A new form of DOS attack in a cloud and its avoidance mechanism

Abstract

Data center networks are typically grossly under-provisioned. This is not a problem in a corporate data center, but it could be a problem in a shared infrastructure, such as a co-location facility or a cloud infrastructure. If an application is deployed in such an infrastructure, the application owners need to take into account the infrastructure limitations. They need to build in counter-measures to ensure that the application is secure and it meets its performance requirements. In this paper, we describe a new form of DOS attack, which exploits the network under-provisioning in a cloud infrastructure. We have verified that such an attack could be carried out in practice in one cloud infrastructure. We also describe a mechanism to detect and avoid this new form of attack.