Critical analysis of the research paper titled: A Survey on Mitigation Techniques against DDoS Attacks on Cloud Computing Architecture Ahmed Bakr, A. A. Abd El-Aziz, and Hesham A. Hefny
Summary of the Content of Paper:
The paper opens with an analysis of the importance of service availability for cloud environments and the main threat of Distributed Denial of Service (DDoS) attack which may result in cloud service degradation / outage. The authors explained in much details the effects of DDoS attacks, means, motives and opportunities of DDoS attack, before the categories of the mitigation techniques covering preventative, detective and recovery categories. Companies, companies can also test the implementation of the multi-layer solution guideline-based solutions in order demonstrate their effective evaluation in cloud environments.
A: Quality of the Research
1. Is the research question or objective clearly stated?
Yes, the research objective of the paper is to present DDoS mitigation techniques. The tools and techniques discussed in detail have been developed to address multiple categories of DDoS mitigation techniques.
2. Is the research question interesting and important?
Yes, cloud computing adoption continues to grow, thereby increasing the importance of ensuring that cloud services are always available, in order to maintain user confidence and service level agreements.
3. Is the work original?
The survey of the mitigation techniques have perused relevant research materials and the authors have gathered supporting data from DDoS Attack Statistics.
4. Is the background research clear and relevant?
The background research is clear and relevant as it relates specifically to measures that organisations should consider and implement to prevent, detect and recovery of DDoS attack on cloud services.
5. Are there any ethical problems?
I was unable to find or think of any ethical problems with this paper.
B: The Research Method
1. Summarise the research method
The research method about DDoS attacks and mitigation techniques within the cloud computing environment found that EDoS is a primary form of DDoS attack in the cloud. The mitigation solutions identified in the paper fall into three main categories which are; preventative, detective and recovery methods.
2. Does the research method seem appropriate for the research question?
The authors have researched multiple techniques that can be applied to prevent, detect or recover from DDoS attack. This categorisation seems appropriate to properly define the scope and limitations of each techniques described by the authors.
3. Are the methods adequately described?
The methods are adequately described with enough information about each method and how to apply the measures to mitigate DDoS attacks for cloud services.
4. Were the analyses done correctly?
Yes the analysis captured the background, effects, and methods of DDoS attacks, followed by the taxonomy of DDoS attack tools before presenting mitigation techniques in more detail.
5. Are the conclusions supported by the data?
I agree that the conclusions are supported by the data provided from the statistical data of DDoS attacks.
C: Quality of Presentation
1. Is the work well presented?
The table of content is missing from the paper. This makes it difficult to understand the content of the paper without going through the entire paper. However, all other sections of the paper were well presented by the authors.
2. Is the paper well structured?
Yes it well structured with a logical flow of information. However, the lack of a table of contents makes it a bit more difficult to follow or go to the relevant sections within the paper.
3. Are symbols, terms, and concepts adequately defined?
Terminologies used are adequately defined and explained clearly by the authors.
4. Would additional tables, figures help to clarify the work?
No, I don’t think so. I believe the authors have described in much details how to go about preventing service outages of cloud services.
D: Additional Notes
I enjoyed the analysis of the taxonomy of DDoS tools as it relates to attributes and categorised by: Interface, attack rate dynamics, operating system, attack model, protocol, DDoS category and the target area (reference image below)
DDoS Mitigation. https://www.cloudflare.com/learning/ddos/ddos-mitigation/