As cloud computing becomes increasingly prevalent, the need for protection against malicious attacks on servers becomes more pressing. Now, US computer scientists have developed FAPA, a flooding attack protection architecture, to protect users of cloud systems. They report details in the aptly named International Journal of Cloud Computing.
Kazi Zunnurhain, Susan Vrbsky and Ragib Hasan of the University of Alabama explain that cloud computing systems can prove economical and efficient for businesses, organizations and individuals that use the cloud. However, as with any online computer resource, cloud resources are vulnerable to hackers, malicious software, malware, and denial of service (DoS) attacks that can disable the system leading to outages and downtime for their users. These attacks can also result in potential leaks of private or sensitive data, such as username and password combinations, banking and credit card details or personal photographs and other vulnerable digital media.
Cloud service providers, such as those offering online storage, data management, web-based email systems, content management, social media and networking and other services, usually have their own security measures in place to protect their servers from malware and other problems. But the Alabama team suggests that users ought to take some responsibility for the security of their own data in the cloud just as one is obliged to do with the data on one’s computer hard drive.
The researchers have now developed the FAPA system to allow users to protect themselves in the cloud from DoS attacks. FAPA works on the user’s computer, rather than in the cloud, to detect and filter the errant data packets that are aimed at disabling a cloud server when a DoS attack is instigated by malware, a network of infected computers, a botnet, or hackers. FAPA runs on the “client” computer rather than the cloud server and is independent of the cloud provider.
So far, the team has demonstrated success in preventing downtime caused by a type of DoS attack known as TCP flooding, so that the client computer can carry on using a cloud service as the FAPA system filters out 80 percent of the fake, or spoofed, packets sent to the server in the attack. There are several other types of DoS attacks, including those that use TCP-SYN packets through a botnet, UDP packets, HTTP packets and fake ICMP echo requests. The team is currently working to extend FAPA to detect and filter these kinds of attack too.
Zunnurhain, K., Vrbsky, S.V. and Hasan, R. (2014) ‘FAPA: flooding attack protection architecture in a cloud system’, Int. J. Cloud Computing, Vol. 3, No. 4, pp.379–401.