Abstract

Different sizes of businesses are currently moving to the cloud as it is considered a key business enabler due to its benefits like minimizing the go live time and reducing the associated resources. Moving to the cloud introduces several confidentiality, integrity, and availability concerns. One of the key issues that affect availability is Distributed Denial of Service (DDoS). In such attacks, a cloud can be the source or the victim. DDoS attacks on a cloud can be much more harmful than its impact on a single physical server. One of the most recognized DDoS types is DNS reflection amplification attack. In this paper, we introduce a new technique to limit the sources of DNS reflection amplification attacks. In particular, we make use of the role of cloud hypervisors in managing all the virtualization environment traffic. The proposed technique can prevent scenarios ISP edge router ingress filtering will fail to prevent and is easier to implement.