1

A confidence-based filtering method for DDoS attack defense in

cloud environment

Cloud Computingdata centre

+

resource shared using virtualization

+

elastic

+

on demand and instant service

+

billing as utility

Denial of Service Attack

Server

Legitimate UserLegitimate User

Legitimate User

Legitimate User

Legitimate UserATTACKER

Distributed Denial of Service Attack(DDoS)

Tools and Techniques• Language : R-Language

• Softwares used:

WireShark

Rx64 3.1.1

• Environment : Cloud

6

CBF: Attributes of TCP/IP Header

TCP HeaderIP Header

Correlation Characteristic

Confidence-Based Filtering (CBF)

9

Confidence Value and Nominal Profile• Confidence is the frequency of appearances of attributes in the

packet flows

• Confidence for attribute pairs:

where i1=1,2,3,…,n

i2=1,2,3,…,n

j1=1,2,3,…,m1

j2=1,2,3,…,m2

• These values are then used for the generation of nominal profile.

10

CBF Score• CBF score for a packet is the weighted average of the confidence of

the attribute value pairs in it.

11

Discarding strategy• We use CBF scores to distinguish attack packets from legitimate

ones.

• The legitimate packet in CBF has CBF score above the discarding threshold.

Attacker Zombie Server

Possibilities of extension• The project can be extended by using other attributes.

• Also, other types of correlation characteristics can be thought of.

THANK YOU!!