A Survey on DDoS Prevention, Detection, and Traceback in Cloud

Ramanujan, Ajeesh; Varghese, Blesson Andrews

doi:10.1007/978-3-030-49500-8_7

Ajeesh Ramanujan⁶ &
Blesson Andrews Varghese⁶

Part of the book series: Transactions on Computational Science and Computational Intelligence ((TRACOSCI))

504 Accesses
2 Citations

Abstract

Distributed Denial of Service (DDoS) ranks among the top ten threats to the cloud computing environment. DDoS mainly targets limited resources of cloud like bandwidth and CPU thereby denying access to legitimate clients. DDoS attacks are initiated by a vast network of remotely controlled nodes called zombies. New forms of DDoS are invented every day. Therefore, DDoS preventive measures do not fully guarantee its mitigation. Detecting an attack and defending it as early as possible is critical for reducing the attack impact. The real solution to mitigate any attack is tracing back the attacker and punishing him. However, a real attacker will masquerade his identity using a spoofed address to avoid being traced back. The routing mechanism used on the internet does not have any memory of its own making traceback further difficult. Many businesses are reluctant to enter the cloud due to these DDoS vulnerabilities of the cloud. DDoS will affect network performance and may disrupt configuration information available in the system. In the event of DDoS, businesses will have to suffer reputation damage, customer agitation, and legal repercussions. Unless cloud is made secure, we cannot benefit from its full potential. Research on DDoS attacks and defense is in its infancy. DDoS defense and traceback is still an open and challenging problem. This paper presents basic types of DDoS and focuses more on DDoS prevention, detection, and traceback techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 149.00; Price excludes VAT (USA)

Softcover Book: USD 199.99; Price excludes VAT (USA)

Hardcover Book: USD 199.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Yu, S., Zhou, W. Doss, R., Jia, W.: Traceback of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22(3), 412–425 (2011). https://doi.org/10.1109/TPDS.2010.97
Article Google Scholar
Al-Duwairi, B., Govindarasu, M.: Novel hybrid schemes employing packet marking and logging for IP traceback. IEEE Trans. Parallel Distrib. Syst. 17(5), 403–418 (2006).
Article Google Scholar
Yu, S., Zhou, W. Guo, S., Guo, M.: A feasible IP traceback framework through dynamic deterministic packet marking. IEEE Trans. Comput. 65(5), 1418–1427 (2016). https://doi.org/10.1109/TC.2015.2439287
Article MathSciNet MATH Google Scholar
Xiang, Y., Zhou, W., Guo, M.: Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE Trans. Parallel Distrib. Syst. 20(4), 567–580 (2009)
Article Google Scholar
Jin, G., Yang, J.: Deterministic packet marking based on redundant decomposition for IP traceback. IEEE Commun. Lett. 10(3), 204–206 (2006). https://doi.org/10.1109/LCOMM.2006.1603385
Article Google Scholar
Yu, S., Zhou, W., Doss, R.: Information theory based detection against network behavior mimicking DDoS attacks. IEEE Commun. Lett. 12(4), 318–321 (2008). https://doi.org/10.1109/LCOMM.2008.072049
Article Google Scholar
Yu, S., Guo, S., Stojmenovic, I.: Fool me if you can: mimicking attacks and anti-attacks in cyberspace. Comput. IEEE Trans. 64(1), 139–151 (2015)
Article MathSciNet MATH Google Scholar
Tseung, C.Y., Chow, K.P., Zhang, X.: Extended abstract: anti-DDoS technique using self-learning bloom filter. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 204–204. Beijing (2017). https://doi.org/10.1109/ISI.2017.8004917
Lonea, A.M., Popescu, D.E., Tianfield, H.: Detecting DDoS attacks in cloud computing environment. Int. J. Comput. Commun. Control 8(1), 70–78. https://doi.org/10.15837/ijccc.2013.1.170.
Sung, M., Xu, J.: IP traceback-based intelligent packet filtering: a novel technique for defending against Internet DDoS attacks. In: Proceedings of the Tenth IEEE International Conference on Network Protocols, 2002. Paris, pp. 302–311. https://doi.org/10.1109/ICNP.2002.1181417

Download references

Author information

Authors and Affiliations

CSED, College of Engineering Trivandrum, Thiruvananthapuram, India
Ajeesh Ramanujan & Blesson Andrews Varghese

Authors

Ajeesh Ramanujan
View author publications
You can also search for this author in PubMed Google Scholar
Blesson Andrews Varghese
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ajeesh Ramanujan .

Editor information

Editors and Affiliations

Department of Electrical, Electronic and Computer Engineering, University of Catania, Catania, Italy
Maurizio Palesi
School of Engineering Science, Simon Fraser University, Burnaby, BC, Canada
Ljiljana Trajkovic
Electronics & Communication Engineering, MBCET, Thiruvananthapuram, Kerala, India
J. Jayakumari
Indian Institute of Technology Guwahati, Guwahati, Assam, India
John Jose

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Ramanujan, A., Varghese, B.A. (2021). A Survey on DDoS Prevention, Detection, and Traceback in Cloud. In: Palesi, M., Trajkovic, L., Jayakumari, J., Jose, J. (eds) Second International Conference on Networks and Advances in Computational Technologies. Transactions on Computational Science and Computational Intelligence. Springer, Cham. https://doi.org/10.1007/978-3-030-49500-8_7

Download citation

DOI: https://doi.org/10.1007/978-3-030-49500-8_7
Published: 03 February 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49499-5
Online ISBN: 978-3-030-49500-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics