Minimizing Financial Cost of DDoS Attack Defense in Clouds with Fine-Grained Resource Management

Publisher:
IEEE COMPUTER SOC
Publication Type:
Journal Article
Citation:
IEEE Transactions on Network Science and Engineering, 2020, 7, (4), pp. 2541-2554
Issue Date:
2020-10-01
Filename Description Size
Minimizing Financial Cost.pdfPublished version1.69 MB
Adobe PDF
Full metadata record
As the cloud systems gain in popularity, they suffer from cyber attacks. One of the most notorious cyber attacks is Distributed Denial of Service (DDoS) attack, which aims to drain the system resources so that the system becomes unresponsive to the genuine users. DDoS attack and defense essentially revolve around resource competition. Many efforts have been made from the perspective of resource investment and management. However, these defending schemes assume that the resources available to defend the attacks are unlimited without taking the financial cost into account. Such coarse-grained defense strategies could cause the problem of resource overprovisioning, which would incur unwanted extra costs to the defender. To tackle this issue, we systematically investigate the problem and propose a birth-death-based fine-grained resource management mechanism, which can both scale in/out and scale down/up. That is, the proposed mechanism adaptively selects the optimal resource leasing mode for cloud service customers so that they can defeat the DDoS attack with minimal financial cost. Extensive analyses and empirical data-based experiments are conducted. The results show both the effectiveness and efficiency of the proposed approach. Comparing to existing work, our proposal can averagely save 53.58% (up to 93.75%) of the cost for the attack defense.
Please use this identifier to cite or link to this item: