Cloud computing refers to storing and accessing data and programs over the Internet instead of a local computer's hard drive. There are three types of cloud deployment models: public clouds which are owned by cloud providers and open to the general public, private clouds which are operated solely for a specific organization, and community clouds which are shared by several organizations. The three main service models of cloud computing are Infrastructure as a Service, Platform as a Service, and Software as a Service. A distributed denial of service (DDoS) attack attempts to make a machine or network resource unavailable by flooding it with traffic from multiple sources. Algorithms like traffic analyzers, entropy profiling, and the Shannon Weiner index are used to detect and analyze DDoS
2. Basic Definition
• When we store your photos online instead of on your home
computer, or use webmail or a social networking site, we are
using a “cloud computing” service. If we are an organization,
and you want to use, for example, an online invoicing service
instead of updating the in-house one we have been using for
many years, that online invoicing service is a “cloud
computing” service. Basically it is on network sharing of
resources.
3. Deployment of cloud services:
• Generally speaking, services provided by a public cloud are
offered over the Internet and are owned and operated by a
cloud provider. Some examples include services aimed at the
general public, such as online photo storage services, e-mail
services, or social networking sites. However, services for
enterprises can also be offered in a public cloud.
• In a private cloud, the cloud infrastructure is operated solely
for a specific organization, and is managed by the organization
or a third party.
• In a community cloud, the service is shared by several
organizations and made available only to those groups. The
infrastructure may be owned and operated by the
organizations or by a cloud service provider
7. Distributed Denial of Service
Attack
• In computing, a denial-of-service (DoS) or distributed denial-
of-service (DDoS) attack is an attempt to make a machine or
network resource unavailable to its intended users.
• Although the means to carry out, the motives for, and targets
of a DoS attack vary, it generally consists of efforts to
temporarily or indefinitely interrupt or suspend services of
a host connected to the Internet.
• As clarification, distributed denial-of-service attacks are sent
by two or more persons, or bots, and denial-of-service attacks
are sent by one person or system. As of 2014, the frequency
of recognized DDoS attacks had reached an average rate of 28
per hour.
9. Traffic Analyzer
Input: Incoming Packets
• Output: Network traffic condition
• BEGIN
• FOR each time period, t
• Packets are logged at traffic analyzer for traffic rate
computation
• IF (Traffic Rate <= Link capacity)
• Alert “Normal (obtuse) Traffic condition”
• ELSE
• Alert “Abnormal (Acute) Traffic condition”
• Forward Packets to Level 2.
• END IF
• END FOR
• END
10. Entropy Profiling
• Input: Buffered packets of traffic analyzer, TRIAL phase
• Output: Cause of overload
• BEGIN
• Buffered packets at traffic analyzer are logged to
• MONITOR phase
• Difference between the phases yields Kullback Leibler
• SET Threshold ()
IF (HD <= Threshold)
• Alert “overload is a cause of legitimate (Flash crowd)”
• ELSE
• Alert “overload is a cause of attack sources (DDoS)”
• END IF
• END
•
11. Shannon Weiner Index
• Shannon Weiner Index is used for detecting level of DDoS.
• IF (DDoS)
• Calculate Index
• Print Level of DDoS
• END IF
• END