R. K. Deka1, D. K. Bhattacharyya2, and J. K. Kalita3
1Department of Computer Science and Engineering, Assam Don Bosco University, Guwahati, Assam, India
2Department of Computer Science and Engineering, School of Engineering, Tezpur University, Tezpur, Assam, India
3Department of Computer Science, College of Engineering and Applied Science, University of Colorado, Boulder, CO, USA
The cloud computing infrastructure allows a service provider on the Internet to provide the use of computing resources to fulfill the necessary demands of users. Due to virtualization, it is possible to provide services using optimal resources. Khorshed et al. [1] define cloud computing as “a system of shared resources of a data centre using virtualization technology. Such systems provide elasticity based on demand and ask for charges based on customer usage.”
Scanning, DoS, and penetration [2] can occur in a live network of computers. The Arbor Networks1 reported the largest (at that time) DDoS attack of 400 Gbps in 2014. In Figure 13.1, we can see DDoS attack trends in 20202. In particular, large‐scale DDoS attack frequency has continued to trend upward, as shown in Figure 13.2.
The Mirai botnet attack is launched using IoT devices such as DVR players and digital cameras. The victims were the servers of Dyn, a company that controls much of the Internet’s Domain Name System (DNS) infrastructure. It was hit on 21 October 2016 with an extraordinary attack strength of around 1.2 Tbps and remained under sustained assault for most of the day, bringing down many sites including Twitter, The Guardian, Netflix, Reddit, CNN, and many others in Europe and United States3.
Research on DDoS attacks and defense in the cloud environment is still at an evolving stage. These days, researchers are very much concerned about services in the cloud and cloud security. Sabahi [3], Pitropakis et al. [4], and Grover and Sharma [5] discuss efforts to secure user data in the cloud. Rather than storing the information locally at the client’s infrastructure, data are stored in the cloud provider’s location. It is evident that in such a situation, people are worried about the security of their data. Thus, cloud organizations should provide adequate protection for the customer and also for the safety of their own.
In the context of the cloud, requests for resources like virtual machines (VM) can be made by any user through the Internet. As a result, a network of zombies can quickly launch DDoS attacks by sending fake requests for resources. Modi et al. [6] provide a survey of different types of intrusions which can take place in the cloud environment. Khorshed et al. [1], and Subashini and Kavitha [7] focus on flaws, challenges, and security concerns in different service layers.
In this article, we discuss the seriousness of the threats posed by DDoS attacks in the context of the cloud, particularly in the personal private cloud. We present a discussion of different approaches which used to defend or mitigate DDoS attacks in general network architecture, and also some methods that consider cloud computing technology in particular. Unlike [6], we highlight challenges and issues faced particularly by the private cloud environment when facing DDoS attacks in a general way. We have discussed about a generic framework to defend against DDoS attacks in an individual private cloud environment looking after different challenges and issues.
The first report on DDoS attack was in 1999 against servers of the University of Minnesota. In the early 2000s, many famous and major Websites like Yahoo!, eBay, CNN, and Amazon.com were assaulted by DDoS attacks [8]. Their systems were down for hours, and users were denied access to services [9]. These attacks were able to create a disaster because of the use of botnets. Stone‐Gross et al. [10] and Hoque et al. [11] provide a detailed investigation of botnets [12], a network of compromised machines under the control of a master. Khorshed et al. [1] provide a survey of challenges related to the cloud and present a proactive approach toward detection of attacks in the cloud.
In [13], the methods or approaches are based on supervised learning, unsupervised learning, probabilistic learning, and soft computing. Yu et al. [14] and Xiang et al. [15] present detection methods depending on rates of traffic.
There has been some work on mitigating or tolerating DDoS attacks in the cloud environment. With the increased sophistication of attackers, protection of open systems is increasingly challenging. Nguyen and Sood [16] opine that intrusion tolerance should be a part of overall in‐depth security. They compare three types of intrusion‐tolerant system architectures. Lua and Yow [17] propose a method in which an intelligent large swarm network is used against the attack to mitigate it. The swarm network constantly reconfigures itself through the use of a parallel optimization algorithm i.e., the intelligent water drop mechanism [18]. Amazon has created a technique called cloudWatch4 to monitor resources and to mitigate the situation according to the attack. Yu et al. [19] attempt to provide the theory of optimal resource allocation in a cloud platform when defending a DDoS attack. Wang et al. [20] have also developed a method on optimal resource allocation, which is adaptable to the cloud scenario.
