CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

New Approach to Mitigate XML-DOS and HTTP-DOS Attacks for Cloud Computing

by Reza Manouchehri Sarhadi, Vahid Ghafori
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 72 - Number 16
Year of Publication: 2013
Authors: Reza Manouchehri Sarhadi, Vahid Ghafori
10.5120/12579-9201

Reza Manouchehri Sarhadi, Vahid Ghafori . New Approach to Mitigate XML-DOS and HTTP-DOS Attacks for Cloud Computing. International Journal of Computer Applications. 72, 16 ( June 2013), 27-31. DOI=10.5120/12579-9201

@article{ 10.5120/12579-9201,
author = { Reza Manouchehri Sarhadi, Vahid Ghafori },
title = { New Approach to Mitigate XML-DOS and HTTP-DOS Attacks for Cloud Computing },
journal = { International Journal of Computer Applications },
issue_date = { June 2013 },
volume = { 72 },
number = { 16 },
month = { June },
year = { 2013 },
issn = { 0975-8887 },
pages = { 27-31 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume72/number16/12579-9201/ },
doi = { 10.5120/12579-9201 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:38:06.315642+05:30
%A Reza Manouchehri Sarhadi
%A Vahid Ghafori
%T New Approach to Mitigate XML-DOS and HTTP-DOS Attacks for Cloud Computing
%J International Journal of Computer Applications
%@ 0975-8887
%V 72
%N 16
%P 27-31
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Moving towards Cloud Computing is accelerating and businesses are trying to present their software in the cloud. Cloud uses SOA and web services to present always accessible services which raise up threats and vulnerabilities. Users need to access Cloud from anywhere and this availability comes from presenting services as Web Service over the Internet. Web service in Cloud Computing specially in SaaS plays an important role to present business functionality. Web services are intended to be accessible from different places and applications. It leads to evolve some vulnerabilities which have to be seriously considered. One of major vulnerabilities is DDoS attack based on HTTP protocol and XML technology called HTDOS and XDOS which works on layer 7 OSI model and can easily pass through firewalls and take down the server. In the paper we develop a Cloud defender system called CSQD (Cloud Service Queuing Defender) to detect and mitigate XML vulnerabilities in web services. CSQD also applies a traceback solution to discover origin of attack. CSQD system is a self-learner system which means if an attack successfully brings down the server the CSQD finds the malicious request and adds it to its database to stop the same future attacks. Our results show that CSQD is effective and efficient in detecting and mitigating most of DoS attacks.

References
  1. Peter Mell, Timothy Grance. The NIST definition of cloud computing. NIST. [Online] September 2011. http://csrc. nist. gov/publications/nistpubs/800-145/SP800-145. pdf.
  2. definition Software as a Service (SaaS). SearchCloudComputing. [Online] http://searchcloudcomputing. techtarget. com/definition/Software-as-a-Service.
  3. Clinton DSouza, Rafael Santana. Vulnerabilities in SaaS Layer of Cloud Computing. s. l. : Arizona State University, 2012.
  4. Page, Scott. Cloud Computing-Availability. SlideShare. [Online] http://www. slideshare. net/s2page/cloud-computing-availability-8517731.
  5. Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. Ashley Chonka, Yang Xiang n, Wanlei Zhou, Alessio Bonti. 2011, Elsevier, pp. 1097–1107.
  6. Protection against Denial of Service and Input Manipulation Vulnerabilities in Service Oriented Architecture. Alwyn Roshan Pais, Deepak D. J. , and B. R. Chandavarkar. Chennai ,India : Springer, 2011. Advances in Network Security and Applications. pp. 331–343.
  7. Defense of DDoS Attack for Cloud Computing. Lanjuan Yang, Tao Zhang, Jinyu Song, JinShuangWang, Ping Chen. Zhangjiajie, China : IEEE, 2012. Computer Science and Automation Engineering (CSAE). pp. 626-629.
  8. A Comber Approach to Protect Cloud Computing against XML DDoS and HTTP DDoS attack. Tarun Karnwal, T. Sivakumar, G. Aghila. Bhopal : IEEE, 2012. Electrical, Electronics and Computer Science (SCEECS). pp. 1-5.
  9. T. Erl, Service-Oriented Architecture (SOA): Concepts, Technology, and Design, Prentice Hall, 2005
  10. J. B. ,. A. G. Rajkumar Buyya, Cloud Computing: Principles and Paradigms, Hoboken, New Jersey: John Wiley & Sons , Inc, 2011.
  11. F. Bowen, "How SOA can ease your move to cloud computing," [Online] Available: http://www-01. ibm. com/software/solutions/soa/newsletter/nov09/article_soaandcloud. html.
  12. CCNA Security Course booklet version1. 0, Indianapolis: Cisco Press, 2010
  13. M. Harwood, Security Strategies in Web Applications and Social Networking, Jones & Bartlett Learning,LLC, 2011
  14. P. Dinham, "Denial-of service attacks vulnerability increases with the cloud," 29 Januaury 2013. [Online] Available: http://www. itwire. com/business-it-news/security/58480-denial-of-service-attacks-vulnerability-increases-with-the-cloud.
  15. Elisa Bertino, Lorenzo D. Martino , Federica Paci ,Anna C. Squicciarini. 2010. Security for Web Services and Service-Oriented Architectures. s. l. : Springer, 2010.
  16. Harwood, Mike. 2011. Security Strategies in Web Applications and Social Networking. s. l. : Jones & Bartlett Learning,LLC, 2011.
Index Terms

Computer Science
Information Sciences

Keywords

Cloud Computing SaaS XDoS HDoS DDoS

Powered by PhDFocusTM