Interactive anomaly-based DDoS attack detection method in cloud computing environments using a third party auditor

Abstract

Cloud computing environments are indispensable components of the majority of information technology organizations and users' lives. Despite multiple benefits of cloud computing environments, cloud users (CUs) as well as cloud service providers (CSPs) may experience unpleasant conditions by detrimental results of distributed denial of service (DDoS) attacks such as unavailability of cloud services or lengthy response times of the services. In this paper, we provide a threshold anomaly-based DDoS attack detection method to protect cloud environments against DDoS attack. Our proposed method is introduced to reduce DDoS attack consequences in CSPs. Our suggested method includes three newly defined components: 1. A third party auditor (TPA) which acquires direct interaction with each datacenter of the CSP, 2. A zone delimiter (ZD) which encapsulates the sensitive internal specifications of a CSP from TPA, and 3. A protocol which is defined to coordinate TPA, ZD, and CSPs for DDoS attack detection via TPA. We analyze our proposed method by determining and conducting a simulation strategy for an intrusion detection system in CSPs. Results illustrate that interactive communication between TPA and datacenters of CSPs improves the user experience of CUs in the time of DDoS attacks by reducing excessive attack filtering stages. Moreover, by using an intrusion detection system (IDS), we investigate efficiency of the proposed method to recover CSPs from DDoS attacks. We further indicate the efficiency of our proposed method by providing accuracy and qualitative comparisons with other existing methods.