As more and more organizations switch over the cloud-based computing services, so there is an increased security threat from distributed denial of service attacks (dDOS). In a dDOS attack a site or server is flooded with thousands of fake requests sent by a distributed network of computers, often a bot net, with the aim of using up all the site’s resources so that legitimate users cannot access the site. There are many motives for such attacks, sometimes they are done in protest against a particular organization, for its perceived unethical behavior, for instance. Other times a dDOS attack is carried out to open up a security loophole through which criminals can break into a system and steal data (user accounts, credit card details, and such) or even take control of a cloud service transparently for malicious intent.
Now, N. Jeyanthi of the VIT University, in Vellore, India, and colleagues have devised a filter that cloud services can use to check incoming information requests and to spot whether the packets of information data are arriving from spoofed internet addresses (IP addresses) or whether they are legitimate. The identification of spoofed IP addresses would allow the servers to block such requests and so avoid a security breach, or re-route traffic to auxiliary servers so that legitimate users are not locked out by the dDOS attack.
The researchers explain how cloud computing provides high availability of various large-scale geographically distributed resources for users ranging from small to large-scale on demand. The two key advantages of this model are ease of use and cost effectiveness, i.e., cost as per the usage and maximum resource utilization. But, cloud computing services are sensitive to security issues. The biggest problem in protecting such resources is that by their very nature dDOS attacks come from multiple computers with multiple IP addresses, so differentiating between natural spikes in traffic and deliberate and malicious attacks has been an almost insurmountable problem for network security.
The team’s approach is to determine whether incoming packet requests are arriving from spoofed IP addresses and so block them at the system’s top-level firewall before they impinge on resources or force the cloud system to recruit additional software and hardware from others servers in its network to cope with the increased demand. “Our detection algorithm will detect whether an incoming packet is spoofed or from a legitimate user before passing it to cloud virtual server,” the team explains. “If the packet is suspicious according to the algorithm, the requesting packet will be dropped.”
“Detection of distributed denial of service attacks in cloud computing by identifying spoofed IP” in Int. J. Communication Networks and Distributed Systems, 2013, 11, 262-279