Detecting and Preventing of DDoS Attack in Cloud Computing Environment Based on Hybrid Technique (Cloudflare and WAF)

Abstract

The adoption of cloud computing has revolutionized data storage and processing globally. Nevertheless, the need for a close watch on security is paramount. Hence, the aim of this paper, to develop a cloud security model that detects and prevents the risks of Distributed Denial of Service (DDoS) attacks in cloud computing systems which are gravely potent and, on the increase, today. This was done using two approaches: analyzing Transmission Control Protocol/Internet Protocol (TCP/IP) header features of incoming packets in cloud computing environment in order to detect and classify spoofed IP address during DDoS attack via a custom-made Web Application Firewall (WAF); and the integration of the cloud resources with Cloudflare. The result shows that a total of 1,625,192 packets were transmitted in a short period which were captured and analyzed via Wireshark. Several TCP errors were observed over a very short time interval which indicated successful DDoS attack effectively crashing the system. The result varied when the custom-made WAF was put in place, and the attacking lab machine launched a TCP syn flood attack against the web server on port http port 80. A total of 2,353,585 packets were transmitted in a short period which were captured and analyzed using Wireshark and contained less TCP errors indicating successful mitigation of DDoS attacks. When the resources were hosted online and integrated with Cloudflare, integrity checks were successful before the resources were loaded, indicating complete mitigation of attacks. Keywords: Bandwidth, Botnet, Cloudflare, Wireshark and Zombie