**3. Methodology**

Based on the research ideas provided, we have used qualitative research method, and the theory we have decided to use is as follows. A local user agent is created by the user to establish a temporary security certificate for safe authentication over a given period of time. This certificate will contain the username, user id, security features, hostname, session times, and other relevant features. Once this is done, the authorization for the user is finalized. As the user will start to use the resources on the cloud, mutual authentication will initiate between the cloud application and user. The application will check if the certificate is valid for the user, a security policy is applied to it. As per the requirements stated by the user, the application will create a list of service resources which will send it to the user. Finally, through an application programming interface (API) security used by the application, the user's session will be fully initiated and connect to cloud services [4, 13].

**19**

cloud resources.

**Figure 1.**

theft?

attacks?

downtime?

requirements (**Figure 2**).

itself (**Figure 3**).

*Cloud Computing Security Services to Mitigate DDoS Attacks*

**Figure 1** describes the method for secure connection with a trusted certificate in a cloud environment and describes its successful implementation as well as usage of

• In case an attack on the cloud service occurs, how will the server mitigate those

• Are the cloud services running behind a trusted firewall? If yes, then how does the firewall report incidents as logs to the administrators and is the firewall

Our research came up with some cost analysis based on cloud infrastructure. The below details were developed for a cloud-based premise comparing both private and public cloud. Shown below is the cost for Azure sizing based on the requirements; the cost is higher than the private cloud infrastructure with much higher

Shown below is virtual storage area network for a hyper-converged solution which is the most popular infrastructure technology in the current market according to Gartner report. This is very helpful for cloud-based organization to grow as it exceedingly with a lot of resources available for use in the cloud deployment models

• Is there a disaster recovery management tool in place for the cloud servers? If so then what procedures will be followed to ensure that there is little or no

Some of the research questions we have identified are as follows:

*Model for secure connection with a trusted certificate in a cloud environment.*

artificially intelligent enough to challenge such difficulties?

• Which security protocols you have placed in your cloud architecture to ensure a seamless connection between users does not result in online data

*DOI: http://dx.doi.org/10.5772/intechopen.92683*

*Cloud Computing Security Services to Mitigate DDoS Attacks DOI: http://dx.doi.org/10.5772/intechopen.92683*

#### **Figure 1.**

*Cloud Computing Security - Concepts and Practice*

in which the attack occurs [23].

**3. Methodology**

services [4, 13].

Information security relates to gathering the alerts which come about the cloud service monitoring tools. Logs get created for the events. Being a central point, cloud computing is able to handle the information stored and how it gets altered by malicious activity which leads to a crisis situation. If an alert gets ignored, it becomes a golden opportunity for attackers to exploit the cloud services and can access the data of customers. If such a case does happen, the admin must take immediate actions and retrieve data backups. Cloud computing can aid in the seamless transfer of the information to a backup server which will store the information of all the customers. Cloud IaaS is a possible direction of data backup in which data needs to be firmly

Intrusion management looks after the packets coming in and going out of the network. It has got a set of predefined rules which can handle a particular event. A cloud service provider needs to have an intrusion management tool such as anomaly detection. This type of detection system trains itself by observing network behaviors. It identifies the class level for the intrusion whether normal or intrusion, based on the network packets. If an intrusion is found, it should send a warning to the alert or information security system for further action [22]. Hadoop is an open source software, which is becoming popular with cloud administrators. Hadoop is used to distribute processing of big data using MapReduce. MapReduce is a model which can perform analysis very quickly to locate the malicious activity and the area

Disaster management in collaboration with disaster recovery relates to cloud data storage in its servers. One must be prepared for it; thus, disaster rescue management can be put in place by the hosting providers in the cloud servers. Attackers can disrupt services by sending malicious requests to the server if there are no strong security policies placed, and they can create downtime of the server as the servers can get overloaded through it. For natural disasters, cloud hosting providers can place their data centers at geographical locations so that if one center gets

Looking at an infrastructure point of view, we picked Veeam, a software product developed by Veeam organization itself to replicate, backup, and restore data on virtual machines. It has a lot of capabilities as it pools together one of the leading backup services for a cloud infrastructure. Having the ability to replicate with advanced monitoring, reporting tools, and capacity planning functionality, Veeam

Based on the research ideas provided, we have used qualitative research method, and the theory we have decided to use is as follows. A local user agent is created by the user to establish a temporary security certificate for safe authentication over a given period of time. This certificate will contain the username, user id, security features, hostname, session times, and other relevant features. Once this is done, the authorization for the user is finalized. As the user will start to use the resources on the cloud, mutual authentication will initiate between the cloud application and user. The application will check if the certificate is valid for the user, a security policy is applied to it. As per the requirements stated by the user, the application will create a list of service resources which will send it to the user. Finally, through an application programming interface (API) security used by the application, the user's session will be fully initiated and connect to cloud

protected as it should be a specialized cloud-based backup server [21].

affected, another will pick up and prevent downtime of services [24].

is highly desirable to be used for a disaster management tool.

