Lightweight Mechanisms for Detecting The Ddos Attacks in The Cloud

Abstract

ABSTRACT newlineCloud computing is an advanced computing paradigm that unites the concepts of networking newlineand distributed computing. The main entities involved in cloud computing technology are newlineservice provider, service consumer and service. The service provider is the cloud platform newlinethat offers service to the cloud users for a nominal payment. The service consumers of newlinecloud utilize the cloud services by paying some fee to the cloud service provider. The newlinecloud service providers offer a range of services such as Platform-as-a-Service (PaaS), newlineInfrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS). newlineThe cloud consumers enjoy these services without any hassles and complexities. newlineInspite of all these attention grabbing services, there are several security threats to the cloud newlinecomputing because of its open nature. One of the most serious threats to cloud computing newlineis the Distributed Denial of Service (DDoS) attacks. The aim of DDoS attacks is to stop newlinethe normal functioning ability of the cloud server. This attack is achieved by creating newlinevoluminous traffic, which the server cannot manage and respond. In such scenario, the newlineserver halts its service, and consequently even the legitimate consumers cannot access the newlineservice. newlineBesides this, executing DDoS attack is a quite simple task. The DDoS attack can be newlineexecuted automatically and it does not require manual intervention to carry out the attack newlinesuccessfully. On the other side, it is very difficult to recover the affected server to normal newlinestate. Hence, it is essential to observe the traffic in the server, such that the attacks can be newlineavoided. newlineUnderstanding the harshness of DDoS and importance of addressing the issue, this newlineresearch work presents three different solutions for detecting the DDoS attack. The proposed newlinesolutions differ by the operational ability, yet the research goal is the same. The initial newlineresearch solution is based on entropy value calculation. This work is based on knowledge newlinegaining and attack detection phase. The DDoS attack detection system gains knowled