Click Here

Details



Cloud Sentry: Innovations in Advanced Threat Detection for Comprehensive Cloud Security Management

Subash Banala

24-35

Vol 17, Issue 1, Jan-Jun, 2023

Date of Submission: 2023-01-29 Date of Acceptance: 2023-02-19 Date of Publication: 2023-04-02

Abstract

Cloud services are renowned for their touted benefits, such as seamless resource access, scalability, and elasticity. However, they also face significant challenges from various threats at both infrastructure and application levels, with application-layer distributed denial of service (DDoS) attacks posing challenging problems to counter. These attacks typically overwhelm targeted servers, causing performance degradation and service unavailability by exhausting available resources. While some existing solutions like intrusion detection and protection can mitigate specific attacks, evolving application-layer DDoS attacks often find ways to evade these defences. In response, this paper introduces SENTRY, a novel and efficient methodology designed to combat application-layer DDoS attacks. SENTRY employs a challenge-response strategy that (a) assesses attackers' physical bandwidth resources, (b) dynamically adjusts to varying workload conditions, and (c) blocks suspicious service requests from potentially malicious clients.

References

  1. Akamai Technologies, “Akamai state of the internet security report,” 2015, https://www.akamai.com/us/en/multimedia/documents/report/q4-2015-state-of-the-internet-security-report.pdf.
  2. S. Ranjan, K. Karrer, and E. Knightly, “Wide area redirection of dynamic content by internet data centers,” Proc. of INFOCOM, pp. 816–826, 2004.
  3. Atlassian, “Bitbucket Data Center,” https://bitbucket.org
  4. Glenn Butcher, “Atlassian subject to Denial Of Service attack,” 2011, http://blogs.atlassian.com/2011/06/atlassian subject to denial of service attack
  5. S. VivinSandar and S. Shenai, “Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks,” International Journal of Computer Applications, vol. 41, no. 20, pp. 11–16, 2012.
  6. S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, “Ddos-resilient scheduling to counter application layer attacks under imperfect detection,” Proc. of INFOCOM, pp. 1–13, 2006.
  7. J. Mirkovic and P. Reiher, “A taxonomy of ddos attack and ddos defense mechanisms,” In SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53, 2004.
  8. Amazon Inc, “Amazon CloudWatch,” 2015, https://aws.amazon.com/ cloudwatch/details/?nc2=h ls.
  9. Y. Xie and S. Yu, “A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors,” In Transactions on Networking, vol. 17, no. 1, pp. 54–65, 2009.
  10. C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, and C. Diot, “Packet-level traffic measurements from the sprint ip backbone,” In IEEE Network, vol. 17, no. 6, pp. 6–16, 2003.
  11. R. Sedgewick and K. Wayne, In Algorithms. Pearson Education, 2011.
  12. A. Stavrou, J. Ioannidis, A. Keromytis, V. Misra, and D. Rubenstein, “A pay-per-use dos protection mechanism for the web,” Proc. of Applied Cryptography and Network Security, pp. 120–134, 2004.
  13. L. Von, M. Blum, N. Hopper, and J. Langford, “Captcha: Using hard ai problems for security,” Proc. of EUROCRYPT-Advances in Cryptology, pp. 294–311, 2003.
  14. G. Mori and J. Malik, “Recognizing objects in adversarial clutter: Breaking a visual captcha,” Proc. of Computer Society Conference on Computer Vision and Pattern Recognition, pp. I–134, 2003.
  15. W. Yen and M. Lee, “Defending application ddos with constraint random request attacks,” Proc. of Asia-Pacific Conference on Communications,, pp. 620–624, 2005
  16. Y. Xie, S. Tang, X. Huang, C. Tang, and X. Liu, “Detecting latent attack behavior from aggregated web traffic,” In Computer Communications, vol. 36, no. 8, pp. 895–907, 2013.
  17. S. Seufert and D. O’Brien, “Machine learning for automatic defence against distributed denial of service attacks,” Proc. of International Conference on Communications, pp. 1217–1222, 2007.
  18. J. Yu, C. Fang, L. Lu, and Z. Li, “A lightweight mechanism to mitigate application layer ddos attacks,” Proc. of Scalable Information Systems, pp. 175–191, 2009.
  19. S. Khor and A. Nakao, “Daas: Ddos mitigation-as-a-service,” in Proc. of Applications and the Internet, 2011, pp. 160–171
  20. B. Wang, Y. Zheng, W. Lou, and Y. Hou, “Ddos attack protection in the era of cloud computing and software-defined networking,” In Computer Networks, vol. 81, pp. 308–319, 2015.
  21. M. Abadi, M. Burrows, M. Manasse, and T. Wobber, “Moderately hard, memory-bound functions,” In Transactions on Internet Technology, vol. 5, no. 2, pp. 299–327, 2005.
  22. M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, “Ddos defense by offense,” In SIGCOMM Computer Communication Review, vol. 36, no. 4, pp. 303–314, 2006.
  23. S. Khanna, S. Venkatesh, O. Fatemieh, F. Khan, and C. Gunter, “Adaptive selective verification: An efficient adaptive countermeasure to thwart dos attacks,” In Transactions on Networking, vol. 20, no. 3, pp. 715–728, 2012.
Download PDF
Back

Disclaimer: Indexing of published papers is subject to the evaluation and acceptance criteria of the respective indexing agencies. While we strive to maintain high academic and editorial standards, International Journal of Innovations in Scientific Engineering does not guarantee the indexing of any published paper. Acceptance and inclusion in indexing databases are determined by the quality, originality, and relevance of the paper, and are at the sole discretion of the indexing bodies.