Article Preview
TopLiterature Survey
Lonea at al. (2013) deployed a virtual machine based intrusion detection with graphical interface to monitor cloud fusion alerts by using Eucalyptus cloud architecture for front end and MySQL database for backend. Attacks are captured by Barnyard tool while using SNORT for signature based DDoS rules. Stacheldraht tool is utilized for generating the resource depletion data packets. These packets consist of UDP, TCP SYN and ICMP floods. These attack packets are captured during the attack and stored in the central MySQL database. However, a limitation in this signature based approach is that unknown or zero day attacks could not be detected.
Bakshi et al. (2010) proposed an Intrusion Detection based on Signature detection for DDoS by using virtual machines running SNORT to analyze both the real time in-bound and out-bound traffic. The defense framework identifies the attacker’s IP Address and auto scripts an Access Control List configuration for dropping the entire packets from that IP Address and blacklisting it immediately.
Gul et al. (2011) have cited that to handle a large packet flow, an intrusion detection model that analyzes and reports on the attack packets is utilized. These reports should be shared with the cloud actors involved. To improve the performance of the Intrusion Detection System multi-threading techniques are used. The final evaluation concluded that the use of multi thread deployment as compared to a single threaded deployment is more efficient.
Zarepoor at al. (2014) proposed the use of a statistical filtering system with two levels of filtering. The first level of filtering involves removing the header fields of incoming data packets, then comparing the time to live (TTL) value with a predetermined hop count value. If the values are not similar, the packet is termed to be spoofed and immediately dropped. The second level of filtering involves comparing the incoming packet header with a stored normal profile header.
Zakarya (2013) proposes an entropy based detection technique that identifies attack flow based on distribution ratio using the attack packet dropping algorithm. The entropy rate identifies the attack flow, dropping the packets if the DDoS is confirmed. Cloudsim simulation shows an accuracy of almost 90%.