In Table 13.1, a comparison is provided among a few existing survey papers with our work. For comparison, we choose four parameters, inclusion of attacks, description of defense solutions, issues and challenges, and addition of recommendations in these papers.
Security and complications with data privacy and data protection continue to restrict the growth of the cloud market, and these survey papers are more specific to the security issues that have been raised due to the nature of the service delivery system of a cloud environment. Sabahi [3] also pose the same concern about the cloud environment. Comparison between the benefits and risks of cloud computing is necessary for a full evaluation of the viability of cloud computing. Some critical issues that clients need to consider as they contemplate moving to cloud computing. Sabahi summarizes reliability, availability, and security issues faced by cloud computing, and proposed feasible and available solutions for some of them [21].
Zhang et al. [22], Wong and Tan [23], Kumar and Gohil [24], Chiba et al. [25], and Mishra et al. [26] present different survey‐work focusing on various IDSs developed in the last few years concerning the cloud environment. Basu et al. [27] mentioned that there are differences between mappings of different challenges/issues regarding cloud security with their own solutions. Few researchers present the virtualization challenges/issues and resolution mechanisms while others focus on techniques of the control procedure. Dong et al. [28] showed details about the DDoS attack in SDN and cloud environments. Their works also pointed out the open research problems in the identification and mitigation of DDoS attacks.
This chapter presents an organized survey concerning security in the network infrastructure of cloud computing; specifically the impact of DoS and DDoS attacks on the networking services of a cloud environment. It begins with a description of types of cloud environments and then different types of DDoS attacks. It also highlights the seriousness of DDoS attacks in private clouds. We present an in‐depth discussion of the challenges and issues in defending such attacks. The significant contributions of this survey are the following:
Table 13.1 Comparison with existing survey articles.
Authors | Year | Attacks included | Defense solutions | Issues and challenges | Recommendations |
---|---|---|---|---|---|
Subashini and Kavitha [7] | 2010 | √ | × | √ | × |
Sabahi [3] | 2011 | √ | × | √ | × |
Khorshed et al. [1] | 2012 | √ | × | √ | × |
Modi et al. [6] | 2013 | √ | × | × | × |
Wong and Tan [23] | 2014 | √ | √ | √ | × |
Kumar and Gohil [24] | 2015 | √ | √ | × | × |
Chiba et al. [25] | 2016 | √ | √ | √ | × |
Mishra et al. [26] | 2017 | √ | √ | √ | × |
Basu et al. [27] | 2018 | √ | √ | √ | × |
Dong et al. [28] | 2019 | √ | √ | √ | × |
Our survey | 2020 | √ | √ | √ | √ |
The rest of the chapter is organized as follows. Different deployment models of clouds, DDoS attacks, and types of DDoS attacks along with the probable impact on private clouds are discussed in Section 13.2. Different existing approaches and potential solutions are briefed, and some recommendations for developing a defense model are presented in Section 13.3. In Section 13.4, challenges and issues related to a private cloud in defending against DDoS attacks are mentioned. A generic framework to defend against DDoS attacks is discussed in Section 13.5. Finally, we conclude in Section 13.6. In Figure 13.3, the taxonomy of terms and concepts used in the entire article is provided for better understanding for the reader.
A cloud node can provide three basic services to customers: IaaS, PaaS, and SaaS (Figure 13.4). The deployment differences can be seen in Figure 13.5, and an explanation of different deployment models are given below.
In Table 13.2, differences between private and public clouds are enumerated. A cloud has shared general features, whether private or public. As clouds have evolved on and from the Internet, we can build defense models based on research that has been conducted on general defense solutions against DDoS attacks and features of clouds. We can then proceed to discuss individual private cloud defense. Private clouds require more attention because they have limited resources, and the cost is high during an attack compared to a public cloud. We know that a private cloud is accessed by authorized users or private organizations paying money as per need. Both ends (customer and service provider) heavily rely on security. A DDoS attack can cripple the whole private cloud and jeopardize entire businesses. So, DDoS attack is more threatening to individual private cloud customers than a public cloud’s customers.
Table 13.2 Differences between private and public cloud.
