Distributed Denial of Service Attacks Prevention Mechanisms in Cloud Computing Environment: A Review

1st International Conference of Recent Trends in Information and Communication Technologies

*Corresponding author: [email protected]

Distributed Denial of Service Attacks Prevention Mechanisms in Cloud

Computing Environment: A Review

Samson Idemudia*, Majid Bakhtiari

Department of Computer Science, Faculty of Computing

Universiti Teknologi Malaysia

UTM Skudai, 81310 Johor, Malaysia

Abstract

Cloud computing is eye-catching of the next IT Industries discussion word. Though, as cloud computing is still in its infant stages, current acceptance is connected with various challenges like security, performance, availability etc. In cloud computing where communications are shared by potentially millions of users, (DDoS) attacks have the prospect to much greater collision than against single tenanted architectures. Last few years, it is revealed that DDoS attacks method and tools are becoming stronger, effective and difficult to trace to the actual attackers. The main objective of this review paper is to focus on some of the mitigation techniques and defensive parameters that can be minimized during the event of attack; thus, to safeguard the countermeasures of DDoS attacks in the

Cloud computing environment.

Keywords: Cloud Computing; Security Issues; DDoS Attacks; Defence Mechanism.

1. INTRODUCTION

As cloud computing is still in its infant stages, existing assumption is associated with numerous challenges like security, performance, availability, integrity, cost, etc. The

security issue has played the most vital role nosy cloud computing. A recent survey by

Cloud Security Alliance (SA) &IEEE indicates that enterprises across sectors are eager to

adopt cloud computing but that security are needed both to accelerate cloud adoption on a

wide scale and to respond to regulatory drivers. It also details that cloud computing are

shaping the future of IT but the absence of a compliance environment is having dramatic

impact on cloud computing growth [1].

There is still unwillingness among the business class regarding acceptance of cloud due

to security and privacy issues. Security issues as played an important role in showing its acceptance. In two survey carried out by international data corporation (IDC) [2] in 2008

and 2009 correspondingly, Security was the top on the list. However, out-of-date threats are

contradicted efficiently but still non-acquainted risks have been established to the cloud.

One of the threats is Distributed Denial of Service (DDoS) attack. A Distributed Denial of

Service attack is an attack with the purpose of preventing valid users from using a stated

network resource such as the website, web service or a computer system [3]. On the 9th of

February, 2000, major DDoS attacks were compensated against Yahoo.com, Amazon,

IRICT 2014 Proceeding

12th -14th September, 2014, Universiti Teknologi Malaysia, Johor, Malaysia

Samson Idemudia and Majid Bakhtiari /IRICT (2014) 471-482 472

E*Trade, eBay, Buy.com FBI and several other website fell victim to DDoS attacks which

result to extensive damaged and troublesome [4]. In the year 2004, sequence of DDoS

attacks against different types of companies generating anti-spam services. These DDoS

attacks make companies shut down their services. DDoS attacks have become one of the

most annoying security threats for companies using the Internet. As the number of victims

increases each year, the DDoS attacks absolutely become a pressing problem on the

Internet [5] The purpose of this study is to review a mitigation technique that can be controlled by diversion or reduction of the strength during the attack.

2. CLOUD COMPUTING

Cloud computing is getting widespread in the area of business and IT industry. In an

internet based where cloud computing is served as a virtual shared server that provide

software, infrastructures, platform devices and resources [2]. The important of Cloud Computing is to make sure that customer’s use what they are interested in any location.

The Cloud Computing consists of three layers:

2.1. Cloud Application

It is the top most layer of the Cloud. It is an application and service of the Cloud which is accessed through the web browser, hosted systems or remote client. These remove the

need of installing and running the application on the customer’s system.

2.2. Cloud Platform

It is the middle layer of the Cloud. In this layer, it provides the computing platform as a service. Which make changes to the server configuration and settings allowing to the

increase and decrease in the requests.

