Article Preview
Top1. Introduction
Cloud technology relies on the paradigm of utility as computing. This technology has the potential to transfigure the IT industries. Providing software as a service in an attractive way, and also changed the old view of purchasing the complete hardware for companies by renting them (Armbrust et al., 2010). Nowadays, cloud technology has appeared as a platform for distributing resources at different levels of granularity. These resources can be shared and used by utilizing the concept of the pay-per-usage model (Al-Roomi et al., 2013). Infrastructure as a Service (IaaS) provides sharing the hardware resources, Platform as a Service (PaaS) share platform with the users, and Software as a Service (SaaS) allows the software to use without purchasing it. As the cloud provides all the services and resources online, the cloud is facing many severe security concerns. Security in the cloud environment comes out to be a significant challenge and has been a important concern for research and industry both. A large number of researchers are working in this direction to accomplish the need for security in the cloud domain.
Among all the security concerns, Distributed Denial of Service (DDoS) evolved as a significant menace to cloud computing. The DDoS attack majorly results in the enervation of resources and makes them unavailable to legitimate users. Thus, essential services may face downtime issues. The recent reports on DDoS attacks state that one out of each enterprise has become the victim of the DDoS attack. Every year there is an increase in average attack size (Arbor, 2018). There is a drastic change observed in the peak bandwidth of the DDoS attack as it was just 8 Gbps in 2000 and increased to 600 Gbps in 2017 (Yi et al., 2017). In the cloud, there exist many variants of DDoS attacks such as XML-based DDoS, HTTP flood attack, HTTP & XML DDoS (HX-DDoS) attack etc. XML based attack exhausts the resources and consumes all the CPU cycles through payload by the XML parser and eventually shutdown the webserver. HX-DDoS intentionally flood HTTP and XML based messages to extinguish the communication path of the cloud providers (Yang et al., 2012).
HTTP flooding is the application layer attack in which the resources and the services running in the cloud are being targeted. It is another variant of the DDoS attack. To launch this attack, the attacker hires many Virtual Machine (VM) instances to generate and redirect the HTTP GET/POST request to the web service (Sree et al., 2019). It exhausts the maximum resources and also leads to massive economic losses to the target company. Tools such as nmap, hping, pyflooder, etc. are able to produce attack requests. HTTP flood can be monitored by analyzing the throughput and bandwidth of the VM hosting the victim web service.
Therefore, to overcome such attacks, the system requires a diligent security concern mechanism along with different security tools. As per the literature, the defense for such attacks is classified as prevention, detection, and mitigation approaches (Ghosh et al., 2019). However, these approaches are not sufficient enough to secure the system against smart attack activities. The HTTP flooding attack is far more treacherous in the cloud because of its features (Latanicki et al., 2010). Adaptive threshold-based methods (Razmjooy et al., 2012) can also be used to reduce attack. Moreover, most of the existing security mechanism focuses on the external attack, although the attack from inside the cloud network is not considered effectively. Apart from these defense approaches, Intrusion Detection Systems (IDS) (Inayat et al., 2017) are also used for defense against DDoS attacks. However, these IDS systems may fail in two aspects; (i) The IDS systems generate a large number of low-preference alerts, and most of them belong to false positives, (ii) The IDS may also suffer from a large number of false negatives as well.