**18**

*Model for secure connection with a trusted certificate in a cloud environment.*

**Figure 1** describes the method for secure connection with a trusted certificate in a cloud environment and describes its successful implementation as well as usage of cloud resources.

Some of the research questions we have identified are as follows:


Our research came up with some cost analysis based on cloud infrastructure. The below details were developed for a cloud-based premise comparing both private and public cloud. Shown below is the cost for Azure sizing based on the requirements; the cost is higher than the private cloud infrastructure with much higher requirements (**Figure 2**).

Shown below is virtual storage area network for a hyper-converged solution which is the most popular infrastructure technology in the current market according to Gartner report. This is very helpful for cloud-based organization to grow as it exceedingly with a lot of resources available for use in the cloud deployment models itself (**Figure 3**).

#### **Figure 2.**

*Cost analysis with Azure vs. private cloud infrastructure based on resource requirement.*

#### **Figure 3.**

*Virtual storage area network for a hyper-converged solution.*


**21**

perspective:

**Figure 5.**

*Cloud Computing Security Services to Mitigate DDoS Attacks*

The screenshot shown below shows the virtual machine on a cloud premise. When a user wants to purchase a virtual machine, the cost related to the resources requested will be shown on the cloud interface and can be upgraded as well when

The focus of this research is on distributed denial of service (DDoS) attacks on the cloud. The authors researched on existing cloud security solutions and also present an implementable solution focusing on DDoS mitigation for IT infrastructure.

one wants to deploy a virtual machine in their cloud (**Figures 4** and **5**).

The authors define the scope and recommend few focus areas:

• Defending volumetric attacks is a need for cloud components.

• Blocking application-level attacks without submitting SSL Key.

• Deploying acceptable network infrastructure as per IT security policy.

a.**On-premise based:** Having a devoted on-premise DDoS attack mitigation answer are first-rate desirable for government entities, financial establishments, and healthcare but not beneficial for all. When the highest stage of safety is mandatory and organizations opt to give as little visibility into their customer facts or approximately their encryption certificate to as few third birthday celebration providers, this could be regarded as a limited scope option. On-premise DDoS devices might store encryption certificates and inspect visitors regionally without any scrubbing, redirection, or inspection. The mitigation device would be required to guard against numerous DDoS vectors like flooding (UDP/ICMP, SYN), SSL based, application layer (HTTP GET/POST), or low and slow attacks. With mitigation structures in house, the proximity to facts center sources is useful, and the systems may be fine-tuned at once by the in-residence IT teams. They have a tendency to have a miles more cognizance to their setup for any adjustments in site visitor flows or from the

DDoS attack mitigation solutions are discussed here based on design

*DOI: http://dx.doi.org/10.5772/intechopen.92683*

**4. Existing cloud security solutions**

*Costing for a cloud infrastructure with a disaster recovery package.*

#### **Figure 4.**

*Billing and purchase interface when requesting a virtual machine in a cloud-based environment.*

*Cloud Computing Security Services to Mitigate DDoS Attacks DOI: http://dx.doi.org/10.5772/intechopen.92683*


**Figure 5.**

*Cloud Computing Security - Concepts and Practice*

**20**

**Figure 4.**

**Figure 3.**

*Virtual storage area network for a hyper-converged solution.*

**Figure 2.**

*Billing and purchase interface when requesting a virtual machine in a cloud-based environment.*

*Cost analysis with Azure vs. private cloud infrastructure based on resource requirement.*

*Costing for a cloud infrastructure with a disaster recovery package.*

The screenshot shown below shows the virtual machine on a cloud premise. When a user wants to purchase a virtual machine, the cost related to the resources requested will be shown on the cloud interface and can be upgraded as well when one wants to deploy a virtual machine in their cloud (**Figures 4** and **5**).