2.3. Cloud Infrastructure

It is the lower most layer of the Cloud Infrastructure. It main function is to provide IT infrastructure via Virtualization. Which means separating single piece of hardware

independent, owned governed environment, than can be measure in terms of CPU, RAM,

Disk and any other elements [6].

3. CLOUD COMPUTING ARCHITECTURE:

The Cloud Computing architecture consists of numerous cloud modules and each of them are freely combined. They can be widely separated into two parts; Front End and Back End.

The both end are coupled via a network, and commonly through Internet. The diagram

below shows the vivid outlook of cloud computing architecture:


Figure 1: Cloud Computer Architecture

Front End: Is the client part of cloud computing system. It is consist of interfaces and

application that are needed to access the cloud computing platforms, example; Web

Browser. Back End: It is the cloud itself. Which consist of all the resources that are needed

to supply cloud computing services. It combined of large data storage, virtual machines,

security mechanism, deployment models, servers, services. It is the task of the Back End to

supply built-in security mechanisms, traffic control and procedure. The server utilizes positive procedure, known as the middleware, which help the connected tools communicate with each other.

4. CLOUD COMPUTING SERVICE MODEL

There are 3 service models for cloud computing that allow how computing resources are being

stipulation and consumed as a utility based on the earliest sketch characteristics: The services are:

4.1. Software as a Service (SaaS)

The ability given to the consumer is to make use of the given applications running on the cloud

infrastructure. This application are viewed from several different client apparatus via a thin client

interface such as the Web browser (example; Web-based email.) that the consumer could not control

the fundamental of the cloud infrastructure including the network, servers, operating systems, storage,

and individual application abilities, with the prospect exemption restricted user specific application

configuration setting. E.g.; of SaaS are: HR, CRM or Accounting application.

S

e

c

u

r

i

t

y

Service

Storage

Infrastructure

Cloud Runtime

Client Infrastructure

Internet

M

a

n

a

g

e

m

e

n

t

Application


4.2. Platforms as a Service (PaaS)

The ability given to the consumer to deploy onto the cloud infrastructure consumer- obtained

application created using programming languages and apparatus supported by the provider. The

consumer does not control the fundamental of the cloud infrastructure including the network, servers,

operating systems, storage, and individual application abilities, but has control over deployed

application and likely application hosting environment configurations. Example: Sales Force,

Microsoft Azure, Amazon Web-service and host of other.

4.3. Infrastructure as a Service (IaaS)

The ability given to the consumer is to provision processing, storage, network and other

elementary computing source where the consumer can be able to deploy and run random software

that should include operating system and applications. The consumer does not control the elementary

of the cloud infrastructure including the network, servers, operating systems, storage, deployed

application and likely restricted control of selected components. Example: (host firewalls). E.g.: of

IaaS provider are Rack Space Hosting, Go-daddy Hosting, and Network Solution.

Figure 2: Cloud Computing Model Services

5. THREATS TO SECURITY IN CLOUD COMPUTING

The most fear of the Cloud Computing is the security. Many surveys have worked

previously that talk about security threats in cloud on the nature of service models of cloud

systems. The security is important at any level of the cloud- Network level, host level and

application level. This classification is done based of discussion in [7] for Amazon EC2 and as in [8]

Control / Governance

Public

Hybrid

Private

Economics of Scale

Flex

ibility

of P

urp

ose L

evel

of

Ab

stra

ctio

n

SaaS

PaaS

IaaS


6. SECURITY ISSUES IN CLOUD COMPUTING

The cloud deployment model, networking, platform, storage, and software infrastructure are provided as services that measure up or down depending on the demand. The Cloud

Computing model has three main deployment models which are:

6.1 Private cloud

The private cloud is an innovative term that some dealers have recently used to describe

offerings that imitate cloud computing on private networks. It is set up within an organization’s internal enterprise data enter. Utilization on the private cloud can be much

more secure than that of the public cloud because of its specified internal exposure. Only

the organization and selected stakeholders may have access to operate on a specific Private

cloud [9]

