Controlled Virtual Resource Access to Mitigate Economic Denial of Sustainability (EDoS) Attacks Against Cloud Infrastructures

Service providers of the cloud have witnessed a rapidly growing demand to provide services to end-users in a timely manner. Security vulnerabilities against the cloud infrastructure cannot be overlooked. Through exploitation of such weaknesses, the adversary class may disrupt routine cloud operations, and have a debilitating effect on the reputation of the service provider. One attack type specifically affecting cloud services is the Economic Denial of Sustainability (EDoS) attack. Through such a malicious attack, the ability of the service provider to dynamically stretch and accommodate increasing numbers of requests from end-users, is exploited, to make it economically unviable for the service provider to sustain further demand for service from legitimate end-users. In this paper, we propose a novel approach for selectively controlling user requests for service, implemented at the service provider's end. Through this scheme, we reduce i.e mitigate the effects of an imminent EDoS attack against critical cloud resources. Incoming requests are classified into normal or suspicious. Subsequently, further analysis is conducted to ensure that priority to cloud service access is given to those end-users tagged as being legitimate, whereas, suspect users are given lesser priority to service access, until they are eventually removed from the suspect list. Simulations were conducted to study the performance of the scheme, with results showing promise.