Proactive Approach for the Prevention of DDoS Attacks in Cloud Computing Environments

Author

Brad Alshehry, Florida Institute of Technology

Date of Award

12-2016

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Engineering and Sciences

First Advisor

William Allen

Second Advisor

Phil Bernhard

Third Advisor

Shengzhi Zhang

Fourth Advisor

Georgios Anagnostopoulos

Abstract

Contemporary security systems attempt to provide protection against distributed denial-of-service (DDoS) attacks; however, they mostly use a variety of computing and hardware resources for load distribution and request delays. As a result, ordinary users and website visitors experience timeouts, captchas, and lowspeed connections. In this paper, we propose a new multilayer system for protection against DDoS in the cloud that utilizes Threat Intelligence techniques and a proactive approach to detect traffic behavior anomalies. The first layer of the model analyzes the source IP address in the header of incoming traffic packets and the second layer analyzes the speed of requests and calculates the threshold of the attack speed. If an attack remains undetected, the incoming traffic packets are analyzed against the behavior patterns in the third layer. The fourth layer reduces the traffic load by dispatching the traffic to the proxy, if required, and the fifth layer determines the need for port hopping between the proxy and the target website if the attack targets a specific web-application. A series of experiments were performed and the results demonstrate that this multilayer approach can successfully detect and mitigate DDoS attacks from a variety of known and unknown sources.

Comments

Copyright held by author

Recommended Citation

Alshehry, Brad, "Proactive Approach for the Prevention of DDoS Attacks in Cloud Computing Environments" (2016). Theses and Dissertations. 913.
https://repository.fit.edu/etd/913