Cloud DDoS Detection and Defense System using Complex Event Processing

Abstract

Distributed Denial of Service attacks is the predominant targeted cyber-attack on the cloud infrastructure which has now evolved as the persistent and more sophisticated attack. DDoS attack sources share the same bandwidth and communication channel of that of genuine flows. It is very essential to distinguish the attack and normal flows at the stream level for early diagnosis. The current security solutions for DDoS attack are still lacking in handling traffic from multiple attack sources and correlating the event patterns from the real time traffic. Hence, the proposed cloud based DDoS detection and defense system is designed to derive meaningful information about the DDoS security events in the spatio-temporal domain by complex event processing method and security enforcement policies. The proposed system detects the various kind of DDoS attacks such as TCP SYN flood, TCP SYN ACK, LAND, UDP and ICMP flood and provides high detection accuracy and high alert reduction by correlating the cloud parameters such as source address, destination address, port and subnet. The defense system immediately acts on the attack sources to take remedial actions and protects the cloud from DDoS attacks.