAGE :

Scalability: Elastic Resources: Cloud-based DDoS protection systems can dynamically scale resources to handle large volumes of traffic, providing resilience against high-capacity attacks. Distributed Architecture: Anycast networks and traffic distribution techniques ensure that traffic is spread across multiple data centers, preventing overload on a single point. Enhanced Security: Layered Protection: Combining network-based and application-based defenses offers comprehensive protection against various attack vectors. Automated Threat Detection: Advanced systems use machine learning and behavioral analysis to identify and mitigate threats in real-time.

Download DOC Download PPT

We have more than 145000 Documents , PPT and Research Papers

Have a question ?

Chat on WhatsApp