Key points | Private | Public |
---|---|---|
Use of Technology | Old | New |
Capital expenses | Not shifted | Shifted to operational expenses |
Utilization rate | Low | High |
Infrastructure cost | High | Low |
Elasticity | Less | More |
Economies of sale | Less | High |
Business attraction | Low | High |
Security | Less | High |
Perimeter complacency | Suffer | Not suffer |
Skill level | Unknown | Usually high |
Penetration testing | Insufficient | Sufficient |
Business focus | Deeply in data center | Out of data center |
In a Dos attack, legitimate users are denied access to the resources over the network. A botnet or a network of attackers inflicts severe damage on the victim. This distributed and coordinated attack can be called as DDoS attack. Nowadays, a lot of resources are in cloud in concentrated way and also a large number of users shared the same infrastructure. In this scenario, a DDoS attack will create huge loss [29].
Resources to compute, resource to transmit, and resources to route can be considered in the category of infrastructure. During infrastructure‐level attacks, attackers can overwhelm the capacity of a limited infrastructure of individual or private cloud. Attackers send a large numbers of fake requests to access the server so that the performance of the servers can be degraded.
The public cloud infrastructure stands a better chance against DDoS attack because a public cloud usually has a lot of resources that make it easy to counter the attack dynamically. It is almost impossible to shut down such clouds by attacking them. But, if an intense DDoS attack occurs on customers of an individual private cloud like a data center with limited resources, it cannot escape from such attack, and it becomes a battle of survival using all the resources there are to confront [32, 33]. If we allocate necessary and sufficient resources on mitigation process efficiently, then we can defeat DDoS attack on cloud platform without much caring about efficient detection and prevention mechanism [34].
Cloud Service Provider (CSP) provides two plans for the customers, i.e. for short duration and for long duration or both [35]. Economic Denial of Sustainability (EDoS) can exploit this business model of resource allocation [36–38]. Initially, the allocated resources for any application in these models are limited. Thus, it will lead to a severe DDoS attack [39, 40], whether it is spot instance allocation or any reservation of resources for maximum use.
Some possible examples of DDoS attacks in cloud environments are Smurf attack, IP spoofing attack, Tear drop attack, SYN flood attack, ping of death attack, Buffer overflow attack, LAND attack, etc., as shown in Figure 13.8 [41, 42]. From news report we can state that large‐scale IoT‐enabled DDOS attacks will continue to dominate enterprise security. Darwish et al. [43] discuss DDoS attacks as attacks that target the resources of these services, lowering their ability to provide optimum usage of the network infrastructure, due to the nature of cloud computing, the methodologies for preventing or stopping.
If we compare DDoS attacks in cloud with traditional network infrastructure, we will find quite differences. But, the new approaches to tackle DDoS attack in cloud which are published through various research platforms are actually the updated or adapted versions of old or traditional ones.
We summarize below the security concerns in the private cloud against DDoS attacks in the following:
DDoS attack mitigation is a classic problem. However, in the cloud environment, it becomes a more significant challenge [44]. We also cannot separate a cloud environment from the traditional network infrastructure. All approaches presented in this section have some advantages, which can be adapted for private cloud‐like environment. Some promising new approaches have also been developed in the context of the cloud. These include like SDN‐based ideas and ideas from the big data analytic point of view [45]. A defense approach can be deployed in the network itself or in the host (victim) environment. We analyze different existing approaches, and based on features of the approaches such as the level of operation, time to respond, and time to cooperate with other devices, we divide active response into two main categories, as shown in Figure 13.9.
In a proactive approach, a step taken to control potential incident activity before it happens rather than waiting for it to happen.
A reactive approach detects the abnormality and informs the security administrator or automatically takes a responsive counter‐action immediately, i.e. in real time. A reactive response reacts only after the intrusion is detected.
In the rest of this section, a few prominent approaches are discussed. The models developed by different authors based on these approaches are analyzed. Each of the methods can be included either in the proactive or the reactive category. It very much remains open to debate which type of category will work best in the individual private cloud environment.
Push‐back: To mitigate the DDoS attack, the congestion in the network traffic needs to be controlled. Because essentially DDoS attack mitigation is a congestion control problem. The congestion occurs due to not obeying the traditional end‐to‐end congestion policies by the malicious host. Most researchers think that the problem needs to be handled by routers. To detect and to drop malicious packets as per the preference, the functionality can be added in the router. Those dropped packets might belong to an attack. A push‐back mechanism based on managing congestion at the routers has been implemented by Ioannidis and Bellovin [46].
Router Throttling: Participating routers can regulate the packet rate destined for a server. Yau et al. [47] propose and simulate a router throttling model to establish the efficacy of the concept, as shown in Figure 13.10. This idea can also increase the service reliability for legal users. Using the improvised K‐level max‐min fairness theory [48], Yau et al. find that the throttling mechanism is highly effective in countering an aggressive attacker. They efficiently regulate the server load to a level below its design limit amid a DDoS attack.
