Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research Challenges

Abstract

The salient features of cloud computing (such as on-demand self-service, resource pooling, broad network access, rapid elasticity, and measured service) are being exploited by attackers to launch the severe Distributed Denial of Service (DDoS) attack. Generally, the DDoS attacks in such an environment have been implemented by flooding a huge volume (high-rate) of malicious traffic to exhaust the victim servers’ resources. Due to this huge volume of malicious traffic, such attacks can be easily detected. Thus, attackers are getting attracted towards the low-rate DDoS attacks, slowly. Low-rate DDoS attacks are difficult to detect due to their stealthy and low-rate traffic. In the recent years, many efforts have been devoted to defend against the low-rate DDoS attacks. By utilizing the salient features of cloud computing, it becomes easy for an attacker to launch sophisticated low-rate DDoS attacks. Thus, the study of various DDoS attacks and their corresponding defense approaches becomes essential to protect the cloud infrastructure from fatal effects of DDoS attacks. This paper presents a comprehensive taxonomy of all the possible variants of cloud DDoS attacks solutions with detailed insight into the characterization, prevention, detection, and mitigation mechanisms. The paper provides a detailed discussion on essential performance metrics to evaluate various defense solutions and their behavior in a cloud environment. The purpose of this survey paper is to excite the cloud security researchers to develop effective defense solutions against the various DDoS attacks. The research gaps and challenges are found, and described in the paper while future research directions are outlined.