Mitigating Yo-Yo attacks on cloud auto-scaling

In recent years, global businesses have witnessed a significant cloud adoption that provides considerable value compared to traditional data centers, achieving greater scalability, cost efficiency, and improved performance. Cloud auto-scaling is a cloud service feature that copes with variations in the workload by spinning up or down instances on the fly. Attackers may exploit auto-scaling mechanisms to transform the traditional DDoS attacks into Economic Denial of Sustainability attacks (EDoS). In this perspective, a new type of attack, called Yo-Yo attack, has been recently reported in the literature where the attackers send a burst of traffic periodically to oscillate the auto-scaling system between scale-out and scale-in status inducing economic loss to the tenant. These new types of attacks cause are harder to detect compared with traditional DDoS, and they require fewer resources from the attacker. In this paper, we present a simple solution that is capable of detecting a Yo-Yo attack and mitigating it. In this quest, a legacy approach named Trust-based Adversarial Scanner Delaying (TASD) [1] is implemented and tested in a cloud production environment. The TASD method assigns a trust value number as a Quality of Service (QoS) value to each user. The original TASD system used an Additive Decrease method to update the trust value. Inspired by the TCP rate control mechanisms, we introduce two variants of TASD, ADAI (Additive Decrease/Additive Increase) and MDAI (Multiplicative Decrease/Additive Increase). The devised TASD approaches are deployed on Amazon Web Services (AWS). The experiment evaluations show that our proposed TASD variants can efficiently detect and mitigate Yo-Yo attacks in an actual cloud application.