Divide and Conquer: Chen et al. [49] use the divide and conquer strategy to actively throttle the attacking traffic. They present a diagnosis and attack mitigation scheme that combines the concepts of push‐back and packet marking. Detection of attacks is executed near the source‐end. Initially, IDS detects the attack on the victim side. The traceback scheme is carried out till the source end is reached. We believe that this idea can be adapted to the cloud environment.
Random Flow Network Modeling: This approach adapts the theoretical concept represented by the max‐flow min‐cut theorem of [50] concerning flow in a network. Kong et al. [51] rely on this theory in designing a random flow network model to mitigate DDoS attacks. They show that this mitigation problem can be reduced to an instance of the maximum flow problem. We know that a DDoS attacker heavily pumps the flow of traffic toward the sink. The strategy depends on the fact that the maximum achievable flow value from the source to the sink is equal to the capacity of a certain cut in the flow network. This method is suitable for any kind of computing environment because it does not depend on the end infrastructure; rather it is concerned with the intermediate network infrastructure.
Self‐Cleansing Intrusion Tolerance (SCIT): SCIT [52], a method based on virtualization technology, tries to achieve mitigation by constantly cleansing the servers and rotating the roles of individual servers, as shown in Figure 13.11. We know that virtualization is a key technique in a cloud‐based environment. If a server is initiated, SCIT places a pristine, malware‐free copy of the server’s operating system into a VM. To coordinate among server modes, rotations can be performed with the help of a central controller or a distributed control mechanism using the Cluster Communication Protocol (CCP) [53]. In the rotation process, online servers are set offline. Afterward, the system is rebooted to initiate cleansing procedures.
Dynamic Resource Pricing: Mankins et al. [54] discuss the applicability of dynamic resource pricing to discriminate well from bad traffic. They implement a dynamic pricing strategy that favors good user behavior and punishes aggressive adversarial behavior. They propose a distributed gateway framework and a payment protocol. The idea is to impose dynamically changing prices on both network servers and information resources so that the approach can push the cost of initiating service requests, in terms of monetary payments and/or computational burdens, to requesting clients. Thus, the architecture can provide for service quality discrimination to separate good client behavior from adversarial behavior in a private cloud environment serving a large set of heterogeneous consumers.
Intelligent Fast‐Flux Swarm Network: Lua et al. [17] describe an autonomous intelligent coordinated network of swarm nodes to mitigate DDoS attacks. This swarm network ensures autonomous co‐ordination among nodes and allocation of swarm nodes (deploying nodes densely) to maintain connection. A load‐balancing process checks the health of nodes and removes those that are unresponsive. However, when a DDoS attack is in progress, it may not be robust. For better optimization, they use IWD [18]. It is a nature‐inspired algorithm. The algorithm mimics how water drops behave in the flow of a river, i.e. the dynamic behavior of a river.
Roaming Honeypot: Khattab et al. [55] and Sardana and Joshi [56] propose the concept of roaming honeypots, changing the locations of the honeypots continuously and disguising them within a server pool. The roaming honeypot mitigates attacks from behind the firewall by dropping all connections when a server switches from acting as honeypot to become an active server. So, if we can adapt this approach to the individual private cloud environment, a roaming honeypot may be a very good defender for that environment with limited resources for legitimate users.
Target Defense Moving: Researchers have proposed an innovative way to defend DDoS attack. Aspects of the systems to present the attackers are changed and created a varied surface for the attacker. Thus, it becomes more difficult to exploit the vulnerability. In general, the attacker looks for exploiting the drawbacks or loopholes that exist in a system. But, while analyzing and learning the vulnerabilities by an attacker, the system will change its aspects so that the required time to launch an attack and to disrupt the functionality of the system is reduced. In that time, the system has changed to more or less a new system [57, 58]. This approach may provide an effective defense solution in context of private cloud environment as well.
Dynamic Resource Allocation: In addition the traditional defense approaches, we need to explore resource allocation and utilization strategies for defending DDoS attacks in the cloud. Yau et al. [47] contend that DDoS defense is a resource management problem. Every day the attack patterns keep changing. It will be a fruitless waste of time and resources to try to defend against DDoS attacks by just looking at patterns learned earlier. In addition, it is important to not only defend against an attack but also make services available during an attack. To beat DDoS attacks in the cloud, Yu et al. [19] propose a dynamic resource allocation procedure within an individual cloud, as shown in Figure 13.12. It is a simple methodology of cloning Intrusion Prevention Servers from idle resources to filter out attack packets quickly and provide general services simultaneously. Some other specific resource allocation approaches have been proposed as well.
