Question

Please, No Plagiarism must be in your own words

Please explain Counter Methods for DDoS Attacks

Co-operative Intrusion Detection System

Cloud Trace Back Model (CTB) and Cloud Protector

Confidence Based Filtering (CBF) Approach

CLASSIE Packet Marking Approach

Filtering Tree Approach

Information Theory Based Metrics Method

Answer 1

Distributed denial of service (DDoS) attacks will occure in cloud computing environment which causes threats to create the online data unobtainable by readdressing irresistable traffic from several sources.

Co-operative Intrusion Detection System:

In this type of system, th intrusion detection system(IDS) will compare the type of expected packet with the block table which is presented in that system. If a match is found, then the packet is released immediately. If no match is found, but detected as anomalous then there is an alert notice sent to all other IDS's. Each ID interchange alerts to check whether the alert is true or false using majority vote method. If the alert is true, then it is noted in block table to avoid any other attacks of this type in future.

Cloud Trace Back Model(CTB) and Cloud Protector:

The Cloud trace back model is used to identify from where the DDoS attacks are coming and so is placed before the web server to avoid direct attacks. Cloud protector helps to distinguish and filter the attacks to avoid them in future. CTB is based on distributed packet marking algorithm and cloud protector is based on back propagation neural network.

Confidence Based Filtering(CBF) Approach:

This type of approach is used to prevent the DDoS attacks at transport and network layer of cloud environment. A packet is divided in to non-attack period and attack period. If it is in non-attack period it extracts the attribute pairs from the packets in their headers and then the confidence value is calculated and updates in the nominal profile of the users. If the packet is in attack period, then it looks up for it in the nominal profile value and confidence value is compared with CBF score which is calculated by the weighted average of confidence values of attribute pairs in it . If the CBF score is higher than the threshold valuee then the packet is allowed to pass or else it will discard it.

CLASSIE Packet Marking Approach:

CLASSIE approch is based on the decision tree classification system which prevents the attacks. CLASSIE is given a rules set to identify the malicious packets and it is placed in the one-hop distant from the host. The reconstruction and drop system which is placed one-hop back from the victim makes the decision whether to allow the packet or drop it.

Filtering Tree Approach:

This approch is used to prevent the attacks in application layer of cloud environment. It has a cloud defender filter which attacks the packets with five filters i.e.,,sensor filter, hop count filter, IP frequency divergence filter, puzzle resolve filter and double signature filter. The IP address of the client request is compared with the IP addresses in its storage table. If a match is found then the packet is discarded or else it is passes to the cloud defender. This approch will not work in the transprot and application layer of cloud environment.

Information Theory Based Metrics Method:

This method works on the basis of behaviour of the web user and uses the concept of entropy. This method undergoes two phases. In first phase i.e., behaviour monitoring phase the normal behaviour of the web user is idetentified and the entropy value for requests is calculated per session and a trust score is given to each user. During the second phase i.e., behaviour detection phase the entropy value for each request is calculated and is compared with the threshold value. If this entropy value exceeds the threshold value then the packed is regarded as malicious and will be discarded. If the entropy value is less than the threshold, then based on the trust score of the user the rate delimiter restricts the access of the user. This method is easy to implement and has low false packet rejection rate.