EDoS Armor: A cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments

The promise of pay-as-you-go and scalable model of Cloud Computing has attracted a large number of medium and small enterprises to adopt E-Commerce model of conducting on-line businesses. While E-Commerce applications on the Cloud expand businesses by making them more widely accessible, they also makes these applications susceptible to economic denial of sustainability attacks - a form of application layer DDoS attack that drive up the cost of Cloud computing by using up application resources. This paper focuses on detection and mitigation of EDoS for E-Commerce based applications. EDoS is different from traditional DDoS in that, the intention of the latter is to consume all the resources (like memory, bandwidth, CPU etc) of the Web Server thus making it unavailable to its legitimate users. EDoS on the other hand is caused by malicious users who are not interested in following the regular workflow of an E-commerce application by purchasing items but by employing it for their own purposes of entertainment, price-checks and idle surfing. We have a twofold solution, (i) admission control and (ii) congestion control. In the first, we limit number of clients that can simultaneously send requests, thus allowing only enough clients that can be served easily within available resources on the Web server. In the second, we change the priority of allowed clients based on the type of resources they visit and type of activities they perform, thus making the maximum resources available to good clients. We have integrated and evaluated this solution in a Web Application Firewall and found it quite effective in term of resources distribution among clients ranging from good and bad clients.