Biblio

In today's world the number of consumers of cloud computing is increasing day by day. So, security is a big concern for cloud computing environment to keep user's data safe and secure. Among different types of attacks in cloud one of the harmful and frequently occurred attack is Distributed Denial of Service (DDoS) attack. DDoS is one type of flooding attack which is initiated by sending a large number of invalid packets to limit the services of the victim server. As a result, server can not serve the legitimate requests. DDoS attack can be done by a lot of strategies like malformed packets, IP spoofing, smurf attack, teardrop attack, syn flood attack, local area network denial (LAND) attack etc. This paper focuses on IP spoofing and LAND based DDoS attack. The objective of this paper is to propose an algorithm to detect and prevent IP spoofing and LAND attack. To achieve this objective a new approach is proposed combining two existing solutions of DDoS attack caused by IP spoofing and ill-formed packets. The proposed approach will provide a transparent solution, filter out the spoofed packets and minimize memory exhaustion through minimizing the number of insertions and updates required in the datatable. Finally, the approach is implemented and simulated using CloudSim 3.0 toolkit (a virtual cloud environment) followed by result analysis and comparison with existing algorithms.

Since the performance of bus interconnects does not scale with the number of processors connected to the bus, chip multiprocessors make use of on-chip networks that implement packet switching and virtual channel flow control to efficiently transport data. In this paper, we consider the test and fault-tolerance aspects of such a network-on-chip (NoC). Past work in this area has addressed the communication efficiency and deadlock-free properties in NoC, but when routing externally received data, aspects of security must be addressed. A malicious denial-of-service attack or a power virus can be launched by a malicious external agent. We propose a two-tier solution to this problem, where a local self-test manager in each processing element runs test algorithms to detect faults in local processing element and its associated physical and virtual channels. At the global level, the health of the NoC is tested using a sorting-based algorithm proposed in this paper. Similarly, we propose to handle fault-tolerance and security concerns in routing at two levels. At the local level, each node is capable of fault-tolerant routing by deflecting packets to an alternate path; when doing so, since a chance of deadlock may be created, the local router must be capable of guestimating a deadlock situation, switch to packet-switching instead of flit-switching and attempt to reroute the packet. At the global level, a routing agent plays the role of gathering fault data and provide the fault-information to nodes that seek this information periodically. Similarly, the agent is capable of detecting malformed packets coming from an external source and prevent injecting such packets into the network, thereby conserving the network bandwidth. The agent also attempts to guess attempts at denial-of-service attacks and power viruses and will reject packets. Use of a two-tier approach helps in keeping the IP modular and reduces their complexity, thereby making them easier to verify.