The success of the cloud computing paradigm is due to its on-demand, self-service, and pay-by-use nature. According to this paradigm, the effects of Denial of Service (DoS) attacks involve not only the quality of the delivered service, but also the service maintenance costs in terms of resource consumption. Specifically, the longer the detection delay is, the higher the costs to be incurred. Therefore, a particular attention has to be paid for stealthy DoS attacks. They aim at minimizing their visibility, and at the same time, they can be as harmful as the brute-force attacks. They are sophisticated attacks tailored to leverage the worst-case performance of the target system through specific periodic, pulsing, and low-rate traffic patterns. In this paper, we propose a strategy to orchestrate stealthy attack patterns, which exhibit a slowly-increasing-intensity trend designed to inflict the maximum financial cost to the cloud customer, while respecting the job size and the service arrival rate imposed by the detection mechanisms. We describe both how to apply the proposed strategy, and its effects on the target system deployed in the cloud.

M. C. Mont, K. McCorry, N. Papanikolaou, and S. Pearson, “Security and privacy governance in cloud computing via SLAS and a policy orchestration service,” in Proc. 2nd Int. Conf. Cloud Comput. Serv. Sci., 2012, pp. 670–674.

F. Cheng and C. Meinel, “Intrusion Detection in the Cloud,” in Proc. IEEE Int. Conf. Dependable, Autonom. Secure Comput., Dec. 2009, pp. 729–734.

C. Metz. (2009, Oct.). DDoS attack rains down on Amazon Cloud [Online]. Available: http://www.theregister.co.uk/2009/10/05/amazon_bitbucket_outage/S

K. Lu, D. Wu, J. Fan, S. Todorovic, and A. Nucci, “Robust and efficient detection of DDoS attacks for large-scale internet,” Comput. Netw., vol. 51, no. 18, pp. 5036–5056, 2007.

H. Sun, J. C. S. Lui, and D. K. Yau, “Defending against low-rate TCP attacks: Dynamic detection and protection,” in Proc. 12th IEEE Int. Conf. Netw. Protocol., 2004, pp. 196-205.

A. Kuzmanovic and E. W. Knightly, “Low-rate TCP-Targeted denial of service attacks: The shrew vs. the mice and elephants,” in Proc. Int. Conf. Appl., Technol., Archit., Protocols Comput. Commun.,2003, pp. 75–86.

M. Guirguis, A. Bestavros, I. Matta, and Y. Zhang, “Reduction of quality (RoQ) attacks on internet end-systems,” in Proc. IEEE Int. Conf. Comput. Commun., Mar. 2005, pp. 1362–1372.

X. Xu, X. Guo, and S. Zhu, “A queuing analysis for low-rate DoS attacks against application servers,” in Proc. IEEE Int. Conf. Wireless Commun., Netw. Inf. Security, 2010, pp. 500–504.

L. Wang, Z. Li, Y. Chen, Z. Fu, and X. Li, “Thwarting zero-day polymorphic worms with network-level length-based signature generation,” IEEE/ACM Trans. Netw., vol. 18, no. 1, pp. 53–66, Feb. 2010.

A. Chonka, Y. Xiang, W. Zhou, and A. Bonti, “Cloud security defense to protect cloud computing against HTTP-DOS and XMLDoS attacks,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1097–1107, Jul. 2011.

D. Petcu, C. Craciun, M. Neagul, S. Panica, B. Di Martino, S. Venticinque, M. Rak, and R. Aversa, “Architecturing a sky computing platform,” in Proc. Int. Conf. Towards Serv.-Based Int., 2011, vol. 6569, pp. 1-13.

U. Ben-Porat, A. Bremler-Barr, and H. Levy, “Evaluating the vulnerability of network mechanisms to sophisticated DDoS attacks,” in Proc. IEEE Int. Conf. Comput. Commun., 2008, pp. 2297–2305.

S. Antonatos, M. Locasto, S. Sidiroglou, A. D. Keromytis, and E. Markatos, “Defending against next generation through network/ endpoint collaboration and interaction,” in Proc. IEEE 3rd Eur. Int. Conf. Comput. Netw. Defense, 2008, vol. 30, pp. 131–141.

R. Smith, C. Estan, and S. Jha, “Backtracking algorithmic complexity attacks against a NIDS,” in Proc. Annu. Comput. Security Appl. Conf., Dec. 2006, pp. 89–98.

C. Castelluccia, E. Mykletun, and G. Tsudik, “Improving secure server performance by re-balancing SSL/TLS handshakes,” in Proc. ACM Symp. Inf., Apr. 2005, pp. 26–34.