Cloud computing has become one of the most promising technologies for the future of IT industry due to its benefits for business. Many organizations are willing to employ this technology for hosting their services in order to achieve economies of scale, reduce spending on technology infrastructure, streamline processes, reduce capital costs, improve the performance, availability, accessibility, and flexibility. However, the level of security provided by a cloud computing service model has been specified as the biggest challenge facing the cloud services providers and a major concern for the cloud services customers. Cloud computing has attractive features such as elasticity, auto scaling, and utility computing. These features could help the adopters to minimize their operating costs and maximize resource utilization. However, if the attackers take the advantage of these features and launch a Distributed Denial of Service (DDoS) attack on the cloud computing resources, DDoS attack will be diverted to a new strain of attack called Economic Denial of Sustainability (EDoS) attack. An EDoS attack occurs when attack machines send a huge amount of service requests to the cloud computing servers, exploiting the elasticity and auto scaling features of the cloud, to charge a cloud adopter’s bill an exorbitant extra amount of costs due to the pay per use model of the cloud, leading to large scale service withdraw or bankruptcy.
In this work, we study several existing mitigation techniques for the EDoS attack and state their major drawbacks. Then, a new reactive approach, implemented at the cloud provider’s end, is proposed to mitigate such attacks taking into account most of the drawbacks of the existing mitigation techniques. Through the proposed technique, limited access permission for cloud services is granted to each user based on different factors such as Graphics Turing Test (GTT), Uniform Resource Locator (URL) redirection technique, Trust Factor (TF), and Maximum Requests Per Second (MRPS). Initially, the proposed technique will monitor the auto scaling feature and the auto scaling thresholds to detect if there is an EDoS attack. Once an attack behavior is detected, the cloud service will trigger a checking component for differentiating between legitimate users and automated attackers (Zombies). Subsequently, the traffic or requests generated by an automated attacker will be dropped while the legitimate users’ requests will be directed to the cloud servers. The proposed approach has the ability to identify the legitimacy of clients behind a Network Address Translation (NAT) router and avoid blocking an entire NAT-based network that may hosts legitimate clients from accessing the cloud servers. The effectiveness of the proposed mitigation technique is evaluated using CloudSim simulator. In addition, we conduct a comparison between our new approach and the EDoS-Shield technique. The simulation results show that the proposed technique successfully differentiates the legitimate and attacker clients. Moreover, the proposed technique outperforms the existing techniques especially when those clients belong to the same NAT-based network. In addition, the results show that the EDoS attacks will not force auto scaling of the cloud service when implementing the proposed technique at the cloud service provider end.