6.2 Public cloud

A public cloud defines cloud computing in the traditional conventional sense, whereby

resources are enthusiastically provisioned on a fine-grained, self-service basis over the

Internet, via web applications/web services, from an off-site third-party provider who

shares capital and bills on a fine-grained utility computing basis. It is naturally based on a

pay-per-use model, like a prepaid electricity metering system which is flexible enough to

cater for spikes in demand for cloud optimization [10]

6.3. Hybrid cloud

The hybrid cloud is a private cloud linked to one or more external cloud services,

centrally managed, provisioned as a single unit, and bounded by a secure network. It

provides virtual IT solutions through a combination of both public and private clouds [11]

7. DISTRIBUTED DENIAL OF SERVICE

Presently, there are two main methods to launch DDoS attacks in the Internet. The first method is for the attacker to send some abnormal packets to the victim to complicate a

protocol or an application running on it (i.e., vulnerability attack [9]

The second method is the most common one, which involves an attacker trying to do one

or both of the following:

(1) Interrupt a legitimate user’s connectivity by killing the bandwidth, router processing

capacity or network resources; these are basically network/transport-level flooding attacks

[5]

(2) disturb a legitimate user’s services by draining the server resources (e.g. Sockets,

CPU, memory, disk/database bandwidth, and I/O bandwidth); these basically include

application-level flooding attacks [10]

Currently, DDoS attacks are often propelled by a network of remotely controlled, well organized, and widely scattered Zombies1 or Bonnet computers that are concurrently and

continuously sending a large amount of traffic and/or service requests to the target system.

This target system either responds so slowly as to be inoperative or crashes completely [5,

11]


Fig 3: General architecture of DDoS attacks

8. ENTERPRISE COULD BE APPREHENDED RESPONSIBLE FOR DDOS ATTACKS PARTIES

THROUGH THEIR NETWORK

In any container many enterprises have since stressed up their security and the

concentration of DDoS attackers has moved on to the growing number of homes PC and

companies are connected to the Internet by broadband connections, noteworthy DSL and

cable modems. There was no instant outlook of then the DDoS threat being decrease and so

unavoidable both enterprises and ISPs will be search for apparatus to help mitigate the

dilemma.

9. DDOS IMPACT

The customary impact of DDoS attacks is to decrease an enterprise’s capability to carry

out lawful businesses on the network, by flooding it servers on the sense that it will confine

the bandwidth and processing ability. Definitely, DDOS attacks search for out weaker

agent apparatus that can be threaten and used as platforms for various attacks against a marked congregation. Several of the earliest DDoS attacks in 2000 and 2001make use of

the pathetic security of various enterprise networks. The creation process of which involves

infecting computers with a form of malware that gives the botnet owner access to the

computer.

The categories of DDoS attacks

9.1 SYN FLOOD Attack: One fussy type of attack is the SYN flood, where external

hosts attempt to subdue the server machine by sending a regular stream of TCP connection

requests, forcing the server to allocate assets for each new connection until all assets are

pooped. This paper discusses several approaches for dealing with the collapse problem,

including SYN caches and SYN cookies [11]

9.2 SMURF is another attack in which the attack traffic essentially is amplified in size by concession agent systems before it impacts the victim computer. Smurf is an example of

amplification DDoS attack which truly exploits other unprotected networks called mediator


networks to amplify the attack traffic load that is actually sent towards the victim computer

[13]

9.3 ICMP Flood attack is skillful by spreading a bunch of ICMP packets, usually the

ping packets. It idea is to send huge data to the computer, and it will slows down the

operation and gets disjointed due to timeouts. Particularly, Ping flood attacks attempt to

soak a network by sending a continuous series of ICMP echo requests over a high-

bandwidth connection to a target host on a lower bandwidth connection. The receiver will send back an ICMP echo reply for each request [14]

9.4 Ping of Death involves sending malicious ping to a processor at 32 bytes in size.

Ping of death attack many operating systems and make them freeze, crash or reboot. It was

particularly horrible because the identity of the attacker sending the oversized packet could

be easily spoofed and the attacker didn't need to know anything about the machine they

were attacking except for its IP address. The operating system vendors had made patches

available to avoid the ping of death. [15]

9.5 Land Flood attack sends SYN packets to a particular port of a target computer

with the source address and source port number of these SYN packets as the same

destination IP address and port number [16]

9.6 UDP Flood attack is possible when a huge number of UDP packets are sends to

the victim computer. This means that the system and the failing of available bandwidth for valid service request to the victim computer. Once packets are sent to specific port on the

victim computer and when it notice that there is no request waiting on the ports, it will

produce an ICMP packet of target inaccessible [17]

9.7 Teardrop attack exploits the weakness present in the reconvening of data packets,

and which involve sending not valid IP wreckage with oversized load to the target system.

An error in the TCP/IP fragmentation re-organized code of various different operating

apparatus which cause the system not to be handled properly and makes them to crashed,

hanged or reboot the system [16]

10. DDOS ATTACK: SCOPE AND CLASSIFICATION

One of the necessary steps towards deploying a comprehensive DDoS defense mechanism is to understand all the aspects of DDoS attacks. Various classifications of

DDoS attacks have been proposed in the literature over the past decade [18-21] . In this

survey, the interested in providing a classification of DDoS attacks based on the protocol

level at which the attack works. The review various DDoS flooding incidents of each

category, some of which have been well reviewed/analyzed in [18]

11. LIMITATIONS OF EARLY METHODS

Early fixes have focused on increasing the length of the queues and reducing a timeout

value. The timeout value controls how long an entry waits in the queue until an

acknowledgement is received. The problem with simply making the queue longer is that

there are actually many queues (one for each TCP server on the system--HTTP, FTP,

SMTP, etc.), and lengthening the queues to very large values, for example, eight kilobytes,

results in an operating system requiring enormous amounts of memory (over 100 megabytes for a system with 25 server applications). Shortening the timeouts can also help

when used with longer queue lengths because the spoofed packets get removed from the

queues more quickly. Shortening the timeouts also affects new outgoing connections, and


remote users with slow links. Some security product vendors, such as Checkpoint

Technologies and Internet Security Systems (ISS)

12. DISCUSSION

Many DDoS mechanisms have been proposed from the period of time for detection and

prevention of DDoS attacks in cloud. Profitable router manufacturers advise a mixture of

techniques to identify and mitigate DDoS attacks based on sampling, monitoring and

filtering. These include setting up of counters and access list to examine the traffic and filter unnecessary packets [12-14]. The survey below will conclude a light of some of the

defense and mitigation techniques mechanisms.

A) Combined study to gape Architecture of defends against DDoS attacks (2008) Saad

Radwane [22] in 2008 proposed a modular peer to peer architecture for the combination of

defense against DDoS attacks. A DDoS attacks is recognized by a high traffic rate, an IP

spoofing and various paths taken to reach the victim.

B) CBF (Confidence Based Filtering): A packet filtering technique for DDoS attack

defense in cloud environment (2011) [23] in 2011 he presented CBF technique called CBF.

Like this practice, the packets entering the cloud as differentiate if they are attack packets

or genuine packets. However, to differentiate the attack packet from the genuine packets,

the correlation arrays was used. This means that genuine packet flows have unique

correlation arrangement. These two terms that was used, Confidence and CBF score. The confidence was the occurrence of manifestation of attribute in the packets flows. CBF score

was the subjective standard confidence of the attribute value pairs. A disposal verge is a

verge value set to judge the filtration. The genuine packets will be that whose CBF score is

above the disposal verge is. After separating the packets, the hazardous packets are

disposed and the demand by the genuine packets is fulfilled. Then a wide simulation was

introduced to evaluate the possibility CBF technique. The outcome shows that CBF has a

filtering correctness recognition making it suitable for real time filtering in cloud

environment.