Virtualization is a key concept in resource provisioning and management in the cloud. Virtualization provides a view of resources used to instantiate VMs. Isolating and migrating the state of a machine help improve optimization of resource allocation. Live VM migration transfers the “state” of a VM from one physical machine to another, and can mitigate overload conditions and enable uninterrupted maintenance activities. Mishra et al. [59] incorporate dynamic resource management in a virtual environment. Their approach answers basic questions such as when to migrate, how to migrate, types of migration, and where to migrate. It also treats the migration of resources differently in different network architectures, e.g. local area networks (LAN) and wide area networks (WAN).
The cloud environment can be described as probabilistic in nature. So there is a need to assess the performance of a cloud center for resource provisioning. The probabilistic nature of the cloud can be represented in terms of stochastic processes [60–64]. Shawky [65] introduces an approach to model and analyze the performance of the resource allocation process using stochastic process algebra.
SDN‐based DDoS Defense: An attacker can infect a sufficient number of machines in a short time frame in traditional networks. Attackers are also known to use cloud as Malware as a Service by renting different VMs and using them as bots [66]. Separation of the control plane from the data plane enables one to establish easily large‐scale attack and defense experiments. A logical centralized controller of an SDN permits a system defender to build consistent security policies and to monitor or analyze traffic patterns for potential security threats. A programmable intermediate network architecture can be setup easily in an SDN.
The cloud networks face challenges such as guaranteed performance of applications when applications are moved from on‐premise to the cloud facility, flexible deployment of appliances (e.g. intrusion detection systems or firewalls), and security and privacy protection. An environment, providing good programmable, flexible, and secure infrastructure is needed. SDNs are evolving as the key technology that can improve cloud manageability, scalability, controllability, and dynamism [67]. In the past few years, several innovative SDN‐based defense solutions have been introduced. These solutions belong to the three basic types of SDN‐based DDoS defense mechanisms as shown in Figure 13.13. In [68], include a detailed discussion of SDNs, SDN‐based clouds, and autonomous defense in clouds.
Lin et al. [69] refer to SDNs as an emerging wave to transform network industries. They discuss SDNs and standardization in terms of components such as controllers, applications, service chains, network function virtualization, and interfaces. Braga et al. [70] presents a lightweight method for DDoS attack detection based on traffic flow features, in which the extraction of such information is made with a very low overhead compared to traditional approaches. This is possible due to the use of the NOX platform [71], which provides a programmatic interface to facilitate the handling of switch information. Shin and Gu [72] show a new attack to fingerprint SDN networks and further launch efficient resource consumption attacks. This attack demonstrates that SDNs also introduce new security issues that may not be ignored. Flow Table Overloading in Software‐Defined Networks is a vulnerability to be handled carefully. Yuan et al. [73] point out this issue and provide a security service in an SDN using QoS‐aware mitigation strategy, namely, peer support strategy, integrating the available idle flow table resource of the whole SDN system to mitigate such an attack on a single switch of the system.
Nguyen et al. [74] propose a SDN‐based approach, Whack‐a‐Mole. It is a cloud resource management procedure using network obfuscation to help CSPs. This approach protects critical services proactively against a DDoS attack and putting very less service interruption. It deploys VM spawning model to assign random address space by creating multiple replicated VM instances for the services which are critical. They have shown its effectiveness using such optimized VM spawning based on real Service‐level Agreements and implemented the whole approach using SDN/OpenFlow controllers over Open vSwitches on a GENI testbed. Xu et al. [75] devised a defensive approach by classifying the traffic using SDNFV for flexibility. Thus, it reduces load on SDN.
SDNs have been accepted as a new paradigm to provide an entire set of virtualization and control mechanisms to meet defense challenges in cloud networking [2876–78]. Thus, exploring the use of SDNs in providing better DDoS defense solutions in the cloud computing environment is likely to be beneficial.
Big Data Analytics: For detecting DDoS attacks, Jiao et al. [79] identifies FSIA and RSIA for extraction of TCP traffic features and better classification through Big Data analytics using two decision tree classifiers [80].
