Hybrid Zero Trust Container Based Model for Proactive Service Continuity under Intelligent DDoS Attacks in Cloud Environment

Danang Danang; Eko Siswanto; Nuris Dwi Setiawan; Priyo Wibowo

doi:10.62951/ijcts.v2i3.291

Authors

Danang Danang Universitas Sains dan Teknologi Komputer
Eko Siswanto Universitas Sains dan Teknologi Komputer
Nuris Dwi Setiawan Universitas Sains dan Teknologi Komputer
Priyo Wibowo Politeknik Katolik Mangunwijaya

DOI:

https://doi.org/10.62951/ijcts.v2i3.291

Keywords:

Adaptive Bandwidth, AI Based Traffic Profiling, Cloud DDoS Mitigation, Isolation Service Container Based, Zero Trust Architecture

Abstract

Growth rapid computing cloud, especially on academic, government, and service platforms. public, has trigger improvement frequency and complexity Distributed Denial of Service (DDoS) attacks. Intelligent DDoS attacks AI based capable copy pattern Then cross user valid, so that difficult detected and mitigated. The majority approach mitigation moment This nature reactive, no scalable, and tends to sacrifice availability service for authorized users. Research This aiming develop architecture proactive and adaptive defense For ensure continuity service during attack ongoing. Security model proposed hybrid integrating Zero Trust Architecture (ZTA), adaptive bandwidth control, and isolation service container -based. Architecture consists of from three layer Main: (1) ZTA Policy Engine which performs verification identity and assessment behavior through tokens and policies intelligent; (2) Adaptive Bandwidth Load Balancer which automatically dynamic separate and arrange Then cross based on reputation and level trust ; and (3) Containerized Service Cluster which groups request to in different containers For user trusted and not known . Components addition such as blockchain -based smart contracts are used For recording request and verification access , as well as lightweight AI module used for profiling then cross in real-time. Simulation results show that this model succeed increase availability service for user trusted during attack , press false positive rate , as well as optimize allocation source power. Integration of zero trust policies with intelligence Then cross and segmentation service in real-time forming framework effective and scalable defense to modern DDoS threats . In conclusion , the study This contributes a robust , adaptive , and modular architectural model for maintain continuity cloud services in condition network at risk .

References

A. Adi, W. Suhaili, and M. T. Abdullah, "Detection of stealthy HTTP/2 DDoS attack," International Journal of Advanced Computer Science and Applications, vol. 8, no. 12, pp. 103-109, 2017. https://doi.org/10.14569/IJACSA.2017.081213.

M. Alazab, et al., "Machine learning based detection of DDoS attacks," Computers & Security, vol. 97, p. 101851, 2020. https://doi.org/10.1016/j.cose.2020.101851.

A. Alamri and V. Thayananthan, "DDoS attack detection using machine learning and deep learning in cloud computing: A review," Journal of Physics: Conference Series, vol. 1432, no. 1, p. 012030, 2020. https://doi.org/10.1088/1742-6596/1432/1/012030.

M. Alenezi, et al., "A machine learning based model for DDoS attack detection," Computers & Security, vol. 126, p. 103411, 2023. https://doi.org/10.1016/j.cose.2023.103411.

S. Batchu, V. Singh, and R. Kumar, "Hybrid ML approach for early DDoS detection in cloud," Computers & Security, vol. 130, p. 103581, 2024. https://doi.org/10.1016/j.cose.2024.103581.

D. Berman, et al., "Survey of deep learning approaches for cybersecurity," IEEE Access, vol. 7, pp. 135460-135473, 2019. https://doi.org/10.1109/ACCESS.2019.2923790.

S. Chen and Q. Song, "Perimeter-based defense against high bandwidth DDoS attacks," IEEE Transactions on Parallel and Distributed Systems, vol. 16, no. 6, pp. 526-537, 2005. https://doi.org/10.1109/TPDS.2005.69.

Y. Chen, K. Hwang, and S. Ku, "Collaborative detection of DDoS attacks over multiple network domains," IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 12, pp. 1649-1662, 2007. https://doi.org/10.1109/TPDS.2007.1115.

A. de Neira, A. López, and P. Martin, "Zero trust security architectures in modern cloud environment: Challenges and solutions," Computers & Security, vol. 128, p. 103499, 2023. https://doi.org/10.1016/j.cose.2023.103499.

H. Deng, J. Li, and Y. Wang, "DDoS attack detection and mitigation with SDN and machine learning," IEEE Access, vol. 7, pp. 109356-109371, 2019. https://doi.org/10.1109/ACCESS.2019.2933291.

R. Doriguzzi-Corin and D. Siracusa, "Deep learning for zero-day DDoS attack detection," Future Generation Computer Systems, vol. 147, pp. 189-202, 2024. https://doi.org/10.1016/j.future.2023.10.017.

A. Furfaro, et al., "Deep learning based DDoS detection for cloud computing," Future Internet, vol. 12, no. 6, p. 99, 2020. https://doi.org/10.3390/fi12060099.

J. R. Hernandez-Rojas, et al., "LSTM-based detection of DDoS attacks in cloud services," Future Generation Computer Systems, vol. 148, pp. 320-334, 2024. https://doi.org/10.1016/j.future.2023.10.049.