C) Defense against DDoS attack for cloud computing (2012) Yang Lanjuan et.al [24]

in 2012 suggested a defense system for cloud computing. He proposed a method based on

Software Oriented Architecture (SOA) to locate back the cause of DDoS attack. A filter method was used to separate between the genuine packets and the attack packets. In this

type of method, all service demands was first sent to SBTA SOA based locate back

method) for building them. If the message is normal, it will be sent to the demand handler

for processing. The outcome shows that Cloud filter have high detection ratio and fewer

detection alarm ratio.

TABLE I. FUNCTIONALITIES AND MITIGATION TECHNIQUES AGAINST DDOS

Names of the Attacks

Functionalities Mitigation

Techniques

SYN Flood Attack

[15]

Using an external hosts attempt to

subdue the server device by sending a

constant stream of TCP connection

requests, forcing the server to allocate

assets for each new connection until all

assets are tired.

By filtering on some changeable that

will reduces collision to the customer.

It also can be diverted & clean out the

attack traffic, and let the good once

come through.

SMURF Attack [16] Exploits other insecure networks called

conciliator networks to increase the

attack traffic load that is accurately sent

Restricting access to VTY (Virtual

Terminal Lines) can help to stop or

deflect attack to the target machine of


towards the victim computer the customers.

ICMP Attack [17] Sending a huge data to the computer, to

make it slows down and gets disjointed

due to timeouts.

Killing the connection by using RST

packets that are sent to both

connection points and the RST

requires accurate series and recognize

numbers, or else they are unnoticed.

PING of Death [18] Ping of death attack is caused by an

attacker intentionally by sending an IP

packet superior than the bytes allowed

by the IP protocol

Using firewalls in gateways to filter

arriving and leaving traffic. The

arriving packets with source IP

address belonging to the subnet work

and leaving packets with source IP

addresses not belonging to the subnet

work are not consistent.

Land Attack [19] Sending spoofed SYN packets

containing the IP address of the victim

computer as both the target and the

source IP address.

Deploying antivirus plan to scan

malicious code in the system and to

set up IDS system to detect patterns of

the attack.

UDP Flood Attack

[20]

Notice when the victim computer

receive a UDP packet, it will wait to

establish the submission port.

By filtering on the service, is

presupposing that the attack

mechanism is known, and then we can

filter traffic towards an exact UDP

port.

Teardrop Attack [19] Consist of an attacker sending chains of

fragmented IP datagram pairs to the

target system.

Filtering on the destination address,

black hole and the sinkhole routing. It

can be used when the network is

under attack.

SYN Flood attack the external host of the systems that attempt to overcome the server

machine by sending a regular stream of TCP connect request, forcing the server to allocate

asset for each new connect. By opening the half connection oversupply the number of

available connections that the server is able to make, keeping it from responding to legal

request

Smurf attack should be prevented at the early stages otherwise it is very dangerous from being amplified by the intermediary system. The network bandwidth should be quickly

used up and to prevent genuine packets from getting through their destination

ICMP attack needs a limitation during the traffic congestion and should be provided

more space for other rational application over the internet. A target host on a lower

bandwidth connection and the recipient should send back an ICMP reverberation respond

for request

Ping of Death attack many operating system and make computer freeze, crash or reboot.

The firewall should is accomplished of filtering the oversized packets

Land Flood sends SYN packets to a particular port of a target computer with the source

address and source port number of these SYN packets as the same destination IP address

and port number. By installing filter on the entrance port of their border router to check the

source IP addresses of all arriving packets and if the address is within the array of advertised prefixes, the packet is forwarded.

UDP Flood Is noticed when the victim computer received a UDP packets, it will wait to

establish the submission port. By filtering on the service, is the presupposes that the attack

mechanism is known, and then we can filter traffic towards an exact UDP port


Teardrop attack that involves sending fragmented packets to a target system, due to a

bug TCP/IP fragmentation reassembling, the packet overlap one another, that causes

crashing to the target network device in the cloud environment. The modified teardrop

attack works by sending pairs of deliberately constructed IP fragments which are

reassembled into an invalid UDP datagram

From the observation in the table and the analysis show that different DDoS attacks have

their behaviour during the time they launch attack into the users system or within the cloud environment.

