ANALYSIS OF DDOS ATTACKS AND SOLUTIONS FOR CLOUD COMPUTING ENVIRONMENT

Transcription

1 ANALYSIS OF DDOS ATTACKS AND SOLUTIONS FOR CLOUD COMPUTING ENVIRONMENT 1 Prince Gupta, 2 Prof. (Dr.) Jayant Shekhar 1 M.Tech. Scholar, Dept. of Computer Science & Engineering, Subharti Institute of Technology & Engineering, Meerut, U.P., India 2 Director, Subharti Institute of Technology & Engineering, Meerut, U.P., India ABSTRACT--Cloud Computing makes computing real as a tool and in the form of sevices.cloud Computing is simply defined as a type of computing that depends on sharing computing resources rather than having local servers or personal devices to handle applications. Cloud Computing is typically a metaphor for the internet. Cloud Computing, we observe an increasing need for cloud Benchmarks, In order to assess the performance of cloud infrastructures an software stacks,to assist with provisioning decisions for cloud users and to compare cloud offerings. The cloud computing model has the ability to scale computer resources on demand, and give users a number of advantages to progress their business process. In fact the total cost of going towards cloud is almost zero when resources are not in use. Therefore it is no wonder that academic research and industry are moving towards cloud computing. However, Security should in fact be implemented it alongside functionality and performance. One of the most serious threats to cloud computing security itself comes from Distributed Denial of service attacks. At virtual level DDOS (Distributed Denial of service attacks) is the biggest threat of availability in cloud computing. In Denial of service attack an attacker prevent legitimate users of service from using the desired resources by flood a network or by consuming bandwidth. An analysis on available technique to prevent the DDOS ATTACK and also the limitation of these techniques which we want to focus are DST (Dempster Shafer Theory), NIEF (Network Egress and Ingress Filtering) and various type of CAPTCHA. Keywords: Cloud Computing, Security Issues, Distributed Denial of Service, Ingress & Egress filtering, CAPTCHA, DST. 1. INTRODUCTION 1.1 Definition of Cloud Computing Cloud computing is the delivery of computing services over the Internet. Cloud services allow individuals and businesses to use software and hardware that are managed by third parties at remote locations. Examples of cloud services include online file storage, social networking sites, webmail, and online business applications. The cloud computing model allows access to information and computer resources from anywhere that a network connection is available. Cloud computing provides a shared pool of resources, including data storage space, networks, computer processing power, and specialized corporate and user applications. The cloud computing service models are: Table. 1: The cloud computing service models MODEL SaaS Paas Iaas SERVICES End user application is delivered as a service. Platform and infrastructure is abstracted, and can be deployed and managed with less effort. Application platform onto which custom applications and services can be deployed. Can be built and deployed more inexpensively, although services need to be supported and managed. Physical infrastructure is abstracted to provide computing, storage, and networking as a service, avoiding the expense and need for dedicated systems. Software as a Service (Saas), service-model involves the cloud provider installing and maintaining software in the cloud and users running the software from their cloud clients over the Internet. Platform as a Service (Paas), is cloud computing service which provides the users with application platforms and databases as a service. Infrastructure as a Service (Iaas), is taking the physical hardware and going completely virtual (e.g. all servers, networks, storage, and system management all existing in the cloud). 313 P a g e IJRREST h t t p : / / i j r r e s t. o r g / i s s u e s /? p a g e _ i d = 1 2

