Acta Informatica Pragensia 2025, 14(1), 1-25 | DOI: 10.18267/j.aip.2483123
Cloud Survivability Scenarios Under Attacks With and Without Countermeasures
- 1 Département d’Informatique, Faculté des Sciences Exactes, Université de Bejaia, Bejaia, Algeria
- 2 Laboratoire LAMIE, Faculté des Mathématiques et d’Informatique, Université de Batna 2, Batna, Algeria
Background: Despite its increasing importance, cloud computing is vulnerable to Distributed Denial of Service (DDoS) attacks, affecting data centre availability and functionality. Unfortunately, the impact of these attacks on cloud survivability remains underexplored. Most works overlook long-term resilience and lack comprehensive metrics, in-depth simulation, large-scale experiments, and combined attack and defence scope.
Objective: This study investigates the survivability of cloud environments under DDoS attacks in extreme cases, involving intensive attacks leading to cloud failure. By simulating worst-case scenarios, including thousands of attacks on large-scale clouds with and without countermeasures, we assess cloud resilience and identify the limitations of existing defences.
Methods: We conduct extensive simulations using NetLogo, modelling a cloud environment subjected to SYN flood, smurf, UDP flood, HTTP flood and malformed packet attacks. We evaluated the impact of attacks individually and in combinations, both with and without countermeasures. Each simulation involves request exchanges between end user nodes and data centres using an appropriate algorithm. We varied parameters like the number of data centres, malicious nodes, and the types and rate of attacks.
Results: The study analyses cloud resilience in terms of message delivery, available data centres, and functional node ratios, as well as tolerance and breakage thresholds. Findings indicate that cloud systems can tolerate a certain level of DDoS attack density where data centres remain accessible even without countermeasures. However, the latter greatly enhances cloud security, although their performance may decrease dramatically under extreme conditions. This highlights the importance of optimizing countermeasures, especially to handle high-intensity attacks.
Conclusion: This study provides valuable insights for cloud managers to enhance resilience and face sophisticated DDoS attacks. While current countermeasures offer initial mitigation, they are insufficient against complex and combined threats. Thus, future research should focus on developing robust, multi-layered defence mechanisms and providing data centre duplication to ensure service availability.
Keywords: Cloud environment; Cloud survivability; Distributed denial of service attacks; DDoS; Countermeasure; Attack tolerance; Data centres.
Received: April 16, 2024; Revised: September 19, 2024; Accepted: September 27, 2024; Prepublished online: September 28, 2024; Published: January 31, 2025 Show citation
References
- Agrawal, N., & Tapaswi, S. (2019). Defense Mechanisms against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research Challenges. IEEE Communications Surveys and Tutorials, 21(4), 3769-3795. https://doi.org/10.1109/COMST.2019.2934468
Go to original source...
- Ahmad, W., Rasool, A., Javed, A. R., Baker, T., & Jalil, Z. (2022). Cyber Security in IoT-Based Cloud Computing: A Comprehensive Survey. Electronics, 11(1), 16. https://doi.org/10.3390/electronics11010016
Go to original source...
- Alosaimi, W., Alshamrani, M., & Al-Begain, K. (2016). Simulation-Based Study of Distributed Denial of Service Attacks Counteract in the Cloud Services. In 2015 9th International Conference on Next Generation Mobile Applications, Services and Technologies. IEEE. https://doi.org/10.1109/NGMAST.2015.50
Go to original source...
- Balobaid, A., Alawad, W., & Aljasim, H. (2016). A study on the impacts of DoS and DDoS attacks on cloud and mitigation techniques. In 2016 International Conference on Computing, Analytics and Security Trends (CAST), (pp. 416-421). IEEE. https://doi.org/10.1109/CAST.2016.7915005
Go to original source...
- Bouyeddou, B., Harrou, F., Kadri, B., & Sun, Y. (2021). Detecting network cyber-attacks using an integrated statistical approach. Cluster Computing, 24(2), 1435-1453. https://doi.org/10.1007/s10586-020-03203-1
Go to original source...
- Corrêa, J. H., Ciarelli, P. M., Ribeiro, M. R. N., & Villaça, R. S. (2021). Ml-based ddos detection and identification using native cloud telemetry macroscopic monitoring. Journal of Network and Systems Management, 29, 1-28. https://doi.org/10.1007/s10922-020-09578-1
Go to original source...
- Devi, B. S. K., & Subbulakshmi, T. (2021). Cloud DDoS detection and defense system using complex event processing. In Proceedings - 5th International Conference on Intelligent Computing and Control Systems, ICICCS 2021, (pp. 118-128). IEEE. https://doi.org/10.1109/ICICCS51141.2021.9432102
Go to original source...
- Ferretti, L., Magnanini, F., Andreolini, M., & Colajanni, M. (2021). Survivable zero trust for cloud computing environments. Computers & Security, 110, 102419. https://doi.org/10.1016/j.cose.2021.102419
Go to original source...
- Gupta, B. B., & Badve, O. P. (2017). Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment. Neural Computing and Applications, 28(12), 3655-3682. https://doi.org/10.1007/s00521-016-2317-5
Go to original source...
