An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments

Today, the providers of cloud computing services are among the most prominent service suppliers worldwide. Availability of cloud services is one of the most important concerns of cloud service providers (CSPs) and cloud users (CUs). Distributed Denial of Service (DDoS) attacks are common types of security issues which affect cloud services and consequently, can lead to unavailability of the services. Therefore, reducing the effects of DDoS attacks helps CSPs to provide high quality services to CUs. In this paper, first, we propose an anomaly-based DDoS attack detection framework in cloud environment using a third party auditor (TPA). Second, we provide multiple basic assumptions and configurations of cloud environments for establishing simulation tests to evaluate our proposed framework. Then, we provide results of simulation tests to analyze the feasibility of our approach. Simulation results demonstrate that our method for detecting DDoS attacks in CSPs has following advantages: efficiency, because of the low overhead of computations on CSPs for attack detection; rapid, due to informing a CSP about an attack in a short course of time regarding the maximum valid response time which is defined in a service level agreement (SLA); and precision, through no false positive detection as well as a low rate of false negative detection which is < 2% of all scenarios of the simulation tests. Finally, we present a table to compare characteristics of our framework with other ones in the literature.