Vieira et al. [81] propose the Intrusion Responsive Autonomic System (IRAS) to analyze real‐time traffic to detect intrusion and mitigate attacks in the cloud platform, as shown in Figure 13.14. IRAS is an autonomous intrusion response technique endowed with self‐awareness, self‐optimization, and self‐healing properties.
Internet evolves and the computing infrastructure changes rapidly. All these are happening because more processing power produces more data at every opportunity. Researchers have coined the concept of “Big Data” to refer to data handled by large enterprises like Google, Facebook, IBM, and so on [82]. Lee et al. [83] propose a method to analyze Internet traffic using the MapReduce [84] framework within the cloud computing platform. They compare their results with Hadoop [85] and other tools concluding 72% improvement in computational efficiency. Tripathi et al. [86] also study characteristics of DDoS attacks in the cloud and developed a scheme to detect such attacks in a Hadoop‐based environment. Lee et al. [87] also provide two algorithms to detect DDoS attacks using packet tracing method in a MapReduce environment.
Govinda and Sathiyamoorthy [88] introduce a process of clustering the traffic into different groups. These groups are flash traffic, interactive traffic, latency sensitive traffic, non‐real time traffic, and unknown traffic, as shown in Figure 13.15. They use Hadoop technology to analyze big data traffic. If any of these packets is categorized as unknown traffic, it is identified as a part of DDoS attack and eliminated by the packet analyzer.
Table 13.3 Selected approaches handling DDoS attacks.
Authors | Key points | Real‐time | High rate/Low rate |
---|---|---|---|
Lua and Yow [17] |
|
Yes | Does not depend on rate |
Wang et al. [20] |
|
Yes | Not mentioned |
Ioannidis and Bellovin [46] |
|
Yes | High rate |
Yau et al. [47] |
|
Yes | High rate |
Chen et al. [49] |
|
Yes | Does not depend on rate |
Kong et al. [51] |
|
Yes | Not mentioned |
Bangalore and Sood [52] |
|
Yes | Does not depend on rate |
Mankins et al. [54] |
|
Yes | Not mentioned |
Khattab et al. [55] |
|
Yes | High rate |
Yu et al. [19] |
|
Yes | Does not depend on rate |
Nguyen et al. [74] |
|
Yes | Not mentioned |
Xu et al. [75] |
|
Yes | Not mentioned |
Jiao et al. [79] |
|
Yes | Not mentioned |
Vieira et al. [81] |
|
Yes | Not mentioned |
Tripathi et al. [86] |
|
Yes | Not mentioned |
Lee et al. [87] |
|
Yes | Flow/Rate analysis |
Govinda and Sathiyamoorthy [88] |
|
Yes | Traffic analysis |
The approaches discussed in this section are presented compactly in Table 13.3. We can summarize our discussions in the following observations:
A service provider usually has adequate amount of resources for specific service seekers. Challenges and issues regarding DDoS defense in limited resource environment of cloud are listed below.
Based on the recommendations presented earlier, we believe that an automatic host‐based approach emphasizing tolerance can provide better utilization of resources in the cloud environment to respond to DDoS attacks in an individual private cloud. With limited resources, it is necessary to develop a procedure to defend against DDoS attacks and to provide general service. A generic conceptual framework is shown in Figure 13.16. It is a combination of different phases and components. The whole defense module is just a conceptual depiction of cloud‐based defense solution against DDoS attacks adapting concepts borrowed from existing techniques, adapted to a new environment. Detection and prevention phases of this framework incorporate some ideas of the traditional Internet and also tolerance techniques to the cloud environment. The framework, which we discuss below, abides by the recommendations discussed previously.
We can definitely say that in the near future, most computing activities and resources will migrate to the cloud and security will be a prime concern. DDoS attacks may be resisted with generic solutions to survive and to provide best services under the circumstances. However, to be successful, more than the usual is necessary in the cloud context. In this chapter, we have discussed issues in handling DDoS attacks, specifically in a private cloud environment. We have highlighted issues and challenges faced in the private cloud environment when providing defense solutions against DDoS attacks. Some useful approaches developed by researchers to address these issues have been presented and analyzed in this chapter. The importance of mitigating the attack by tolerating it and by optimized use of resources in the private cloud scenario has been emphasized. Finally, the role of big data analytics in defending DDoS attacks in the cloud has been introduced.
In the near future, we plan to deploy the conceptual cloud framework in a testbed to demonstrate and analyze the effectiveness of our proposed framework. It is important to know how far this framework can resolve different issues and challenges when defending against DDoS attacks in an individual private cloud environment.
3.22.240.205