- Kanniga Devi, R., Gurusamy, M., & Vijayakumar, P. (2020). An Efficient Cloud Data Center Allocation to the Source of Requests. Journal of Organizational and End User Computing, 32(3), 23-36. https://doi.org/10.4018/JOEUC.2020070103
Go to original source...
- Khandare, H., Jain, S., & Doriya, R. (2023). A Survey on HTTP Flooding-A Distributed Denial of Service Attack. In Pervasive Computing and Social Networking (pp. 39-52). Springer. https://doi.org/10.1007/978-981-19-2840-6_4
Go to original source...
- Liu, Q., & Xing, L. (2021). Survivability and vulnerability analysis of cloud RAID systems under disk faults and attacks. International Journal of Mathematical, Engineering and Management Sciences, 6(1), 15. https://doi.org/10.33889/IJMEMS.2021.6.1.003
Go to original source...
- Mishra, A., Gupta, N., & Gupta, B. B. (2021). Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller. Telecommunication Systems, 77(1), 47-62. https://doi.org/10.1007/s11235-020-00747-w
Go to original source...
- Mthunzi, S. N., & Benkhelifa, E. (2017). Survivability analogy for cloud computing. In 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), (pp. 1056-1062). IEEE. https://doi.org/10.1109/AICCSA.2017.219
Go to original source...
- Nsabimana, T., Bimenyimana, C. I., Odumuyiwa, V., & Hounsou, J. T. (2020). Detection and prevention of criminal attacks in cloud computing using a hybrid intrusion detection systems. In Intelligent Human Systems Integration 2020, IHSI 2020, (pp. 667-676). Springer. https://doi.org/10.1007/978-3-030-39512-4_103
Go to original source...
- Ogwara, N. O., Petrova, K., & Yang, M. L. (2022). Towards the development of a cloud computing intrusion detection framework using an ensemble hybrid feature selection approach. Journal of Computer Networks and Communications, 2022, 1-16. https://doi.org/10.1155/2022/5988567
Go to original source...
- Osanaiye, O., Choo, K. K. R., & Dlodlo, M. (2016). Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework. Journal of Network and Computer Applications, 67, 147-165. https://doi.org/10.1016/j.jnca.2016.01.001
Go to original source...
- Potluri, S., Mangla, M., Satpathy, S., & Mohanty, S. N. (2020). Detection and Prevention Mechanisms for DDoS Attack in Cloud Computing Environment. In 2020 11th International Conference on Computing, Communication and Networking Technologies, ICCCNT 2020. IEEE. https://doi.org/10.1109/ICCCNT49239.2020.9225396
Go to original source...
- Raja Sree, T., & Mary Saira Bhanu, S. (2020). Detection of HTTP flooding attacks in cloud using fuzzy bat clustering. Neural Computing and Applications, 32(13), 9603-9619. https://doi.org/10.1007/s00521-019-04473-6
Go to original source...
- Shah, S. Q. A., Khan, F. Z., & Ahmad, M. (2022). Mitigating TCP SYN flooding based EDOS attack in cloud computing environment using binomial distribution in SDN. Computer Communications, 182, 198-211. https://doi.org/10.1016/j.comcom.2021.11.008
Go to original source...
- Sultana, S., Nasrin, S., Lipi, F. K., Hossain, M. A., Sultana, Z., & Jannat, F. (2019). Detecting and Preventing IP Spoofing and Local Area Network Denial (LAND) Attack for Cloud Computing with the Modification of Hop Count Filtering (HCF) Mechanism. In 2019 International Conference on Computer, Communication, Chemical, Materials and Electronic Engineering (IC4ME2). IEEE. https://doi.org/10.1109/ic4me247184.2019.9036507
Go to original source...
- Varma, S. A., & Reddy, K. G. (2021). A Review of DDoS Attacks and its Countermeasures in Cloud Computing. In 2021 5th International Conference on Information Systems and Computer Networks, ISCON 2021. IEEE. https://doi.org/10.1109/ISCON52037.2021.9702388
Go to original source...
- Velliangiri, S., Karthikeyan, P., & Vinoth Kumar, V. (2021). Detection of distributed denial of service attack in cloud computing using the optimization-based deep networks. Journal of Experimental and Theoretical Artificial Intelligence, 33(3), 405-424. https://doi.org/10.1080/0952813X.2020.1744196
Go to original source...
- Wani, A. R., Rana, Q. P., Saxena, U., & Pandey, N. (2019). Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques. In 2019 Amity International Conference on Artificial Intelligence (AICAI), 870-875. https://doi.org/10.1109/AICAI.2019.8701238
Go to original source...
- Xu, Y., Deng, G., Zhang, T., Qiu, H., & Bao, Y. (2021). Novel denial-of-service attacks against cloud-based multi-robot systems. Information Sciences, 576, 329-344. https://doi.org/10.1016/j.ins.2021.06.063
Go to original source...
- Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys and Tutorials, 18(1), 602-622. https://doi.org/10.1109/COMST.2015.2487361
Go to original source...
- Zhao, X. (2017). Study on DDoS attacks based on DPDK in cloud computing. In 2017 3rd International Conference on Computational Intelligence & Communication Technology (CICT), (pp. 1-5). IEEE. https://doi.org/10.1109/CIACT.2017.7977325
Go to original source...
This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.