Call for Paper - Upcoming Issues

The Impact of Cloud Architecture and Design on the Effectiveness of Rate-Based Distributed Denial of Service Attacks

International Journal of Computer Science and Engineering
© 2024 by SSRG - IJCSE Journal
Volume 11 Issue 10
Year of Publication : 2024
Authors : Manish Sinha
10.14445/23488387/IJCSE-V11I10P107

pdf
How to Cite?

Manish Sinha, "The Impact of Cloud Architecture and Design on the Effectiveness of Rate-Based Distributed Denial of Service Attacks," SSRG International Journal of Computer Science and Engineering , vol. 11,  no. 10, pp. 54-61, 2024. Crossref, https://doi.org/10.14445/23488387/IJCSE-V11I10P107

Abstract:

A highly available service is now a cornerstone requirement of any cloud service. Amongst the threats faced by any cloud service, Distributed Denial of Service (DDoS) Attacks are a significant concern when designing services with high availability. Good design decisions help detect and mitigate attacks quickly, whereas poor decisions can introduce tech debt and complicate the detection and mitigation of attacks. In this paper, we will focus primarily on rate-based DDoS attacks, a kind of attack in which the malicious actor tries to exhaust the service's resources by sending fraudulent requests from zombie computers worldwide, making it hard to detect and pinpoint the source of the attack. We will explore different architecture and design decisions that can be used to mitigate DDoS attacks with minimum degradation of latency.

Keywords:

Cloud architecture, Cloud computing, Cybersecurity, Performance analysis, Distributed denial of attacks.

References:

[1] Abdulaziz Aljabre, "Cloud Computing for Increased Business Value," International Journal of Business and Social Science, vol. 3, no. 1, pp. 234-239, 2012.
[Google Scholar] [Publisher Link]
[2] What is a DDoS Attack?, Cloudflare. [Online]. Available: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/
[3] What is a Botnet?, Palo Alto Networks. [Online]. Available: https://www.paloaltonetworks.com/cyberpedia/what-is-botnet
[4] Manos Antonakakis et al., "Understanding the Mirai Botnet," 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, Canada, pp. 1093-1110, 2017.
[Google Scholar] [Publisher Link]
[5] DoS Attack vs. DDoS Attack, Fortinet. [Online]. Available: https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos
[6] Opeyemi Osanaiye, Kim-Kwang Raymond Choo, and Mqhele Dlodlo, "Distributed Denial of Service (DDoS) Resilience in Cloud: Review and Conceptual Cloud DDoS Mitigation Framework," Journal of Network and Computer Applications, vol. 67, pp. 147-165, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Gaurav Somani et al., "DDoS Attacks in Cloud Computing: Issues, Taxonomy, and Future Directions," Computer Communications, vol. 107, pp. 30-48, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Mohamed Idhammad, Karim Afdel, and Mustapha Belouch, “Semi-Supervised Machine Learning Approach for DDoS Detection,” Applied Intelligence, vol. 48, pp. 3193-3208, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Aanshi Bhardwaj et al., "Distributed Denial of Service Attacks in Cloud: State-of-the-Art of Scientific and Commercial Solutions," Computer Science Review, vol. 39, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[10] What are AWS WAF, AWS Shield Advanced, and AWS Firewall Manager?, AWS. [Online]. Available: https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
[11] Matt Calder et al., "Analyzing the Performance of an Anycast CDN," Proceedings of the 2015 Internet Measurement Conference, Tokyo, Japan, pp. 531-537, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Geographic Match Rule Statement, AWS. [Online]. Available: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule statement-type-geo-match.html
[13] Understanding IP Addressing and CIDR Charts, RIPE NCC. [Online]. Available: https://www.ripe.net/about-us/press centre/understanding-ip-addressing/
[14] IP Reputation Rule Groups, AWS. [Online]. Available: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule groups-ip-rep.html
[15] Origin Server, Akamai Techdocs. [Online]. Available: https://techdocs.akamai.com/property-mgr/docs/origin-server
[16] Yang Zhang et al., "Detecting Malicious Activities With User‐Agent‐Based Profiles," International Journal of Network Management, pp. 306-319, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[17] FieldToMatch, AWS. [Online]. Available: https://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html
[18] Matt Auerbach, Zachary Goldberg, and Jay Raval, CDN Caching Improvements for Better App Performance with AWS Amplify Hosting, 2024. [Online]. Available: https://aws.amazon.com/blogs/mobile/cdn-caching-improvements-for-better-app-performance with-aws-amplify-hosting/
[19] Deliver Custom Content with CloudFront, AWS, 2014. [Online]. Available: https://aws.amazon.com/blogs/aws/enhanced-cloudfront customization/
[20] Amazon API Gateway Concepts, AWS. [Online]. Available: https://docs.aws.amazon.com/apigateway/latest/developerguide/api gateway-basic-concept.html#apigateway-definition-edge-optimized-api-endpoint
[21] Chris Munns, AWS. Protecting your API Using Amazon API Gateway and AWS WAF — Part 2, 2018. [Online]. Available: https://aws.amazon.com/blogs/compute/protecting-your-api-using-amazon-api-gateway-and-aws-waf-part-2/ 
[22] Configure ALARM Actions for CloudWatch Alarms, Trend Micro. [Online]. Available: https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudWatch/cloudwatch-alarm-action.html
[23] API Concepts, Akamai Techdocs. [Online]. Available: https://techdocs.akamai.com/application-security/reference/api-concepts
[24] Nivedita Shinde, and Priti Kulkarni, "Cyber Incident Response and Planning: A Flexible Approach," Computer Fraud & Security, vol. 2021, no. 1, pp. 14-19, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[25] H.R.1668 - IoT Cybersecurity Improvement Act of 2020, Congress.Gov, 2020. [Online]. Available: https://www.congress.gov/bill/116th-congress/house-bill/1668
[26] Jackson, California Legislative Information, SB-327 Information Privacy: Connected Devices, 2018. [Online]. Available: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327
[27] Custom Rules for Web Application Firewall v2 on Azure Application Gateway, Microsoft Lgnite, 2024. [Online]. Available: https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/custom-waf-rules-overview
[28] Google Cloud Armor documentation, Google Cloud. [Online]. Available: https://cloud.google.com/armor/docs/security-policy-overview
[29] Overview of Web Application Firewall, Oracle Cloud Infrastructure Documentation. [Online]. Available: https://docs.oracle.com/en us/iaas/Content/WAF/Concepts/overview.htm