Minimizing Financial Cost of DDoS Attack Defense in Clouds with Fine-Grained Resource Management
Keywords:
resource management, cloud security, DDoS attacksAbstract
As cloud systems grow in popularity, they become more vulnerable to cyber-attacks. A distributed denial of service (DDoS) attack is one of the most notorious cyber-attacks. The attack aims to exhaust the system's resources, rendering it unresponsive to legitimate requests. Around the resource competition, DDoS defence and attack essentially revolve. We have made decisions from a resource management and investment perspective. However, these defense strategies often assume unlimited resources to defend against attacks without considering financial costs. This coarse-grained approach can lead to resource overprovisioning and unnecessary expenses. To tackle this challenge, we perform a thorough analysis and propose a birth-death-based fine-grained resource management system that dynamically scales resources in/out and up/down. This system adaptively chooses the optimal resource leasing mode for cloud service customers, providing cost-effective defense against DDoS attacks. Extensive analyses and experiments based on empirical data validate the efficiency and effectiveness of our approach. Compared to existing methods, our proposal can reduce defence costs by an average of 53.58%, with potential savings of up to 93.75.
