Distributed Denial of Service attack on Cloud: Detection and Prevention

Cloud computing is a distributive and scalable computing architecture. It provides sharing of data and other resources which are accessible from any part of the world for a very low cost. However, Security is one major concern for such computing environment. Distributed Denial of Service (DDoS) is an attack that consumes all the cloud resources may have making it unavailable to other general users. This paper identifies characteristics of DDoS attack and provides an Intrusion Detection System (IDS) tool based on Snort to detect DDoS. The proposed tool will alert the network administrator regarding any attack for any possible resources and the nature of the attack. Also, it suspends the attacker for some time to allow the network admin to implement a fall back plan. As Snort is an open source system, modifying different parameters of the system showed a significant aid in not only detection of DDoS, but also reduction the time for the down time of the network. The proposed tool helps minimize the effect of DDoS by detecting the attack at very early stage and by altering with various parameters which facilitates easy diagnose of the problem.