A Secured Architecture for Mitigating Distributed Denial of Service Attack Integrating Internet of Things and Cloud Computing

Table of Contents

Chapter -I INTRODUCTION

1.1 Internet of Things

1.2 IoT Prognostications

1.3 Definitions on IoT

1.4 Cloud Computing

1.5 Definitions on Cloud Computing

1.6 Working Models of Cloud Computing

1.7 Deployment Models of Cloud Computing

1.8 IoT and Cloud Integration

1.9 Cloud Computing Security

1.10 Distributed Denial of Service

1.11 Taxonomy of Distributed Denial of Service Attack

1.12 Types of DDoS Attack

1.13 Aims and Objectives

1.14 Thesis Structure

Chapter -II REVIEW OF LITERATURE

2.1 Distributed Denial of Service Attack

2.2 Security Architecture for Mitigating Distributed Denial of Service Attack

2.3 Mitigating Approaches for Distributed Denial of Service Attack

2.3.1 Captcha Methods for Mitigating DDoS Attack

2.3.2 Puzzle Approaches for Mitigating DDoS Attack

2.3.3 Optimization Algorithm for Mitigating DDoS Attack

2.3.4 IDPS System for Mitigating DDoS Attack

2.3.5 Firewall Approaches for Mitigating DDoS Attack

Chapter -III A SECURITY ARCHITECTURE FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE(DDOS) ATTACK INTEGRATING INTERNET OF THINGS AND CLOUD COMPUTING

