Vol.:(0123456789) Wireless Personal Communications https://doi.org/10.1007/s11277-020-07630-6 1 3 AVDR: A Framework for Migration Policy to Handle DDoS Attacked VM in Cloud Priyanka Verma 1  · Shashikala Tapaswi 1  · W. Wilfred Godfrey 1 © Springer Science+Business Media, LLC, part of Springer Nature 2020 Abstract The recent trends of Distributed Denial of Service (DDoS) attacks in cloud computing have revealed a new menace of DDoS attacks called collateral damages on non-target stake- holders. These stakeholders are victim Virtual Machine (VM), sibling VMs, host physical machine, other host physical machines, VMs on other host machine, users of attacked and co-hosted VMs, cloud providers and cloud customer. The main reason behind these col- lateral damages are the features of cloud like virtualization, auto-scaling, resource shar- ing, and migrations. During the DDoS attacks due to the massive number of requests, it will result in host overload situation. In cloud, this overload situation is handled by various existing migration policies. These simple migration policies are not efcient if the attacked VMs are present in the cloud network. Therefore a supporting framework, Attacked VM Detection and Recovery (AVDR) is proposed in this work. Proposed AVDR framework improves the performance of existing migration policies and reduces the collateral dam- ages. The AVDR framework is based on attack strength ‘ Y as ’, thus a linear model to evalu- ate ‘ Y as ’ is also proposed. The dataset used for the modeling of ‘ Y as ’ is generated over the VM instances created on AWS. It consists of both the attack as well as benign request traces. The results prove the efectiveness of the proposed work. Keywords Availability · Cloud computing · DDoS · VM migration · Collateral damages 1 Introduction Cloud computing is an emerging technology which has gained considerable attention between its users from diferent communities. These users may range from individual ones to small companies. Nowadays even the big companies are also relying on cloud- based services. Cloud computing is based on utility computing and also provides cost- efective services to is the user. Cloud computing is providing an ample number of ser- vices to its user’s but lack in the security domain. Cloud is prone to various kinds of network-based attacks. Among all, DDoS is the most dangerous kind of attack which * Priyanka Verma 303priyanka.verma@gmail.com 1 Atal Bihari Vajpayee - Indian Institute of Information Technology and Management, Gwalior, India