Vulnerability Analysis and Mitigation Strategies of DDoS Attacks on Cloud Infrastructure

Hengki Tamando Sihotang; Wildan  Alrasyid; Aldrich  Delano; Halburt  Jacob; Galih Prakoso  Rizky

Authors

Hengki Tamando Sihotang Informatika, Universitas Pembangunan Nasional Veteran Jakarta, Indonesia
Wildan Alrasyid Informatika, Universitas Pembangunan Nasional Veteran Jakarta, Indonesia
Aldrich Delano Department of Electrical and Computer Engineering, Florida International University, Miami, USA
Halburt Jacob Department of Electrical and Computer Engineering, Florida International University, Miami, USA
Galih Prakoso Rizky Manajemen Informatika, Universitas Pembangunan Nasional Veteran Jakarta, Indonesia

Keywords:

DDoS Attacks, Cloud Security, Vulnerability Analysis, Mitigation Strategies, Software-Defined Networking (SDN)

Abstract

As cloud computing becomes increasingly central to modern digital operations, it has also become a primary target for Distributed Denial of Service (DDoS) attacks. This research investigates the major vulnerabilities within cloud infrastructure that are commonly exploited by DDoS attackers and evaluates the effectiveness of various mitigation strategies. The study employs a mixed-methods approach, combining vulnerability assessment, simulated attack scenarios, and comparative performance analysis of traditional and advanced defense mechanisms, including rate limiting, Intrusion Detection Systems (IDS), Software-Defined Networking (SDN), and machine learning-based anomaly detection. The findings reveal that key weaknesses in cloud systems such as shared resource models, unsecured APIs, and auto-scaling configurations can be leveraged to disrupt services or cause economic damage. The comparative evaluation highlights the limitations of conventional tools in handling sophisticated or large-scale attacks, while also showcasing the superior adaptability of SDN and AI-driven techniques under dynamic threat conditions. This research contributes to the field of cloud security by offering a comprehensive understanding of DDoS threat vectors, identifying effective defense combinations, and providing practical recommendations for strengthening the security posture of cloud systems. The study emphasizes the importance of proactive, layered, and intelligent defense frameworks to enhance the resilience of cloud-based infrastructures against evolving DDoS threats.

References

Agrawal, N., & Tapaswi, S. (2019). Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges. IEEE Communications Surveys & Tutorials, 21(4), 3769–3795.

Aslanpour, M. S., Gill, S. S., & Toosi, A. N. (2020). Performance evaluation metrics for cloud, fog and edge computing: A review, taxonomy, benchmarks and standards for future research. Internet of Things, 12, 100273.

Brown, S., Gommers, J., & Serrano, O. (2015). From cyber security information sharing to threat management. Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, 43–49.

Chalvatzis, I., Karras, D., & Papademetriou, R. (2020). Reproducible modelling and simulating security vulnerability scanners evaluation framework towards risk management assessment of small and medium enterprises business networks. Indian Journal of Science and Technology, 13(37), 3910–3943.

Conti, M., Das, S. K., Bisdikian, C., Kumar, M., Ni, L. M., Passarella, A., Roussos, G., Tröster, G., Tsudik, G., & Zambonelli, F. (2012). Looking ahead in pervasive computing: Challenges and opportunities in the era of cyber–physical convergence. Pervasive and Mobile Computing, 8(1), 2–21.

Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: classification and state-of-the-art. Computer Networks, 44(5), 643–666.

Downing, S. M. (2004). Reliability: on the reproducibility of assessment data. Medical Education, 38(9), 1006–1012.

Dutta, A., Peng, G. C. A., & Choudhary, A. (2013). Risks in enterprise cloud computing: the perspective of IT experts. Journal of Computer Information Systems, 53(4), 39–48.

Gebreyes, A. (2020). Denial of Service Attacks: Difference in Rates, Duration, and Financial Damages and the Relationship Between Company Assets and Revenues. Walden University.

Gupta, B. B., & Dahiya, A. (2021). Distributed Denial of Service (DDoS) Attacks: Classification, Attacks, Challenges and Countermeasures. CRC press.

Iqbal, S., Kiah, M. L. M., Dhaghighi, B., Hussain, M., Khan, S., Khan, M. K., & Choo, K.-K. R. (2016). On cloud security attacks: A taxonomy and intrusion detection and prevention as a service. Journal of Network and Computer Applications, 74, 98–120.

Jayakumar, S. (2020). Cyber attacks by terrorists and other malevolent actors: Prevention and preparedness with three case studies on Estonia, Singapore, and the United States. Handbook of Terrorism Prevention and Preparedness, 871–925.

Kaul, D., & Khurana, R. (2021). AI to detect and mitigate security vulnerabilities in APIs: encryption, authentication, and anomaly detection in enterprise-level distributed systems. Eigenpub Review of Science and Technology, 5(1), 34–62.

Khorshed, M. T., Ali, A. B. M. S., & Wasimi, S. A. (2012). A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Generation Computer Systems, 28(6), 833–851.

Kufakunesu, R., Hancke, G. P., & Abu-Mahfouz, A. M. (2020). A survey on adaptive data rate optimization in lorawan: Recent solutions and major challenges. Sensors, 20(18), 5044.

Kuipers, D., & Fabro, M. (2006). Control systems cyber security: Defense in depth strategies. Idaho National Lab.(INL), Idaho Falls, ID (United States).

Murphy, B. R. (2019). Comparing the performance of intrusion detection systems: Snort and Suricata. Colorado Technical University.

Nassif, A. B., Talib, M. A., Nasir, Q., & Dakalbab, F. M. (2021). Machine learning for anomaly detection: A systematic review. Ieee Access, 9, 78658–78700.

Okolo, F. C., Etukudoh, E. A., Ogunwole, O., Osho, G. O., & Basiru, J. O. (2021). Systematic review of cyber threats and resilience strategies across global supply chains and transportation networks. Journal Name Missing.

Papavassiliou, S. (2020). Software defined networking (SDN) and network function virtualization (NFV). In Future Internet (Vol. 12, Issue 1, p. 7). MDPI.

Salim, M. M., Rathore, S., & Park, J. H. (2020). Distributed denial of service attacks and its defenses in IoT: a survey. The Journal of Supercomputing, 76, 5320–5363.

Sharma, H. (2020). Effectiveness of CSPM in Multi-Cloud Environments: A study on the challenges and strategies for implementing CSPM across multiple cloud service providers (AWS, Azure, Google Cloud), focusing on interoperability and comprehensive visibility. International Journal of Computer Science and Engineering Research and Development (IJCSERD), 10(1), 1–18.

Sivetc, L., Wijermars, M., & Lehtisaari, K. (2019). The blacklisting mechanism. Routledge Abingdon, UK.

Sunyaev, A., & Sunyaev, A. (2020). Cloud computing. Internet Computing: Principles of Distributed Systems and Emerging Internet-Based Technologies, 195–236.

Verma, S., & Bala, A. (2021). Auto-scaling techniques for IoT-based cloud applications: a review. Cluster Computing, 24(3), 2425–2459.

Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2015). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.