3.1 SMS_FIREWALL_DDoS Proposed Architecture

3.1.1 The Proposed Architecture Scope

3.1.2 Unique Features of the SMS_DDoS Architecture

3.1.3 SMS_DDOS Architecture's Principles and Techniques

3.2 Functional Components of the Proposed Architecture

3.3 CloudIoT Integrated Environment

3.3.1 IoT Things

3.3.2 Sensors

3.3.3 RFID

3.3.4 Sensor Reader

3.3.5 Sensor Networks

3.3.6 Gateway

3.3.7 Devices

3.3.8 MQTT

3.4 CloudIoT Integrated Environment

3.4.1 Cloud Platform

3.5 Secure User and Device Registration

3.6 Smart Mitigating Service

3.6.1 Smart Mitigating Service Firewall

3.6.2 First Verification Process of SMS_Firewall

3.6.2.1 Text Captcha

3.6.2.2 Image Captcha

3.6.2.3 Mathematical Captcha

3.6.2.4 I'm Not A Robot Captcha

3.6.2.5 Malware Detection System

3.6.3 Second Verification Process of SMS _Firewall

3.6.3.1 Jigsaw Image Puzzle

3.6.3.2 Client Puzzle Server

3.6.4 Intrusion Detection and Prevention System

3.6.4.1 Firefly Biological Behavior

3.6.4.2 Proposed CDDOSD and BFFO Model for DDoS Detection

3.6.5 Reverse Proxy

3.7 Functional Descriptions of SMS_ Firewall for DDoS Diagram

3.8 Secure User and Device Authentication

3.9 Secure Transaction between Cloud and Legitimate User

3.10 Functional Components Descriptions of SMS_Firewall for DDoSFlow Diagram

3.11 Sequence Diagram of SMS_Firewall for DDoS Attack

3.11.1 Case Study - 1 : Smart Traffic

3.11.2 Case Study - 2 : Smart Hospital

3.11.3 Case Study - 3 : Smart Agriculture

Chapter IV SECURITY ALGORITHMS

4.1 Secure User and Device Registration Algorithm

4.2 Dynamic Captcha Algorithm

4.2.1 Text Captcha Algorithm

4.2.2 Image Captcha Algorithm

4.2.3 Math Captcha Algorithm

4.2.4 Captcha Algorithm

4.3 Jigsaw Image Puzzle Algorithm

4.4 Binary Firefly Algorithm for Intrusion Detection and Prevention System

4.5 Intrusion Prevention and Traffic Load Balancing

4.6 Method for selecting DominantCloudServer

4.7 Secure Data between Legitimate User and CloudIoT

4.8 Secure User and Device Authentication

4.9 Key generation using ECC

4.10 Significance of the Proposed Algorithm

Chapter V EXPERIMENTAL STUDY AND RESULT ANALYSIS

5.1 Secure User and Device Registration

5.2 OpNet Simulation Tool

5.3 Experimental Setup

5.4 Number of Request received by the Server for HTTP Application

5.5 Response Time for HTTP Applications

5.6 Server Performance

5.7 The average Throughput for HTTP

5.8 Attack Classification and Detection

5.9 Response Time Analysis

5.10 Analysis on Latency

5.11 Analysis on Overall System Throughput

5.12 Comparison of Public Key Cryptosystems

Chapter VI CONCLUSION AND FURTHER RESEARCH DIRECTIONS

Research Objectives and Key Topics

This research aims to design and implement a secure, proactive architecture (the "Smart Mitigating Service Firewall") to mitigate Distributed Denial of Service (DDoS) attacks within Cloud-based Internet of Things (CloudIoT) environments, focusing on ensuring user authenticity and reducing latency for legitimate users.

• Integrated security architecture for CloudIoT environments
• Advanced DDoS mitigation using Dynamic Captcha and Jigsaw Puzzle tests
• Traffic load balancing and optimization via Binary Firefly Algorithms
• End-to-end data security utilizing Elliptic Curve Cryptography (ECC)
• Experimental validation through OpNet simulations for performance and throughput

Excerpt from the Book

Summary of Chapters

Chapter -I INTRODUCTION: Provides background on IoT, Cloud Computing, and current DDoS threats, establishing the motivation and objectives for the research.

Chapter -II REVIEW OF LITERATURE: Examines existing security architectures and DDoS mitigation techniques, identifying gaps and the need for a new integrated approach.

Chapter III A SECURITY ARCHITECTURE FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE(DDOS) ATTACK INTEGRATING INTERNET OF THINGS AND CLOUD COMPUTING: Details the proposed design of the Smart Mitigating Service Firewall and its core components for DDoS mitigation.

Chapter IV SECURITY ALGORITHMS: Explains the mathematical and computational algorithms developed, including Dynamic Captcha, Jigsaw Puzzles, and Firefly-based optimization.

Chapter V EXPERIMENTAL STUDY AND RESULT ANALYSIS: Presents the evaluation of the proposed framework using OpNet simulations to demonstrate effectiveness in throughput and latency.

Chapter VI CONCLUSION AND FURTHER RESEARCH DIRECTIONS: Summarizes the thesis findings and suggests future directions for enhancing quality of service and security.

Keywords

Distributed Denial of Service, DDoS, Internet of Things, IoT, Cloud Computing, CloudIoT, Smart Mitigating Service Firewall, Network Security, Captcha, Jigsaw Puzzle, Binary Firefly Algorithm, Elliptic Curve Cryptography, ECC, Traffic Load Balancing, OpNet

Frequently Asked Questions

What is the core focus of this research?

The research is primarily concerned with creating a secured architecture to protect CloudIoT environments against Distributed Denial of Service (DDoS) attacks.

What are the central thematic areas?

The study covers IoT and Cloud integration, network security protocols, DDoS attack classification, mitigation strategies, and experimental performance analysis in cloud environments.

What is the primary objective of this thesis?

The goal is to design an end-to-end security mechanism (the Smart Mitigating Service Firewall) that distinguishes legitimate traffic from malicious requests while maintaining high availability and low latency.

Which scientific methodology is employed?

The author uses a hybrid approach combining defensive firewalls, multi-stage user verification (Dynamic Captcha and Jigsaw Puzzles), and bio-inspired optimization algorithms (Binary Firefly Algorithm).

What topics are discussed in the main part of the thesis?

The main chapters cover the proposed system architecture, the design of dynamic verification algorithms, traffic balancing techniques, and experimental setup using the OpNet simulation tool.

Which specific keywords define this work?

The work is defined by terms such as DDoS, CloudIoT, Firefly Algorithm, Captcha, Jigsaw Puzzle, Elliptic Curve Cryptography, and Intrusion Detection.

How does the proposed architecture handle DDoS attacks?

It utilizes a proactive filtering approach at the network edge to verify user legitimacy via two stages of authentication, combined with IDPS-driven traffic management.

What role do bio-inspired algorithms play in this work?

Binary Firefly Algorithms are used for traffic load balancing and intrusion detection by identifying "dominant" versus "submissive" system states during an attack scenario.

What is the significance of the "Jigsaw Image Puzzle" mentioned?

It acts as the second, more robust layer of verification after the initial Captcha test, specifically designed to be easily solved by humans but difficult for automated botnet software.

How is the security of user authentication maintained?

The architecture employs Elliptic Curve Cryptography (ECC) to generate self-signed ECDSA certificates, ensuring data integrity and confidentiality for transactions between the user and the cloud.