DDoS Attacks in Cloud Computing: Issues, Taxonomy, and Future Directions

TL;DR

This paper provides a comprehensive survey of DDoS attack issues in cloud computing, including characterization, detection, mitigation, and future research directions, emphasizing the need for utility-aware, multi-layer defense solutions.

Contribution

It offers a novel taxonomy of DDoS mitigation solutions and guidelines for designing effective defense mechanisms tailored for cloud environments.

Findings

Highlighting the importance of auto-scaling and multi-layer mitigation.

Identifying key metrics for evaluating DDoS solutions.

Emphasizing the need for resource-aware defense strategies.

Abstract

Security issues related to the cloud computing are relevant to various stakeholders for an informed cloud adoption decision. Apart from data breaches, the cyber security research community is revisiting the attack space for cloud-specific solutions as these issues affect budget, resource management, and service quality. Distributed Denial of Service (DDoS) attack is one such serious attack in the cloud space. In this paper, we present developments related to DDoS attack mitigation solutions in the cloud. In particular, we present a comprehensive survey with a detailed insight into the characterization, prevention, detection, and mitigation mechanisms of these attacks. Additionally, we present a comprehensive solution taxonomy to classify DDoS attack solutions. We also provide a comprehensive discussion on important metrics to evaluate various solutions. This survey concludes that there is a strong requirement of solutions, which are designed keeping utility computing models in mind. Accurate auto-scaling decisions, multi-layer mitigation, and defense using profound resources in the cloud, are some of the key requirements of the desired solutions. In the end, we provide a definite guideline on effective solution building and detailed solution requirements to help the cyber security research community in designing defense mechanisms. To the best of our knowledge, this work is a novel attempt to identify the need of DDoS mitigation solutions involving multi-level information flow and effective resource management during the attack.