M. Karuppiah, et al., "Secure logging with blockchain," Future Generation Computer Systems, vol. 119, pp. 145-156, 2021. https://doi.org/10.1016/j.future.2021.04.022.

J. Kindervag, "Build security into your Network's DNA: The zero trust network architecture," IEEE Security & Privacy, vol. 13, no. 5, pp. 72-76, 2015. https://doi.org/10.1109/MSEC.2015.35.

R. Kumar and G. Somani, "Container-based security architecture for cloud services," Computers & Security, vol. 112, p. 102464, 2022. https://doi.org/10.1016/j.cose.2021.102464.

R. Kumar and G. Somani, "Adaptive container isolation for proactive DDoS mitigation," Journal of Network and Computer Applications, vol. 206, p. 103613, 2023. https://doi.org/10.1016/j.jnca.2022.103613.

J. Li, et al., "Efficient container based DDoS mitigation in cloud environments," IEEE Access, vol. 7, pp. 109020-109032, 2019. https://doi.org/10.1109/ACCESS.2019.2933065.

J. Li, et al., "Enhancing intrusion detection using advanced machine learning," Journal of Network and Computer Applications, vol. 176, p. 103144, 2021. https://doi.org/10.1016/j.jnca.2021.103144.

Y. D. Lin, et al., "Dynamic defense approach for DDoS attacks," Computer Networks, vol. 52, no. 15, pp. 2908-2922, 2008. https://doi.org/10.1016/j.comnet.2008.06.017.

P. Mittal, et al., "Machine learning models for DDoS detection: A comparative analysis," Computers & Security, vol. 129, p. 103512, 2023. https://doi.org/10.1016/j.cose.2023.103512.

D. Moore, C. Shannon, and J. Brown, "Code-Red: A case study on the spread and victims of an Internet worm," Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, pp. 273-284, 2006. https://doi.org/10.1145/637201.637244.

H. Nguyen and T. Le, "Challenges in DDoS detection for cloud services," Journal of Information Security and Applications, vol. 74, p. 103579, 2023. https://doi.org/10.1016/j.jisa.2023.103579.

A. Nur, "Adaptive rate limiting for DDoS mitigation," International Journal of Advanced Computer Science and Applications, vol. 12, no. 3, pp. 140-148, 2021. https://doi.org/10.14569/IJACSA.2021.0120318.

S. Patidar and G. Somani, "Resource allocation model for DDoS mitigation using SDN in cloud," IEEE Access, vol. 9, pp. 123456-123469, 2021. https://doi.org/10.1109/ACCESS.2021.3101025.

I. Santos, et al., "Opcode sequences for malware detection," Computers & Security, vol. 60, pp. 77-91, 2016. https://doi.org/10.1016/j.cose.2016.09.010.

G. Somani, et al., "DDoS attacks in cloud computing: Issues, taxonomy, and future directions," Computer Communications, vol. 107, pp. 30-48, 2017. https://doi.org/10.1016/j.comcom.2017.03.009.

G. Somani, et al., "Mitigating DDoS attacks using SDN and ML techniques," Future Generation Computer Systems, vol. 79, pp. 317-332, 2017. https://doi.org/10.1016/j.future.2017.09.040.

P. Songa and R. Karri, "Machine learning techniques for DDoS mitigation: Challenges and perspectives," Computers & Security, vol. 130, p. 103602, 2024. https://doi.org/10.1016/j.cose.2024.103602.

C. Valdovinos, et al., "Blockchain-based security framework for IoT and cloud," Journal of Network and Computer Applications, vol. 175, p. 102909, 2021. https://doi.org/10.1016/j.jnca.2020.102909.

S. Vishwakarma and A. Jain, "A survey of DDoS attacks and defense mechanisms in IoT-based smart environments," Journal of Network and Computer Applications, vol. 157, p. 102537, 2020. https://doi.org/10.1016/j.jnca.2020.102537.

A. W. Wahab, et al., "Towards an effective defense mechanism for DDoS in the cloud computing," Journal of Network and Computer Applications, vol. 77, pp. 64-76, 2017. https://doi.org/10.1016/j.jnca.2016.11.013.

X. Wang, et al., "Dynamic bandwidth allocation for DDoS mitigation in cloud environments," Future Generation Computer Systems, vol. 129, pp. 61-74, 2022. https://doi.org/10.1016/j.future.2021.12.022.

O. Yoachimik, "Cloudflare's DDoS attack trends for Q1 2022," Cloudflare Blog, 2022. [Online]. Available: https://blog.cloudflare.com/q1-2022-ddos-attack-trends.

S. Yu, et al., "Distributed denial of service attacks and defense mechanisms: Taxonomy and survey," Computer Networks, vol. 57, no. 1, pp. 202-227, 2013. https://doi.org/10.1016/j.comnet.2012.08.016.

Y. Yu, et al., "A zero-trust architecture model based on behavior analysis," IEEE Access, vol. 7, pp. 36512-36522, 2019. https://doi.org/10.1109/ACCESS.2019.2905013.

Y. Zhang, et al., "Blockchain-based secure logging system for cloud data integrity," Journal of Network and Computer Applications, vol. 168, p. 102731, 2020. https://doi.org/10.1016/j.jnca.2020.102731.

Hybrid Zero Trust Container Based Model for Proactive Service Continuity under Intelligent DDoS Attacks in Cloud Environment

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

Similar Articles

Menu New