Economic Denial of Sustainability (EDoS)
EDoS is a type of DoS or DDoS attack that targets the vulnerabilities of cloud consumers’ utility pricing models such as pay as you go model. Autoscaling is the keyword of this attack. The main goal of this attack is to trigger the auto-scaling system with malicious traffic. With this attack, the victim should have to pay a huge amount of cloud bills. In the worst-case scenario, if the victim can’t afford this bill which leads to persistent denial of services with bankruptcy. Cloud computing getting more popular because of the high price of network and system requirements. Cloud can be a very good alternative to buying and managing systems. Especially small businesses chose the cloud system because of affordable options. By the way, organizations don't need to manage hardware and handle DDOS issues. Because cloud providers generally serve the DDoS shield as default. All these things make the cloud attractive.
What is different between DDOS?
In DDOS attackers generally attack with maximum resources over a short time period to suspend the services. But EDOS attackers do not use their sources like that. They slowly and gradually push illegitimate traffic over a longer period. This leads to a loss of resources for a long time. I can give the illness example for this scenario. DDOS is the flu that makes you sick for a couple of days. EDOS is a long time cancer affects your life and you can’t realize that. The main goal of the EDOS attackers is to maximize the cloud cost for the victim.
There is a comparison of the traffic pattern of DDOS and EDOS
As we can see there is a gap between DDOS and normal traffic regions. EDOS can occur in this area. This makes detecting more difficult. This traffic can be interpreted as a busy day. There are some models for mitigating EDOS attacks. You can find details in this article. This table is also taken from the same article.
Some of these models using a Turing test to detect illegitimate traffic.
my favorite method is “Controlled access to cloud resources”
Controlled access to cloud resources
The architecture is somewhat similar to EDoS-Shield comprised of vFirewall and VM Investigator. vFirewall filters the traffic based on Turing test and updated blacklist. VM investigator probe the suspected request to further analysis. Unlike EDoSShield, this scheme allows traffic that fail the Turing test and direct to VM Investigator for deep inspection, where the former dropped the traffic. The scheme uses a threshold parameter based on CPU usage metric. This threshold parameter (upper & lower bound) helps to trigger auto scaling feature in cloud. Although, auto scaling not solely depends on threshold value. Rather, a specific observation time of anomalous resources is also considered along with threshold to enable auto scaling. The scheme also uses a parameter name User Trust Factor (UTF) to evaluate end user’s values based on pass or fail the Turing test. This scheme is among the few mitigation approaches which evaluated the false rate. It also evaluated latency and CPU usage.
As mentioned in this article
Analyzing attacker behavior or profile is also a key factor for proactive defensive mechanism. Existing mitigation models overlooked this fact. Moreover, use of graphical Turing test or crypto-puzzle increased time complexity. Finding an alternative approach to optimize the response time is another open issue that needs to be resolved.
Chowdhury, Fahad & Kiah, Laiha & Ahsan, M.. (2017). Economic denial of sustainability (EDoS) mitigation approaches in cloud: Analysis and open challenges. 206–211. 10.1109/ICECOS.2017.8167135.
