DDOS Mitigation Cloud-Based Service

摘要

Cloud computing has evolved over the last decade from a simple storage service for more complex ones, offering software as a service (SaaS), platforms as a service (PaaS) and most recently security as a service (SECaaS). The work presented in this paper is a response to: (1) the resource constraints in physical security devices such as firewalls or IPS/IDS, that can no more counter advanced DDOS attacks, (2) The expensive cost, management complexity and the requirement of high amount of resources on existing DDOS mitigation tools to verify the traffic. We propose a new architecture of a cloud based firewalling service using resources offered by the Cloud and characterized by: a low financial cost, high availability, reliability, self scaling and easy managing. In order to improve the efficiency of our proposal to face DDOS attacks, we deploy, configure and test our mitigation service using Network Function Virtualization technology (NFV) and other virtualization capabilities. We also detail some result and point out future work.