Vulnerability Bandwidth Depletion Attack on Distributed Cloud Computing Network: A QoS Perspective

A previous work on Airport Information Resource Management System (AIRMS) established that sophisticated attacks in the form of Denial of Service (DoS), Distributed DoS (DDoS), and related attacks are becoming the most effective schemes used by cyber terrorists on such enterprise systems. Similarly, a novel Smart Green Energy Management Distributed Cloud Computing Network (SGEM-DCCN) was developed as an extension to the work. Interestingly, the DCCN could be shut down by malicious attackers while running its renewable energy management cloud service. Consequently, this work presents a security model designed to improve the security architecture in a mission-critical DCCN running Enterprise Energy Tracking Analytic Cloud Portal (EETACP). As a result of the EETACP DCCN vulnerability to DoS attacks, this work employed a core OpenFlow gateway firewall to pre-empt DDoS attacks and subsequently mitigate such destructive vulnerabilities in the network. In this case, Vulnerability Bandwidth Depletion DDoS Attack (VBDDA) was detected using Cisco Nexus 9000 firewall as an embedded network device with support for Virtual DDoS protection in the DCCN threat mitigation design. Also, security Quality of Service (QoS) profiling was employed to ascertain the network behavior in terms of resource utilization and query response times. For DDoS traffic flows, the network metrics were compared under simulated firewall scenarios involving Cisco Application Policy Infrastructure Controller (Cisco APIC), Cisco Nexus 9000 Series multilayer Switches and Cisco Application Virtual Switch (AVS). It was concluded that with a robust firewall in place, VBDDA will be mitigated in DCCN infrastructure. This offers protection and reliability in the Smart Green Energy Management System architecture.