An Enhanced Economical Denial of Sustainability Mitigation System for the Cloud

In the cloud era, security has become a renewed source of concerns. Distributed Denial of Service (DDoS) and the Economical Denial of Sustainability (EDoS) that can affect the pay-per-use model, which is one of the most valuable benefits of the cloud, can again become very relevant especially with the introduction of new policies in enterprises such as the "Bring Your Own Device" (BYOD). Therefore, this paper presents a novel framework called Enhanced DDoS-Mitigation System (Enhanced DDoS-MS) which is a step further of our previous framework (DDoS-MS) that can be used to encounter EDoS attacks by testing the first packet from the source of requests (legitimate or malicious) to establish the legitimacy of the source using a Graphical Turing Test (GTT). It differs from the (DDoS-MS) in several aspects such as the using of puzzles as a reactive step, replacing the overlay filtering system by the Reverse Proxy in hiding the location of the protected servers, and changing the method of verifying the users in a way that can encounter the persistent attackers. To achieve this, it monitors the remaining packets using an Intrusion Prevention System (IPS) and a Reverse Proxy (RP) server. Then it delays the requests of the suspicious users using Crypto Puzzles. The novelty of the proposed framework lies in decreasing the end-to-end latency for the legitimate user by testing only their first packet. We use a layered defence system that checks the legitimacy of the users, their packets\´ integrity, and their traffic rate. Moreover, the proposed framework intends to hide the location of the protected servers to enhance their security.