© 2013, IJARCSSE All Rights Reserved Page | 1318 Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Detecting and Countering DDOS Attacks in Cloud Baldev Singh, G.S. Samra S.N. Panda Lyallpur Khalsa College RIMT Jalandhar, Punjab, India Mandi Gobindgarh, Pb., India Abstract— This paper explored the possible issues predominantly concerning the cloud computing security environment in context of recent DDOS attack trends. This paper also includes how attack vectors may be measured and observed continuously so that the new tactics of DDOS attackers and malicious act service providers are countered. It discusses the way thresholds may be calculated wrong to inherent nature of the DDOS attack floods in various quarters of cloud based network, and finally the way in which these thresholds can be more accurately computed in terms of detecting overload congestion approaching due to malicious flood of packets leading to denial of services and request calls to target resource in a cloud. Keywords— Cloud Computing, DDOS Attacks, Intrusion Detection, Scrubing Center, Attacks. 1. INTRODUCTION There is an established underground cyber criminal economy which works to achieve their private individual goals best known for their keen interest in spying or for competitive monetary gains, motives that are possible by the use of disruptive technologies like DDOS attack. Thus making the science of DDOS attacks ever evolving and growing in current context in such a manner that a continuous monitoring with sophisticated watchdog capabilities is required as these attacks continues to create online outrages, customer inconvenience and reputational damages across all industries and geographies. The best known victims of recent moves of these DDOS attacks[4],5] and those who have been successfully being able to mitigate such attacks can never get a sound sleep as it is apparent from current incidences of this attack globally. A recent attack on a cloud based online education site [1] was made target and DDOS attack leads to disruption of its services for more than business hours inspite of the fact that it had firewall protection with intrusion detection defense lines. The reason being that it was difficult to address as it was directed to the dedicated IP address rather than on the data centers as it was sourcing the malicious traffic that from diverse geographic sources. The attack became further intense with high sophistication tactics even after mitigation to secondary data center and were left with only one choice to either build a scrubbing center or hire a scrubbing center . As the primary work of the site is educational in nature, they were forced to get the services of the professional security experts and hire a scrubbing center [2]. 2. SETTING UP OF SCRUBBING CENTER Understanding the component of a scrubbing center is important here. It is however essentially a combination of software and hardware based algorithms recipes that analyze the incoming envelop of packets and check the integrity of the outgoing envelop of data passing through multiple subnets reaching a particular set of IP addresses. By scrubbing traffic at major Internet points and backbone connection, a defense line is created for mitigation of DDOS attacks. In fact they take advantage of bandwidth density and traffic routing options with globally distributed options. They choose more to change direction of traffic and swallow the volume of data rather than just block or filter the data packet as the difference between the good and malicious packet is difficult to assess. Hence, they are able to mitigate the flood of UDP [6,7] or any other type of traffic artifact creating DDOS attacks. All cloud service providers can not afford to build their own scrubbing centers as they need to focus on their core business rather than technological issues of maintaining and defending themselves and moreover, even all cloud service providers can hire third party scrubbing solutions. Not all cloud service providers can maintain following components/processes with high quality and ensure high availability of services for themselves and their customers.  Detection and Monitoring Centers.  Threat correlation services.  Threat alert system.  Threat identification service with false positives recognition.  Threat rate of change.  Threat severity analysis.  Threat heuristics at every layer. Hence, when a centralized data cleansing stations are deployed having all possible capabilities as mentioned above where traffic is scrutinized and mischievous traffic (DDOS, known susceptibilities and exploits) are moved or absorbed, there is