A Secured Architecture for Mitigating Distributed Denial of Service Attack Integrating Internet of Things and Cloud Computing

Inhaltsverzeichnis (Table of Contents)

• Chapter -I INTRODUCTION
  • 1.1 Internet of Things
  • 1.2 IoT Prognostications
  • 1.3 Definitions on IoT
  • 1.4 Cloud Computing
  • 1.5 Definitions on Cloud Computing
  • 1.5.1 Essential Characteristics
  • 1.5.1.1 On-demand self-service
  • 1.5.1.2 Broad network access
  • 1.5.1.3 Resource pooling
  • 1.5.1.4 Rapid elasticity
  • 1.5.1.5 Measured Service
  • 1.6 Working Models of Cloud Computing
  • 1.7 Deployment Models of Cloud Computing
  • 1.8 IoT and Cloud Integration
  • 1.9 Cloud Computing Security
  • 1.10 Distributed Denial of Service
  • 1.11 Taxonomy of Distributed Denial of Service Attack
  • 1.12 Types of DDoS Attack
  • 1.12.1.1 Application Layer DDoS attack
  • 1.12.1.2 HTTP Flood Attack
  • 1.12.1.3 UDP Flood attack
  • 1.12.1.4 ICMP Flood Attack
  • 1.12.1.5 Smurf Attack
  • 1.12.1.6 PING of Death Attack
  • 1.12.1.7 TCP Flood
  • 1.12.1.8 Volumetric Attacks
  • 1.12.1.9 DNS Amplification Attack
  • 1.12.1.10 Protocol Attacks
  • 1.12.1.11 Syn Flood Attacks
  • 1.13 Aims and Objectives
  • 1.14 Thesis Structure
• Chapter -II REVIEW OF LITERATURE
  • 2.1 Distributed Denial of Service Attack
  • 2.2 Security Architecture for Mitigating Distributed Denial of Service Attack
  • 2.3 Mitigating Approaches for Distributed Denial of Service Attack
  • 2.3.1 Captcha Methods for Mitigating DDoS Attack
  • 2.3.2 Puzzle Approaches for Mitigating DDoS Attack
  • 2.3.3 Optimization Algorithm for Mitigating DDoS Attack
  • 2.3.4 IDPS System for Mitigating DDoS Attack
  • 2.3.5 Firewall Approaches for Mitigating DDoS Attack
• Chapter III A SECURITY ARCHITECTURE FOR MITIGATING DISTRIBUTED DENIAL OF SERVICE(DDOS)ATTACK INTEGRATING INTERNET OF THINGS AND CLOUD COMPUTING
  • 3.1 SMS_FIREWALL_DDoS Proposed Architecture
  • 3.1.1 The Proposed Architecture Scope
  • 3.1.2 Unique Features of the SMS_DDoS Architecture
  • 3.1.3 SMS_DDOS Architecture
  • 3.2 Functional Components of the Proposed Architecture
  • 3.3 CloudIoT Integrated Environment
  • 3.3.1 IoT Things
  • 3.3.2 Sensors
  • 3.3.3 RFID
  • 3.3.4 Sensor Reader
  • 3.3.5 Sensor Networks
  • 3.3.6 Gateway
  • 3.3.6.1 Information types
  • 3.3.6.2 Metadata
  • 3.3.6.3 Operational information
  • 3.3.7 Devices
  • 3.3.8 MQTT
  • 3.4 CloudIoT Integrated Environment
  • 3.4.1 CloudIoT Platform
  • 3.4.1.1 Web Server
  • 3.4.1.2 Sql Server
  • 3.4.1.3 Application Server
  • 3.4.1.4 Cloud Services
  • 3.4.1.5 Smart Mitigating Database Server(SM_DS)
  • 3.4.1.6 DNS Server
  • 3.5 Secure User and Device Registration
  • 3.6 Smart Mitigating Service_Firewall
  • 3.6.1 SMS_Firewall
  • 3.6.2 First Verification Test: CAPTCHA (The Completely Automated Public Turing test to Tell Computers and Humans Apart) Test
  • 3.6.2.1 Text Captcha
  • 3.6.2.2 Image Captcha
  • 3.6.2.3 Mathematical Captcha
  • 3.6.2.4 I m Not a Robot Captcha
  • 3.6.2.5 Malware Detection System
  • 3.5.3 Second Verification Test :Jigsaw Image Puzzle Test
  • 3.6.3.1 Jigsaw Image Puzzle
  • 3.6.3.2 Client Puzzle Server
  • 3.6.4 Intrusion Detection and Prevention System
  • 3.6.4.1 Firefly Biological Behavior
  • 3.6.4.2 Proposed CDDOSD and BFFO Model for DDoS Detection
  • 3.6.5 Reverse Proxy
  • 3.7 Functional Descriptions of Sms_Firewall Diagram
  • 3.8 Secure User and Device Authentication
  • 3.9 Secure Data Transaction between Cloud and Legitimate Users
  • 3.10 Functional Components Descriptions Flow Diagram
  • 3.9 Sequence Diagram of SMS_DDoS Attack
  • 3.11.1 Case Study-1: Smart Traffic
  • 3.11.2 Case Study-2: Smart Hospital
  • 3.11.3 Case Study-3: Smart Agriculture
• Chapter - IV Security Algorithm
  • 4.1 Secure User and Device Registration
  • 4.2 Dynamic Captcha with equal probability proposed Algorithm
  • 4.2.1 Text Captcha Algorithm
  • 4.2.2 Image Captcha Algorithm
  • 4.2.3 Math Captcha Algorithm
  • 4.2.4 I M NoT A ROBOT Captcha Algorithm
  • 4.3 Image Jigsaw Puzzle Algorithm
  • 4.4CDDOSD Algorithm(Intrusion Detection Algorithm)
  • 4.5 Intrusion Prevention and Traffic Load Balancing Firefly Algorithm
  • 4.6 Algorithm Method for selecting DominantCloudServer
  • 4.7 Secure User and Device Authentication
  • 4.8 Secure Data Transaction between Cloud and Legitimate Users
  • 4.9 Key Generation Algorithm
  • 4.10 Significance of the Proposed Security Algorithms
• CHAPTER V EXPERIMENTAL STUDY AND RESULT ANALYSIS
  • 5.1 Secure User and Device Registration
  • 5.2 OpNet Simulation Tool
  • 5.3 Experimental Setup
  • 5.4 Number of Requests received by the server for HTTP applications
  • 5.5 Response time for HTTP applications
  • 5.6 Server Performance
  • 5.7 The average throughput for HTTP packets that are transferred between the firewall and the server
  • 5.8 Attack classification and Detection
  • 5.9 Response Time Analysis
  • 5.10 Analysis on Latency
  • 5.11 Analysis on Overall System Throughput
  • 5.12 Comparison of Public Key Cryptosystems
• CHAPTER VI CONCLUSIONS AND FUTURE DIRECTIONS
  • 6.1 Conclusions
  • 6.2 Future Directions

Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)

This research aims to propose a secure architecture for mitigating DDoS attacks in a CloudIoT environment. The study aims to develop an end-to-end security mechanism, framework, and algorithms that effectively reduce the impact of DDoS attacks, improve service availability and profitability, and classify incoming network traffic into attack and non-attack categories.

• DDoS Attack Mitigation in CloudIoT Environment
• End-to-End Security Framework
• Traffic Classification and Detection
• Performance Optimization and Response Time Reduction
• Application of Firefly Algorithm for Intrusion Prevention and Load Balancing

Zusammenfassung der Kapitel (Chapter Summaries)

• Chapter 1 introduces the concepts of IoT and cloud computing, highlights the challenges of integrating these technologies, and emphasizes the significance of DDoS attacks in the CloudIoT environment. It defines the research objectives and outlines the thesis structure.
• Chapter 2 provides a comprehensive review of existing research on DDoS attack mitigation techniques, including captcha methods, puzzle approaches, optimization algorithms, intrusion detection and prevention systems, and firewall approaches. This chapter analyzes the strengths and weaknesses of these existing solutions, paving the way for the development of a more robust architecture.
• Chapter 3 presents the proposed architecture, "Smart Mitigating Service Firewall for Distributed Denial of Service Attack (SMS_FIREWALL_DDoS)", which is designed to protect CloudIoT users and providers from DDoS attacks. The architecture employs a two-step verification process using Dynamic Captcha and Jigsaw Image Puzzle tests to differentiate legitimate users from malicious bots. The chapter further delves into the key components of the architecture, including the Malware Detection System, Client Puzzle Server, Intrusion Detection and Prevention System (IDPS), and Reverse Proxy. The chapter also presents a case study illustrating the application of the proposed architecture in real-world scenarios.
• Chapter 4 discusses the various security algorithms developed for the proposed architecture. This includes algorithms for secure user and device registration, Dynamic Captcha, Jigsaw Image Puzzle, Binary Firefly Algorithm for intrusion prevention and traffic balancing, and secure data transaction using Elliptic Curve Cryptography (ECC).
• Chapter 5 focuses on the experimental study and result analysis of the proposed architecture. It utilizes the OpNet simulation tool to validate the performance of the architecture. This chapter presents detailed performance metrics, including response time, latency, and overall system throughput. It also compares the performance of ECC and RSA cryptosystems.

Schlüsselwörter (Keywords)

This work explores the intersection of Cloud computing, the Internet of Things (IoT), and network security, with a focus on mitigating Distributed Denial of Service (DDoS) attacks. Key themes include secure user and device authentication, dynamic captcha algorithms, jigsaw image puzzle algorithms, binary firefly optimization, intrusion detection and prevention systems, reverse proxy technology, and Elliptic Curve Cryptography (ECC).