DDoS Detection Systems for Cloud Data Storage

Distributed Denial-of-Service (DDoS) attack is one of the most common and effective attack types aiming to deny or limit services. To mitigate the problem of DDoS attacks to online cloud services, anomaly detection methods of user access behaviors are widely used to defend against attackers. We pay particular attention to anomaly detection methods after reviewing recent development efforts of application-layer DDoS detection techniques for cloud storage systems. Inspired by a dynamic analysis of access behavior changes in active users, we propose a DDoS anomaly detection model to discover DDoS attack sources by diagnosing users' similarities. The overarching goal of our solution is to pinpoint DDoS by monitoring the similarity of active users around existing users at a low cost. This goal is achieved by our proposed model embracing the following key steps. First, a sample user set is originated. Then, the active users' requests are tracked to gauge similarity measures between each active user and sample users. Finally, if the deviation of similarity exceeds the prescribed thresholds, detected users will be flagged as anomalous ones.