CONCLUTIONS AND FUTHER RESEARCH

DDoS are one of the most harmful attacks to the cloud. DDoS attacks are recently the

cutting-edge and most difficult drifts in the system security threats. The recent defense

mechanisms that were reviewed in this paper are future from satisfactory to prevent and mitigate DDoS attack in the cloud computing environment.

A roll to the global IT industries is the rising cloud computing technology for which

most of the IT Company is moving their service towards. The effects of the DDoS in the

cloud area have been alert. Different attacks in cloud area 15% is contributed by DDoS

attacks.

The main contribution in this work obtainable in Table 1 above that indicate the

existing mitigation restriction that has been used for the reduction and diversion during this

attacks, The framework for the resources in the provision of job distribution on DDoS on

the Cloud. The architecture framework should take into report the customers input

constraint such like execution cost, execution time, respond time and energy consumption,

scalability, trust, reliability, load balanced and resources utilization. It has been exposed

that the entire restriction algorithm proposed and used could not accomplish the requirement. In the early stages all the parameter will only make the framework more

difficult. This paper hence assists to know the key restriction and possible future

enhancement.

The future work is to suggest effectiveness on securing cloud infrastructures mitigating

the attacks standard and to survive the future attacks.

REFERENCES

1. SO, K. "Cloud Computing Security Issues and Challenges," International Journal of

Computer Networks, 2011.

2. Kumar, N. and Sharma, S. "Study of Intrusion Detection system for DDoS attacks in cloud

computing," in Wireless and Optical Communications Networks (WOCN), Tenth

International Conference on, pp. 1-5, 2013

3. Specht, S. M. "Electrical Engineering, Princeton University, Ruby b Lee, Electrical

Engineering, Princeton University, Distributed Denial of Service: Taxonomies of Attacks,

Tools and Countermeasures," in Proceedings 17th International Conference on parallel and distributed computing system, International Workshop on Security in Parallel and

Distributed System, pp. 543-550, 2004


4. Peng, T. Leckie, C. and Ramamohanarao, K. "Survey of Network-Based Defense

Mechanisms Countering the DoS and DDoS problems," ACM Computing Surveys (CSUR),

vol. 39, p. 3, 2007.

5. Zargar, S. Joshi, J. and Tipper, D. "A Survey of Defense Mechanisms against Distributed

Denial of Service (DDoS) Flooding Attacks," 2013.

6. RAMESHBABU, J. BALAJI, B. DANIEL, R. W. and MALATHI, K. "A Prevention OF

DDOS ATTACKS IN CLOUD USING NEIF TECHNIQUES."

7. Bisong, A. and Rahman, S. M. "AN OVERVIEW OF THE SECURITY CONCERNS IN

ENTERPRISE CLOUD COMPUTING," International Journal of Network Security & Its

Applications, vol. 3, 2011.

8. Bhadauria, R. and Sanyal, S. "Survey on Security Issues in Cloud Computing and Associated Mitigation Techniques," International Journal of computer applications, vol.

47, 2012.

9. Moghe, U. Lakkadwala, P. and Mishra, D. “Cloud Computing: Survey of Different

Utilization Techniques. In Software Engineering (CONSEG),” CSI Sixth International

Conference on IEEE, 2012

10. Mirashe, S.P. and Kalyankar, N. “Cloud Computing. ArXiv preprint arXiv”: 1003.4074,

2010.

11. Sowndarya, N. and Umarani, V. an Overview of Cloud Computing. Software Engineering

and Technology, 5(12): p. 396, 2013.

12. Kargl, F. Maier, J. and Weber, M. “Protecting Web Servers from Distributed Denial of

Service Attacks,” in Proceedings of the 10th international conference on World Wide Web,

2001.

