Detection and Mitigation of IP Spoofing and SYN Flooding DDoS Attacks in Cloud Computing

Denial of Distributed Services (DDoS) is one of the significant threats to cloud computing. The attacker can affect the machine’s availability, and traditional defense strategies are difficult to apply to cloud computing due to their poor availability and high storage requirements. There are multiple different types of DDoS attacks such as IP Spoofing, SYN flooding, smurf, buffer overflow, ping of death, land and finally, teardrop attack. Among these, SYN Flooding and IP Spoofing are the most common and effective attacks these days. 

This thesis will focus on implementing a security algorithm to improve the two most common DDoS attacks in cloud computing. First, we will implement a simple detection mechanism using operating system fingerprinting for IP Spoofing and Confidence-Based Filtering pattern recognition with timestamp parameters for SYN Flooding attacks. After an attack is detected, a simple shared cloud-based database is updated for both legitimate connection and illegitimate connection for mitigation purposes. To mitigate an IP Spoof attack, source IP address filtering is used to allow only traffic with legitimate source IP addresses to access the network. For the purpose of mitigating SYN Flooding attacks, a prevention technique is used to classify the attack sources and discard traffic from such sources. In a secure cloud environment, we test our proposed algorithm and literature security methods for better comparison. The result shows that our proposed algorithm has counter literature methods drawbacks and allowed a more legitimate connection with less error.