0

Is there any difference between the DDoS attack in the cloud computing and traditional network in infrastructure?

What are the important features for detection these types of attack in cloud computing environment?

My Ph.D research is about building a model to detect DDoS in the cloud environment. I, therefore, using a classification method. In my method, I trained the naïve base classifier with traditional network infrastructure dataset and test it on the cloud dataset. But the classifier misclassifies some sort of DDoS attack. For example, Smarf attack in the non-cloud dataset is misclassified as UDP attack in the cloud dataset, or normal traffic in the cloud dataset is more similar to the Ping-of-Death attack in the non-cloud dataset

Anders
  • 64,406
  • 24
  • 178
  • 215
Roja
  • 11
  • 1
  • 3
    The cloud is just a fancy way of renting other peoples infrastructure. So… no. – Tobi Nary Sep 11 '17 at 15:22
  • Hey guys, don't trash this question because if your server is hosted in AWS using CloudFlare, then the DDOS prevention tools available to you are very different from a Windows box in your livingroom. – Mike Ounsworth Sep 11 '17 at 18:15
  • @MikeOunsworth still, that's "traditional network in infrastructure". Let it be software defined networking, GEO-based loadbalancing, scrubbing and sinkholing: nothing quite different from "traditional" large scale infrastructure. – Tobi Nary Sep 11 '17 at 18:58
  • @SmokeDispenser Good, so please post an informative answer to this commonly asked question :) – Mike Ounsworth Sep 11 '17 at 19:05

2 Answers2

1

I'm going to have to disagree with the other responders. There are a variety of differences that could theoretically matter. Note that none of these are guaranteed, just that they COULD.

  • Your adversary is probably also able to use the cloud and scale up the attack in a much more cost-effective manner.
  • Some advanced adversaries could attempt something along the lines of a side channel attack. For example, if you are known to operate in a specific region or datacenter, they could attempt to choke out your available resources.
  • As a DDOS victim in the cloud, you could end up experiencing the pain of the attack in two different ways: one, unavailability, but the second, increased cost of resources to handle the attack.
  • As a DDOS victim in the cloud, you may be able to better cope with an attempted DDOS, because you may have easier access to resources that can scale with the attack. For example, you could more easily scale up your infrastructure, you are likely to have greater bandwidth, and you can more easily add new security "devices" into your traffic flows.

On the other hand, detection varies little. There's no silver bullet, no automatic answer. It's an active area for academic research. However, because you don't typically don't operate the full stack of your network infrastructure in the cloud, the cloud service provider has an interest in helping you deal with these threats. They may provide tools, documentation, or support to a bit to help with detection. Consult your provider, but as one example, AWS has some suggestions on how to use its tools for DDOS mitigation here: https://aws.amazon.com/answers/networking/aws-ddos-attack-mitigation/

Jesse K
  • 1,068
  • 6
  • 13
0

As @SmokeDispenser commented, there is no difference between your own infrastructure and a cloud service; the only difference is who owns it.

Many cloud service providers will attempt to prevent DDoS attacks, or at least let you know when your site is experiencing one.

Academiphile
  • 245
  • 1
  • 6