13. Aljifri, H., IP Traceback: a new Denial-of-Service Deterrent? IEEE Security & Privacy

Magazine,. 1(3): p. 24-31, 2003

14. Moore, D. et al., Inferring Internet Denial-of-Service Activity. ACM Transactions on

Computer Systems (TOCS). 24(2): p. 115-139, 2006

15. Mell, P. and Grance, T. "The NIST Definition of Cloud Computing," Communications of

the ACM, vol. 53, p. 50, 2010.

16. Yu, J. Li, Z. Chen, H. and Chen, X. "A Detection and Offense Mechanism to Defend against Application Layer DDoS Attacks," in Networking and Services, 2007. ICNS. Third

International Conference on, pp. 54-54, 2007

17. Chang, R. K. "Defending against Flooding-Based Distributed Denial-of-Service Attacks: A

tutorial," Communications Magazine, IEEE, vol. 40, pp. 42-51, 2002.

18. Katkamwar, N. S. Puranik, A. G. and Deshpande, P. "Securing Cloud Servers against

Flooding Based DDoS Attacks," International Journal of Application or Innovation in

Engineering & Management (IJ AI EM), vol. 1, pp. 50-55, 2012.

19. Kumar, S. "Smurf-Based Distributed Denial of Service (ddos) Attack Amplification in

Internet," in Internet Monitoring and Protection, 2007. ICIMP 2007. Second International

Conference on, pp. 25-25, 2007


20. Udhayan, J. and Anitha, R. "Demystifying and rate limiting ICMP hosted DoS/DDoS

Flooding Attacks with Attack Productivity Analysis," in Advance Computing Conference,

2009. IACC 2009. IEEE International, pp. 558-564, 2009

21. Gandhi, B. and Joshi, R. "An Integrated Framework for Proactive Mitigation,

Characterization and Traceback of DDoS Attacks," IJCSNS, vol. 7, p. 274, 2007.

22. "<630_ce_AttackDetection land attack and Teardrop attack.pdf>."

23. Houle, K. J. Weaver, G. M. Long, N. and Thomas, R. "Trends in Denial of Service Attack

Technology," CERT and CERT Coordination Center. October, 2001

24. Douligeris, C. and Mitrokotsa, A. "DDoS attacks and Defense Mechanisms: Classification

and State-of-the-Art," Computer Networks, vol. 44, pp. 643-666, 2004.

25. Jain, P. J. Jain, and Gupta, Z. "Mitigation of Denial of Service (DoS) Attack," International

Journal of Computational Engineering & Management IJCEM, vol. 11, 2011.

26. Chen, L.-C. Longstaff, T. A. and Carley, K. M. "Characterization of Defense Mechanisms

against Distributed Denial of Service Attacks," Computers & Security, vol. 23, pp. 665-678,

2004.

27. Specht, S. M. and Lee, R. B. "Distributed Denial of Service: Taxonomies of Attacks, Tools,

and Countermeasures," in ISCA PDCS, pp. 543-550, 2004

28. Saad, R. Nait-Abdesselam, F. and Serhrouchni, A. "A Collaborative Peer-to-Peer

Architecture to Defend against DDoS Attacks," in Local Computer Networks, 2008. LCN

2008. 33rd IEEE Conference on, pp. 427-434, 2008

29. Chen, Q. Lin, W. Dou, W. and Yu, S. "CBF: A Packet Filtering Method for DDoS Attack

Defense in Cloud Environment," in Dependable, Autonomic and Secure Computing

(DASC), 2011 IEEE Ninth International Conference on, pp. 427-434, 2011

30. Yang, L. Zhang, T. Song, J. Wang, J. and Chen, P. "Defense of DDoS Attack for Cloud

Computing," in Computer Science and Automation Engineering (CSAE), IEEE

International Conference on, 2012, pp. 626-629, 2012

Distributed Denial of Service Attacks Prevention Mechanisms in Cloud Computing Environment: A Review

Documents