A Security Framework for Preventing Denial of Service and Economic Denial of Sustainability Attacks in the Cloud Computing Environment

Abstract

In the cloud computing era, security has become a renewed source of concerns. Distributed Denial of Service (DDoS) that affects network availability and Economic Denial of Sustainability (EDoS) that can harm the pay-per-use model, which is one of the most valuable benefits of the cloud, can again become very relevant. Loss of availability and accessibility of cloud services have greater impacts than those in the traditional enterprises networks. The thesis provides an overview of network security threats, cloud-related technologies, cloud threats, DDoS, and EDoS attacks. The attacks are evaluated in terms of their principles, launching ways, and their variants. The thesis evaluates the existing solutions to such attacks in terms of their types, mechanisms, and relevance to the proposed framework. Next, a comparison between the existing solutions according to specific criteria is made, with the outcome showing that there is no sufficient effective solution against the attacks. Therefore, the research presents a new proactive mitigation system which is called Enhanced DDoS-Mitigation System (Enhanced DDoS-MS) that helps in countering DDoS attacks and their economic version, EDoS attacks, which form a specific cloud threat. The proposed framework is evaluated experimentally, and the test results are displayed. The results revealed the resilience of the proposed method under attacks, in addition to reducing the response time for legitimate users. The proposed solution is the first Anti-EDoS, to the best of the author’s knowledge, as it is implemented in the correct place which is the customer's network. Moreover, its firewall can make more accurate decisions regarding users based on the verification and ongoing monitoring processes’ results. The crypto puzzle scheme has been used in a different way from the traditional usage of puzzles to decrease the latency for legitimate users who can access the protected system even if it is under attack. Moreover, a layered defence system has been used to check the users’ legitimacy, their packets integrity, and to monitor their traffic rate. Furthermore, the proposed framework intends to hide the location of the protected servers to enhance their security. Hence, the contribution in this work lies in providing a proactive protection for the cloud on its customers’ networks from the economic effects of DDoS attacks, in addition to reducing the response time for legitimate users by testing only their first packets. The research also suggests some future directions to improve the proposed framework in terms of its design, scope, and scenarios.

Date of Award	Oct 2016
Original language	English
Supervisor	Khalid Al-Begain (Supervisor) & Andrew Blyth (Supervisor)