Question
How to prevent an attacker from draining your resources in the cloud?
Context
A Denial of Service (DoS) attack is one in which a server or service is verwhelmedy traffic and consequently either disabled or made unavailable to its customers. In general, the effect on the target of a DoS attack is a loss of business, or in the less critical cases, just failure to get his/her message out. In cloud context, DoS attacks on pay-as-you-go cloud applications will result in a dramatic increase in cloud utility bill, if cloud-based service is designed to scale up automatically (e.g. Amazon EC2): user will see increased use of network bandwidth, CPU, and storage consumption. This type of attack is characterized as economic denial of sustainability (EDoS).
Solution
EDoS-Shield (e.g. AWS shield) is used to mitigate the Economic Denial of Sustainability (EDoS) attack in the cloud computing systems. One technique used to mitigate of the EDoS attacks creating from spoofed IP addresses is hop-count filtering. Time to Live (TTL) parameter is used for calculating the supreme life time of packet inside the network. The TTL value was decremented each time when packet permitted through any router. When TTL value became zero, the packet was rejected.
References
SECURE: Self-Protection Approach in Cloud Resource Management - ieeexplore.ieee.org
Safeguarding your cloudresources with Azure security services - azure.microsoft.com
