Design Issues of Enhanced DDoS Protecting Scheme under the Cloud Computing Environment

Du to the growth of the Internet and the increase of data, many companies have begun to migrate their data services from the Web to the Cloud, but it comes with many security issues, such as Distributed Denial of Service (DDoS) attacks and Zero-day attacks. DDoS is a critical threat under cloud computing environment, it attempts to make a machine or network unavailable to their users. Confidence Based Filtering (CBF) is one of the conventional approaches to defending against DDoS. The CBF method is to collect the packets and extract attribute pairs for calculating the score of each packet, then it decides to discard it or not. However, the weight of each attribute pair and the threshold value in the calculation is static in the CBF method. Therefore, we propose a novel method called N-CBF that improves these drawbacks of the CBF method. First, the N-CBF scheme can dynamically adjust the weight values of each attribute pair. Second, each packet will have the unique threshold value. Third, we performed simulations to compare and analyze the effectiveness and efficiency of N-CBF scheme according to the KPIs. Then, the simulation results indicate that the proposed N-CBF scheme can obtain higher detection ratios on average of 9.02% and a little overhead in average processing time than CBF. Finally, the N-CBF can support more refined and robust protection mechanisms against DDoS attacks and also provide a more secure cloud computing environment.