Analysis of the EDoS Attack impact on Elastic Cloud Services Using Finite Queuing Model

Received Aug 12 th , 2017 Revised Mar 12 th , 2018 Accepted Jun 16, 2018 This paper proposes a logical model to examine the effect of the EDoS attack in cloud environment using finite queuing model and enhanced with experimental model. Due to this sophisticated attacks the computing resources are busy and buffer capacity of the cloud gets exhausted by both the legitimate and malicious user requests, because of this both types of requests could not get the service. The legitimate customers are unable to get service of web application. In this backdrop this paper investigates and evaluates the vendor loss factor from the cost factor of view since the legitimate client requests are denied service. The objective of this analysis is twofold i) to identify the dynamics of the EDoS attacks with different attack rates and to measure the various performance metrics (total number of busy virtual machines, utilization of the cloud resources, request response time, request loss probability, and throughput). ii) The cost function is defined and evaluated based on these performance metrics. Finally compared analytical and experimental results are presented and conclusions are drawn. Keyword:


Introduction
Cloud computing (CC) is sharing virtual resources or services like computing resources, storage databases, web applications and other cloud services through the internet using pay-as-you-go basis.Gartner Identified CC is one of the top ten technologies of the IT industry and he predicted cloud revenue to grow 21.4 percent in 2018 [1].The global adoption of this technology reduces the cost factor of users and organizations.Organizations are migrating businesses into the cloud, so that they can rent the cloud services for use on a subscription instead of building their own infrastructures using pay-as-you-go basis.There are a couple of sorts of strikes which damage the computing assets and associations of customer cloud environment and it leads to compromise SLA.In light of SLA, cloud assets are given to client in confined or limitless mode [2].The preferred standpoint utilization and the taking care of intensity are charged to the customer.The vendors cloud resource cost can be incurred by the attacks.Distributed Denial of Service (DDoS) attack is one of the major assaults in the CC and the fundamental objective of the DDoS attack is leads the resource unavailability, reducing the v by damaging the virtual servers [3].Distributed Denial of Service (DDoS) assaults target goals, energized applications or system structures by connecting all open transmission confine and aggravating access for genuine clients and partners.According to the official National Institute of Standards and Technology (NIST) definition, Cloud figuring is 'a model for enabling unavoidable, profitable, ondemand mastermind access to a typical pool of configurable enrolling resources -for example, frameworks, servers, accumulating, applications and organizations -that

Related work
Khaled Salah et.al [6], in this article author proposed sensible model nearby a total calculation for choosing extra key execution conditions and measures.In this paper, another region has been joined appearing and investigating the versatility of the LB that can be, at whatever point ignored, an important execution bottleneck for versatile organizations.Another domain was consolidated avowing our deliberate model and conditions.The underwriting was composed utilizing estimations of an exploratory demonstrating ground sent on the AWS cloud.Just more fundamentally, this paper solidifies numerical consequences of veritable functional conditions of cloud versatile organizations that wire web advantage, Netflix video spouting, and the AWS cloud.The area on numerical outcomes joins new figures and essential exchange and understandings on cloud resource estimation and cutoff building edges related to achieving genuine adaptability for cloud organizations.F. Al-Haidari, M. Sqalli, et al. [7], In this paper, showed that an investigative model to look at the effect of EDoS assaults on a particular class cloud benefits in which there is just a singular kind of use advantage gave in the datacenter.The model thinks about various execution estimations.These estimations join end-to-end reaction time, usage of getting ready assets being eaten up, and the accomplished expense happening in light of the assault.Such model is valuable to show the effect of an EDoS assault on both execution and cost of the spread preparing associations.Suneetha Bulla, B Basaveswara Rao et al. [8], this authors are enhanced [7] analytical model by using the experimental model.In this paper proposed experimental model and explained how to deploy experimental model on the AWS cloud to study the performance and cost impact of the EDoS attacks.Khaled Salah [9], proposed a logical method to achieve the elasticity of the cloud using cluster jobs and validated using simulation.The main prediction on this paper is elasticity and he gave numerical example to illustrate and demonstration of the queuing model.
Gian-Luca Dei Rossi, Mauro Iacono, and Andrea Marin [10] proposed a Markovian model to consider the effect of eDoS strikes to cloud infrastructures.This analysis is depending up on the assessment of the mean time to absorption and on the expected cumulated rewards in a CTMC describing the attacker strategy and the cloud state.This model gave numerically stable methods to compute (or approximate for long-lasting attacks) the performance indices that allow us to evaluate the impact of an attack.Shi et al. [11] have made convincing centrality sparing methods in the cloud datacenter by consistently assigning assets dependent on usage examination and guess.The rule measure plot that has been utilized in their work was a M/M/1 lining model that gets the cloud-based web advantage.Fundamentally, Calheiros et al. [12] have proposed a versatile provisioning system for cloud-constructed preferences for go in light of cloud-based applications that meet QoS targets subject to covering system structure appear and remaining employment waiting be done data.They demonstrate each virtualized application point of reference as a M/M/1/k lining model, where k proposes an obliged line of length k.

Analytical model
This paper aiming to analyze or evaluate the impact of the EDoS attacks on finite elastic cloud hosted web services.Figure 1 shows the architecture of elastic cloud datacenter, this datacenter contain software as a service type web application [7] and providing single service.This architecture contains three phases those are Load Balancer, elastic group of Virtual Machines (VM) and Database Server.Legitimate users are utilize this services based on the SLA, but attackers are targets this elasticity nature of the cloud to unavailability of service to the customers and increase the cost of the cloud adopters.The above queuing model follows M/G/1/K settling structure with Poisson areas λ, for the most part scattered association times and most extreme of the framework is K. z(x) implies the figure of the covering framework which is the association times of the PDF of everything considered passed on self-self-assured variable X, Ek is the likelihood of having k entries of amidst a specific association time and is conferred as (1) Actually z(x) is the sum of the three service stages those are ELB, VM's and database , those service times has an exponential distributions.First and third stages mean and PDF's are respectively 1/α, 1/µ and and .The second stage follows parallel computing with available instances, then µis the static service time for these S parallel severs, here µ can be expressed µ i =µ.Third stage mean and PDF's are 1/ µ and .Then, z(x) is derived from these three PDF's by integration.Convolution is direct administrator and figure first convolution of first and third PDF's and the resulting function is h (t) and after that calculate the convolution of h(t) and f B (t).In [13] Takagi has been discussed the convolution of two density functions of two random service times with two means , then in our queuing system compute convolution of f(t) and g(t) with means of 1/β and 1/α can be expressed as (2) From the expression (2) there are two condition, first condition indicates there is loss probability of arrivals and second one is there is no loss probability.Let us consider first case where .z(x) is the convolution of h(t) and f B (t).
(3) Solve the equation (3) by using integration by parts.

From equation (1)
and by substitution and solve the equation using integration by parts, then it gets E k follows To summarize: E k is used figure the resolute state probabilities of the queuing system from ELB to database [19].This presentation is used Imbedded Markov Chain To solve the steady state transition probabilities with following initial conditions, those are system state n i denotes the type of processing takes place by ELB, Computing instances and database server.q jk are the transition probabilities of the Imbedded Markov Chain at parity can be found independently using Ek for two cases j=0 and 1≤j≤K-1.
From the equation ( 7) and ( 8) we get persisting state probabilities {r_k ∶0≤k≤K-1} at the objective can be figured by clarifying K-1 counterbalance conditions and moreover with institutionalization condition as seeks after Substituting equations ( 7) and ( 8) into ( 9), then it get and From the equation ( 9) K-2 equations and along with normalization condition are used to unravel the arrangement of conditions to accomplish the unfaltering state probabilities r k /r 0 and illuminate normalized variables using (10) The above equation is used solved recursively and successively determine {r 1 /r 0, r 2 /r 0, r 3 /r 0 ,…… r k-1 /r 0, }.Subsequently, r 0 can be comprehended utilizing the standardization condition as pursues = In this queuing system r 0 is used to get the particular state probabilities{r_k ∶0≤k≤K-1}.Assume P k is the probability of k occupations presented in the covering structure at a self-confident time, where k = 400, 500, 600,.…, K. Using P loss as the agreement probability that an arrival is lost the organization from merchant in light of the way that the line is full, that is in state K where P loss and P k are follows: (12) is sum of the mean service times.
Where E[B] is the mean administration time organize.In the elastic cloud parallel computing resources are running in the particular time and providing single service.Tolerating that all the figuring cases have a comparative enrolling power restrain µi = µ and overhead made my submitting events the cloud organization to be 55.4s for provisioning one VM instances [33].
From equation ( 8) P loss can be expressed as (14) Where Utilizing the estimations of ¬ rk got from Equation (10) and the consequences of ( 15) and ( 17), the harmony state dissemination {Pk:0≤k≤K-1 } can be communicated as From Equation ( 16), P 0 = (17) The throughput of departure γ also be called as the effective arrival rate λ' (or) λ (1-P loss ).Therefore γ = λ (1-P loss ) (15) Assuming that auto-scaling of the elastic cloud are configured with there is no delay to adopt new virtual machines into the elastic group [14].Compare M/M/1 queuing model to derived equation of our queuing model with service rate s , these two methods have a similar registering usage.The normal reaction time of a request to take service R and average response time effected by the victim R m will be:

R = and R m = (19)
The total number of running instances committed to the elastic computing cloud service could be calculated using equation (19).The upper threshold utilization value is used for triggering to generate new instance in auto scaling mechanism.If the upper threshold value is 100%, then the provisioning new instance formula expressed as S.

S= (20)
Another important performance metric is cost of the cloud.In cloud computing resources are adopt by hourly basis.In our queuing system follows the on-demand pricing model and this model considering computing resources, bandwidth of network usage and storage cost, thus the total cost of the queuing system derived as follows: Total Cost=( P bw × λ GB/s + P Com × S + P Sto × λ GB/s ) × T (21) In Eq(21) P bw is denoted as cost of the bandwidth of the network, P Com is cost of the computing instance in the elastic cloud, P Sto is cost of the storage server in terms of giga bytes , λ GB/s is the effective arrival rate in GB/s , S is the total number of servers and T is time in terms of hours.

Experimental model
To verified, analyzed and also compared the above analytical with the real world experimental results.Fig shows the experimental test-bed of hosting web application on AWS using auto scaling service.Main components of this cloud datacenter are virtual machines are also called as servers, load balancer, RDS database, Route 53 and S3.An experimental architecture design has been discussed in [8].

Fig 4: Web application hosting using elastic cloud on AWS
In the above figure micro size EC2 VM's are configured with auto scaling and for hosting web application [15].RDS database server is used to store the network in and network out [16]; S3 bucket is created to store the client's logs [17].Route 53 for to register domain name of the hosted web application in the EC2 [18] and final component of this architecture is large size EC2 VM's, it is used to generate http traffic of attacker and legitimate users.
For this analysis created micro word press EC2 instance in the EC2 console and attached my sql micro database server for storing the network traffic with multiple A-Z basis, this feature clones the database servers to all regions for availability purpose.For distributing the client's HTTP proxy to available VM's in the pool of VPC a load balancer can be configured and assigned auto scaling group with minimum two and maximum ten VM's with scale up and scale down conditions.We set up the Web server to restore a webpage page of a size of 580 bytes while tolerating a HTTP request from load balancer.The page measure was tuned until the point that we accomplished just about 100 % CPU use when the occasion gets 100 Req/sec (Requests each second) or, by the day's end uttermost scopes of our medium surveyed VM occasion.Regularly, this will give us around 10 ms for the run of the mill association time while modifying HTTP request a low rate.If it exceeds the 100 % CPU utilization of the VM then automatically generate a new instance and registered in the load balancer to distribute the requests at the same manner if it is below 30% of the CPU utilization then delete an instance from load balancer.
Attach configured load balancer to Route 53 for register domain name of the hosted web application.Finally launched large size instance and installed siege on that to generate legitimate and attacker http proxy.Ambush was planned to make HTTP request at the same time, and execution estimations were taken after a time of 15 min.For our estimation, we checked the running with execution estimations: response time, throughput, and CPU utilize.The run of the mill, scarcest, and most essential estimations for response time and throughput were given by the JMeter signify graph report toward the total of the run.With respect to CPU utilization, we used SAR Linux utility and Perl scripting tongue to gather and signify the CPU use readings of the running VMs.The CPU utilization readings were taken in the unfaltering time; particularly from 8 to 12 min.

Results
This paper for the numerical illustration assumed based on the size of the web application capacity of the micro virtual machine is 100 req/sec and it was examined by Catteddu and Hogben in 2009 [19].This elastic cloud initially started with 2 servers.In the auto scaling provisioning overhead considered as 55.4 s, and it was taken from Islam et al. [20].In our assumptions 50 ms and = 20 ms, legitimate users traffic 200 requests per second, attacker traffic varying from 200 to 2000 requests per second .
Total cost of the elastic cloud datacenter can be calculated using equation (22).As per the amazon aws price of the micro instances is $0.115,RDS server price is $0.115, base cost of $0.01 per GB in/out information exchanged dependent on the revealed costs of Internet information exchange "in" and "out" of Amazon EC2 [21].

Fig 5: Total number of servers in relation to the attack rate
Figure 5 show the relation between attack rate and total number of servers running on the cloud.In the auto scaling configurations assumed least number of occurrences is two and greatest number of occasions is ten.
Our architecture initially starts with two servers with legitimate traffic, if the attacker traffic occurs and incurred by the attacker then number of servers increased.When the client traffic exceeds the capacity of the cloud and touch the upper threshold value then number of server's value goes constant.6 presents the utilization of the elastic cloud when it is incurred by the EDoS attack.The obtained results shows that regarding utilization, the attack rate of the hosted web application increased the corresponding utilization of the cloud also increased.

Fig 7: Traffic response time in relation to the attack rate
This paper assumed there is no waiting time of the queuing system because of auto scaling property.Figure 7 describes based on the obtaining results the attack rate expands, the relating reaction time additionally increments but there is no considerable variation when the attacker load goes high.

Conclusions
This paper proposed a diagnostic model to think about the impact of the EDoS assault in the flexible distributed computing servers, thinking about number of execution measurements.These metrics are request

Fig 1 :
Fig 1: Elastic cloud services of AWS Figure 2 illustrates about queuing model which is a representative of cloud hosted single web service architecture shown in the figure 1.In this model consider that the arrival rate follows passion distribution and assumed service time follows exponential distribution for all instances of ECS including computation as well as latency of DB server and band width of the network.Buffer size of the first queue is K-1 and arrivals are getting serviced sequentially following stages: (1) load balancer, (2) elastic computing resources and (3) database server.

Fig 2 :
Fig 2: Queuing Model for the web application Hosted on Elastic Cloud servicesWhere λ l is the mean arrival rate of legitimate users λ m is the arrival rate of the attackers α is the service rate of the ELB µ is the service rate or capacity of the virtual machines β is the service rate of the database server S is the total number of servers running in the cloud K capacity of the queuing system per second ˠ is the throughput rate of the queuing system

Fig 3 :
Fig 3: Queuing model of the computing elastic cloud Figure 3 shows the open finite queuing model of the computing elastic cloud.In that the load balancer is handle the traffic and distribute this traffic to pool of available instances.Each instances arrival rate is λ i = λ/S.where λ is the landing rate and S is the aggregate number of cases in the VPC.The mean computing utilization U and utilization effected by the attacker U m are expressed

Fig 6 :
Fig 6: Elastic cloud utilization in relation to the attack rate Figure 6 presents the utilization of the elastic cloud when it is incurred by the EDoS attack.The obtained results shows that regarding utilization, the attack rate of the hosted web application increased the corresponding utilization of the cloud also increased.

Fig 8 :
Fig 8: Requests loss probability in relation to the attack rate

Fig 9 :
Fig 9: Throughput of the traffic in relation to the attack rate

Fig 10 :
Fig 10: total cost of the elastic cloud in relation to the attack rate total number of instance running on the elastic cloud, utilization of the cloud resources, request response time or latency of the request, throughput of the effective arrivals and total cost of the cloud setup.The loss probability and elasticity of the cloud and cost functions are evaluated.The obtained result shows that the performance metrics are incurred by EDoS attack.For loss probability, whereby legitimate request loss can goes high when high load spike.The results showed that unacceptable delay in end to end reaction time.The numbers of servers are increased and cloud utilization exceeds the capacity of the cloud.The results have shown there is little impact on the throughput.In addition cost of the cloud increased and it leads to economical loss of the business or cloud vendors.As a future work, propose an analytical model and experimental model to mitigate the EDoS attack and evaluate the cost of the cloud using different pricing models.