A Review on Defense Mechanisms Against Distributed Denial of Service (DDoS) Attacks on Cloud Computing

Abstract

Recently, businesses and organizations are depending on the cloud to provide their services. The important aspects that need to be taken into consideration when it comes to the cloud are availability, confidentiality, accessibility, and integrity. The severity of the consequences of any attack on the cloud could lead to downtime which as a result will cause financial and reputational loss. An important security matter that targets cloud computing is the Denial of Service (DoS) attack. The Distributed Denial of Service (DDoS) attack is an improved version of the DoS attack which has targeted the cloud infrastructures heavily in recent years. This paper discusses the cloud computing infrastructure and the DDoS attack scenario and its effect on cloud computing. Cloud features that enable the DDoS attacks to be launched are highlighted along with the description of the different types of DDoS attacks. Moreover, several defense mechanisms are stated including prevention, detection, and mitigation techniques. This study shows that some DDoS attacks cannot be prevented, detected, or mitigated. These are the ones launched from a legitimate IP address or have a signature not stored in the signature database. Moreover, the defense mechanism may not be able to distinguish the high traffic caused by an attack from the ones caused by an actual heavy legitimate traffic to know when to add extra resources. Additionally, some techniques work remotely which may slow the defense mechanism, and others are provided by third parties and the service owners may have problems sharing the control with them.