Securing cloud environments against ddos attacks by multi agent systems

Abstract

The internet or cloud being the network of networks, accessible to all, is prone to many security incidents, in spite of implicit and explicit security policies. The 3 major threats for any network are confidentiality, integrity and availability. Confidentiality ensures the unauthorised disclosure of data and services. Integrity lies in preserving the originality of the data. Availability ensures the data or service is available when needed. High availability is the primary requirement for cloud computing. DoS and DDoS attacks are the greatest threat to service availability in cloud computing. In DoS attack, the attacker pursues to make a system or network resource inaccessible to its anticipated users. In Distributed Denial-of-Service (DDoS) attack, the ta huge number of malicious attacking packets that initiate from a vast number of compromised machines. DoS incidents possess a great challenge to any organization and are rapidly increasing, but Distributed Denial of service attack is the most prominent. The primary objective of this research work is to secure the cloud computing environment by improving service availability by defending DDoS attacks. The aim is: to develop DDoS detection mechanisms to detect the attacks accurately and timely and; to develop DDoS defence mechanisms to recover from the attacks immediately. DDoS have many faces, but flooding attack the most common form of DDoS is the only focus of this research work. Flooding attack is an attack in which it covers the network with unwanted packets. Based on the protocol level that the flooding attacks target, they are categorized into two. It can be either 1) Network/Transport level or 2) Application level. In network/transport layer, UDP, TCP, ICMP and DNS protocol packets are mostly used to launch flooding attacks. The flooding attacks in application level focus on disturbing the services of the genuine users by draining the resources of the server such as sockets, bandwidth, memory and CPU. Several mechanisms have been proposed to combat DDoS flooding attacks. It is classified here those defence mechanisms against the DDoS flooding attacks using two criteria. The first classification criterion is the Deployment location where exactly the defence mechanism is implemented and the second criterion is the time when the defence mechanisms respond to an attack. These classification criteria are important in devising effective and efficient defence solutions. Based on the first criteria, defence mechanisms against network/transport-level DDoS flooding attacks has been classified into sourcebased, destination-based, network-based, and hybrid mechanisms as four categories. Similarly defence mechanisms against application-level DDoS flooding attacks are classified into destination-based, and hybrid as two categories. Based on the second criteria, defence mechanisms have been classified into three categories with respect to the three points of defence: before the attack, during the attack and after the attack. The proposed research work includes three different strategies for detection and defence against DDoS attacks. The following are the 3 methods 1. Multi Agent System (MAS) 2. Multi Agent System with Particle Swam Optimization (MAS-PS) 3. Multi Agent System with Statistical Approach (MAS-SA) Multi-Agent System is a computational system in which several agent works, interact with each other and in unison take decision to achieve common goals. There are various kinds of agents used in this research work. They are classified into four different types as Coordination Agent (CA), Detection Agent (DA), Monitoring Agent (MA), and Recovery Agent (RA). newline