Denial of Service (DoS) Attacks Over Cloud Environment: A Literature Survey

Denial of Service (DoS) Attacks Over Cloud Environment: A Literature Survey

Thangavel M. (Thiagarajar College of Engineering, India), Nithya S (Thiagarajar College of Engineering, India) and Sindhuja R (Thiagarajar College of Engineering, India)
DOI: 10.4018/978-1-5225-2013-9.ch012
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Cloud computing is the fastest growing technology in today's world. Cloud services provide pay as go models on capacity or usage. For providing better cloud services, capacity planning is very important. Proper capacity planning will maximize efficiency and on the other side proper control over the resources will help to overcome from attacks. As the technology develops in one side, threats and vulnerabilities to security also increases on the other side. A complete analysis of Denial of Service (DOS) attacks in cloud computing and how are they done in the cloud environment and the impact of reduced capacity in cloud causes greater significance. Among all the cloud computing attacks, DOS is a major threat to the cloud environment. In this book chapter, we are going to discuss DOS attack in the cloud and its types, what are the tools used to perform DOS attack and how they are detected and prevented. Finally it deals with the measures to protect the cloud services from DOS attack and also penetration testing for DOS attack.
Chapter Preview
Top

Common Attacks On Cloud

Authentication Attack

Authentication is one of the vulnerable points in the cloud services. Generally authentication is provided for the users using username and password. Some of the developed organizations used site keys, virtual keyboards, and biometrics and shared secret questions. Most possible authentication attacks are i) brute force attack ii) shoulder surfing iii) Replay attack iv) Dictionary attack v) key loggers. We see in detail about all the above attacks. In a brute force attack, in order to break the username or password, we have to try all the possibilities (all possible combinations). In cloud, brute force attack is used to break the password which is in the encrypted form (encrypted text). In shoulder surfing, an attacker watches the employee or customer movements and tries to see the password when he/she types the password. This attack is also called spying. In Replay attack, an attacker intercept between the two valid users, capture the data and then retransmits the data frequently or in a delayed manner. This attack is also called Playback attack or reflection attack. Dictionary attack is to try out all the possible combinations of meaningful words in the dictionary to break the password (Ajey singh 2012). Key loggers is a software program and records the key pressed by the user. Key loggers monitor the user activities.

Denial of Service Attack

In DOS attacks, an attacker overloads the server by sending large number of requests and makes the server to un-respond to the valid users, at that time resource is not available to the user (Ramya 2015). DDOS attack which means many node systems attacking the one node systems at the same time by flooding the message.

Complete Chapter List

Search this Book:
Reset