2 1.2 Distributed Denail of Service Attack A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.DDOS ATTACK, uses many devices and multiple Internet connections, often distributed globally into what is referred to as a botnet. A DDoS attack is, therefore, much harder to deflect, simply because there is no single attacker to defend from, as the targeted resource will be flooded with requests from many hundreds and thousands of multiple sources Types of DDOS Attack Volume Based Attacks Includes UDP floods, ICMP floods, and other spoofed-packet floods. The attack s goal is to saturate the bandwidth of the attacked site, and magnitude is measured in bits per second (Bps). Protocol Attacks Includes SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS and more. This type of attack consumes actual server resources, or those of intermediate communication equipment, such as firewalls and load balancers, and is measured in Packets per second. Application Layer Attacks Includes Slowloris, Zero-day DDoS attacks, DDoS attacks that target Apache, Windows or OpenBSD vulnerabilities and more. Comprised of seemingly legitimate and innocent requests, the goal of these attacks is to crash the web server, and the magnitude is measured in Requests per second. 2. LITERATURE REVIEW Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier CAPTCHA(13) [1] describe cloud computing is simply a metaphor for the internet. User does not required knowledge, control and ownership in the computer infrastructure. Cloud computing also suffering from some drawback like security & privacy, Internet Dependency, Availability, and Current Enterprise Applications can't be migrated easily. I conclude that security is biggest hurdle in wide acceptance of cloud computing. User of cloud services are in fear of data loss, security and availability issues. At virtual level DDOS (Distributed Denial of Service Attack) is biggest threat of availability in cloud computing. In Denial of service attack an attacker prevent legitimate users of service from using the desired resources by flood a network or by consuming bandwidth. On the other hand, CAPTCHA (Completely Automated Public Turing Tests to Tell Computers and Humans Apart) is used for Graphical Turing Test. This paper introduces a new CAPTCHA method called Two-Tier CAPTCHA. In this method CLAD node need to generate two things, first a alphanumeric CAPTCHA code with image. Second Query related to that CAPTCHA code. Detecting DDoS Attacks in Cloud Computing Environment(13) [2] focused on detecting and analyzing the Distributed Denial of Service (DDoS). This type of attacks is often the source of cloud services disruptions. Our solution is to combine the evidences obtained from Intrusion Detection Systems (IDSs) deployed in the virtual machines (VMs) of the cloud systems with a data fusion methodology in the front-end. Specifically, when the attacks appear, the VM-based IDS will yield alerts, which will be stored into the Mysql database placed within the Cloud Fusion Unit (CFU) of the front-end server. We propose a quantitative solution for analyzing alerts generated by the IDSs, using the Dempster-Shafer theory (DST) operations in 3-valued logic and the fault-tree analysis (FTA) for the mentioned flooding attacks. A Prevention of DDOS Attacks in Cloud using NIET Techniques(14) [3] describe the major attacks in cloud are a Distributed denial of service (DDoS) attacks on the catalog of cloud attacks. DdoS can have serious penalty for the companies which are dependent on the internet service for their production. Thus, it is important to reduce a force of DDoS is one of the latest issues. This paper focus on the impact of DDoS attacks in cloud and the NEIF technique available to overcome with the issue. Impact of DDOS Attacks on Cloud Environment(14) [4] describe cloud forensics that is the branch of forensics for applying computer science knowledge to prove digital artefacts. The DDOS is the widely used attack in cloud 314 P a g e IJRREST h t t p : / / i j r r e s t. o r g / i s s u e s /? p a g e _ i d = 1 2

3 environment. To do the forensics of DDOS if it is identified a possible detection and prevention mechanisms would aid in cloud forensics solutions and evidence collection and segregation. This paper presents different types of DDOS attack at the different layers of OSI model with increasing complexity in performing attack and focuses more on prevention and detection of DDOS at different layer of OSI and effect of DDOS in cloud computing. 3. ANALYSIS OF EXISTING SOLUTION 3.1 Solution 1: DST (Dempster Shafer Theory) DST is an effective solution for accessing the likelihodd of DDOS attacks.in order to detect and analyze Distributed Denial of Service (DDoS) attacks in cloud computing environments a solution as presented in Figure 1. For illustration purpose, a private cloud with a front-end and three nodes is set up. Whilst the detection stage is executed within the nodes, more precisely inside the virtual machines (VMs), where the Intrusion Detection Systems (IDSs) are installed and configured; the attacks assessment phase is handled inside the front-end server, in the Cloud Fusion Unit (CFU) Analysis of Solution 1 DST proposed solution has the following advantages: to accommodate the uncertain state, to reduce the false negative rates, to increase the detection rate, to resolve the conflicts generated by the combination of information provided by multiple sensors and to alleviate the work for cloud administrators. In DST Theory the main disadvantage is the computational complexity of DST and conflicting beliefs. According to some authors computational complexity of DST increases exponentially with the number of elements in the frame of discernment. If there is n elements in the state then there will be 2n-1 elements in a mass function. In addition to detection mechanism some prevention mechanism had also been proposed by some authors. Figure. 1: Cloud Fusion Unit 315 P a g e IJRREST h t t p : / / i j r r e s t. o r g / i s s u e s /? p a g e _ i d = 1 2

