Abstract
DDoS (Distributed denial of service) attacks target on the availability of the victim services. DDoS attacks, being resource intensive attacks, create a heavy resource contention. In the state of the art, we found that resource isolation for legitimate users assists in maintaining service availability even in the presence of DDoS attacks. Resource isolation is an important method to minimize performance interference originated by the resource contention. In this paper, we propose resource isolation through service separation at two levels: physical machine level and virtual machine level. We compare four methods of resource segregation for legitimate users at physical machine level, virtual machine level, container level, and page level. The results of our experiments suggest that adopting different separation levels improve in the response time for legitimate user request even in the presence of DDoS attacks. By using different separation levels, we were able to see a considerable increase in the service availability time of target machines. In addition, there are notable improvements in number of requests failures and response time of target and co-located services.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
