Moving Target Defense-Based Denial-of-Service Mitigation in Cloud Environments: A Survey

Abstract

With the increased frequency and intensity of denial-of-service (DoS) attacks on critical cloud-hosted services, resource adaptation schemes adopted by the cloud service providers (CSPs) need to be intelligent. Specifically, they need to be adaptable to attack behavior and be dynamic to curb resource over-utilization. The concept of moving target defense (MTD) has recently emerged as an effective and agile defense mechanism against DoS attacks that particularly target cloud-hosted applications. However, the existing surveys that seek to explore this space either focus more on MTD for generic cyberattack mitigation or on DoS attack defense on cloud systems. In this survey, we particularly provide an in-depth analysis on how MTD can help recover critical cloud assets in the face of DoS attacks and how emerging programmable technologies such as software-defined networking (SDN) can be leveraged to achieve that goal. Unlike existing surveys, we categorize DoS attacks on cloud platforms based on their working mechanism. We also discuss the non-MTD-based DoS defense strategies for both cloud and non-cloud infrastructures in order to highlight the pros and cons of MTD-based strategies. We introduce MTD working mechanisms and present how existing research is envisioning MTD’s application in mitigating DoS attacks, both with and without SDN. We also take an in-depth look at the testbed implementations and resilience and performance evaluations of MTD approaches. Finally, we articulate the existing challenges in MTD for DoS mitigation in cloud systems and how these challenges are shaping the future research in this domain.