4 3.2 Solution 2: NIEF (Network Egress and Ingress Filtering) NEIF installed at the Internet Service Providers (ISP's) edge routers and plays as a dual role in shielding DDoS attacks. As a first role, the goal of ingress filtering is to discover and prevent the DDoS attacks launched from its customers. Actually, the ingress filtering has already been extensively deploying to avoid source IP spoofing by discarding packets which have a source address which is not allocated to that customer.our proposed ingress filtering can be a supplement of the existing one. Ingress filtering can ensure an ISP s network do not participate in flooding DDoS attacks. Ingress filtering requires the understanding between ISP s so it takes more amount of time to implement at all ISP s.egress filtering is used to protect ISP s customers from being attacked. Single egress filtering cannot avoid major flooding attack that may damage the Internet infrastructure directly Analysis of Solution 2 NIEF TECHNIQUES proposed solution has the following advantages: to handle network traffic in cloud computing such as security increased visibility of network traffic and increase control over network. But the main disadvantages of using these techniques are increased overhead and complexity. The use of egress filtering will of course cause issues for some users as it requires policy changes for all new software that is deployed but does the protection it offers for instance against botnets outweigh the cost of extra management for most organisations. The amount of data a NIDS(Network Intrusion Detection System) collects can be overwhelming. The data collected can have large data storage requirements. Another disadvantage is parsing the data collected by a NIDS. Tools can be used to reduce the amount of data to be analyzed, but the data must be analyzed. Where asymmetric routing is preferred or is unavoidable; ingress filtering may be difficult to deploy using a mechanism which requires the paths to be symmetrical. In many cases, using operational methods ensure the ingress filter is complete. Failing that, the only real options are to not perform ingress filtering, use a manual access-list (possibly in addition to some other mechanisms). Figure. 2: NEIF Architecture 3.3 Solution 3: CAPTCHA (Complete Automated Public Turning Test to Tell Computers and Humans Apart) CAPTCHA are now almost standard security mechanisms for defending against undesirable and malicious bot programs on the Internet. CAPTCHAs generate and grade tests the most humans can pass but current computer programs can't. It is also known as Human Interaction Proofs (HIPs). A good CAPTACH must not only be human friendly but also robust to resist computer programs that attackers write to automatically pass CAPTCHA tests. 316 P a g e IJRREST h t t p : / / i j r r e s t. o r g / i s s u e s /? p a g e _ i d = 1 2

5 However, desiging CAPTCHAs that exhibit both good robustness and usability is much harder than it seem. S. No. CAPTCHA Image Origination 1 Google 2 Yahoo 3 ebay 4 Rediffmail Analysis of Solution 3 Table. 2: List of CAPTCHA used by well-known Origination CAPTCHA makes online polls more legitimate, reduces spam and viruses, reduce abuse of free account services and distinguishes between a machine and a human. In CAPTCHA the main disadvantage is prevention in that CAPTCHAs only limit spam and is unable to prevent spam completely. For instance some spamming companies can easily hire hundreds of real people for less than a dollar a day to decode CAPTCHAs and submit spam. Many CAPTCHAs don't work well at all. More precisely, the researchers invented a standard way to decode those irksome letters and numbers found in CAPTCHAs on many major Web sites, including Visa's Authorize.net, Blizzard, ebay, and Wikipedia. Table. 3: List of CAPTCHA used by well-known Origination with anti-segmentation 4. CONCLUSION This paper concluded that cloud services are very tempting for DDOS attackers. It's safe to assume that, as more cloud services come into use, DDOS attacks on them become more commonplace. After analysing above three possible solutions we find that there are some modification is required to make the complete prevention from DDOS. For DST and NIEF we need to establish a complex architecture that smaller cloud providers may not have the resources to mount a suitable defence. The larger cloud providers, such as Amazon Web Services, Microsoft and Rackspace, already have good practices and technology in place to lower the risk. But the solution 3 can be implemented for ensuring a desirable level of security. 5. FUTURE SCOPE There is still need of some new simplified solutions for DDOS attacks or scope of modification in existing solution. A solution is highly needed that provides a complete prevention from DDOS attack. 317 P a g e IJRREST h t t p : / / i j r r e s t. o r g / i s s u e s /? p a g e _ i d = 1 2

6 6. REFERENCES [1] Poonam Yadav and Sujata, Security Issues in Cloud Computing Solution of DDOS and Introducing Two-Tier CAPTCHA,International Journal on Cloud Computing: Services and Architecture (IJCCSA),Vol.3, No.3, June [2] A.M. Lonea, D.E. Popescu, H. Tianfield, Detecting DDoS Attacks in Cloud Computing Environment, International Journal of Computing and communication, ISSN (1):70-78, February, [3] J.Rameshbabu, B.Sam Balaji,R.Wesley Daniel,K.Malathi, A Prevention of DDOS ATTACKS in Cloud Using NEIF Techiques, International Journal of Scientific and Research Publications, ISSN ,Volume 4, Issue 4, April [4] J.J.Shah,Dr. L.G.Malik, Impact of DDOS Attacks on Cloud Environment,International Journal of Research in Computer and Communication Technology, ISSN(Online) ,Vol 2, Issue 7, July [5] Mettildha Mary, P.V.Kavitha, Priyadharshini M, Vigneshwer S Ramana, Secure Cloud Computing Environment against [6] DDOS and EDOS Attacks,International Journal of Computer Science and Information Technologies, Vol. 5 (2), 2014, [7] Mahua Sarkar,Prince Gupta, A study an Available Cloud Computing Services and Performance Evaluation:Issues and Challenges,Energing Trends in Computer Science and Information Systems(NCETCSIS-2015),March [8] [9] [10] en.wikipendia.org/wiki/cloud computing [11] attack/denial of service.html [12] cloud/computing_wp.pdf 318 P a g e IJRREST h t t p : / / i j r r e s t. o r g / i s s u e s /? p a g e _ i d = 1 2