Performance Modeling and Analysis of the EDoS-Shield Mitigation

Cloud adoption by industry and governments has been on the rise for the past few years due to the obvious cloud technology advantages that include scalability, reliability, availability, agility, and cost efficiency. However, cloud security remains a main barrier for such adoption. Distributed denial of service (DDoS) attacks pose a serious security threat to cloud-hosted services and applications. In recent years, in addition to DDoS attacks, cloud systems are prone to be attacked by a new type of attacks known as economic denial of sustainability (EDoS). An EDoS attack targets the economic resources of the cloud adopter who gets billed and charged on a "pay-as-you-use" basis. In an EDoS attack, the attacker goal is to make the cloud system unaffordable and no longer economically acceptable for the cloud adopter. An EDoS-Shield is known to be an effective technique to mitigate such attacks, in which malicious requests are detected and dropped prior to reaching the cloud service nodes. In this paper, we model and study the performance of EDoS-Shield using queuing theory modeling. Various scenarios applicable to EDoS-shielding are considered and analyzed. We analyzed and compared the performance of proposed system in terms of key performance metrics which include response time, CPU utilization of allocated cloud compute resources, and system throughput.