A service governance and isolation based approach to mitigate internal collateral damages in cloud caused by DDoS attack

Abstract

Distributed denial of service (DDoS) attack in cloud infrastructure has shown the new effects towards the non-targets known as “collateral damages”. The cloud-hosted services generally run inside the virtual machine (VM). These services are co-located to each other which lie on the same OS of the VM and share the resources. When the DDoS attacker targets one service, its effects can be seen on other co-located services also. These effects are called “internal collateral damages”. Therefore this work, focuses on mitigating internal collateral damages caused by the DDoS attack in the cloud environment. Here the problem is considered as an OS level resources governance and isolation problem to minimize the effects of the attack on non-targets. The methods present in the literature are not capable enough to deal the problem of internal collateral damages effectively. Therefore, a novel service containerization approach is proposed to achieve resource governance and isolation between the co-located services. Moreover, the proposed approach improves service performance for benign users. The results also shows that the proposed approach is capable to reduce the collateral effects of DDoS attack on co-located services such as SSH and disk I/O by improving the service performance.