DDoS Mitigation in Eucalyptus Cloud Platform Using Snort and Packet Filtering — IP-Tables

Abstract

Cloud Computing is technologically the emerging trend of providing computational resources on demand, may that be storage, network or computation, it encompasses all. The resources can be provided by private, public or a hybrid cloud. Cloud computing is the future of computing and is struggling with the concern of security. Among all security concerns, the Distributed Denial of Service (DDoS) attack is one of the biggest threats to both Internet Security and to Cloud as well. A sizable amount of bots is indulged in the creation of DDoS attacks on a Cloud target by flooding them with malformed packets to exhaust the resources. On the other hand, Economic Denial of Sustainability (EDoS) is a new threat to Cloud security which exploits the cloud elasticity and auto-scaling features and charges the user way too high; thus making economically a theft in it. Public cloud is less prone to attacks as they have inbuilt load balancers and mitigation setups. A private cloud like Eucalyptus is more vulnerable to DDoS attacks as they have lesser defense setups. To overcome these issues we propose a system of DDoS mitigation using Snort for DDoS detection and Packet Filtering IP-Tables in Private cloud set up of Eucalyptus. It acts as our defensive front. This way, our cloud gets saved from DDoS attack without it being burdened with the excess traffic.