Detecting and Preventing of DDoS Attack in Cloud Computing Environment Based on Hybrid Technique (Cloudflare and WAF)

1Joshua John,2Okonkwo Obikwelu, 3Godspower Akawuku and 4Chika Lilian Onyagu

1Institute of Computing & ICT, Ahmadu Bello University, Zaria, Nigeria.

2,3Department of Computer Science, Faculty of Physical Sciences, Nnamdi Azikiwe University, Awka,  Nigeria.

4Department of Cyber Security, Margaret Lawrence University, Umunede Delta, Nigeria.


The adoption of cloud computing has revolutionized data storage and processing globally. Nevertheless, the need for a close watch on security is paramount. Hence, the aim of this paper, to develop a cloud security model that detects and prevents the risks of Distributed Denial of Service (DDoS) attacks in cloud computing systems which are gravely potent and, on the increase, today. This was done using two approaches: analyzing Transmission Control Protocol/Internet Protocol (TCP/IP) header features of incoming packets in cloud computing environment in order to detect and classify spoofed IP address during DDoS attack via a custom-made Web Application Firewall (WAF); and the integration of the cloud resources with Cloudflare. The result shows that a total of 1,625,192 packets were transmitted in a short period which were captured and analyzed via Wireshark. Several TCP errors were observed over a very short time interval which indicated successful DDoS attack effectively crashing the system. The result varied when the custom-made WAF was put in place, and the attacking lab machine launched a TCP syn flood attack against the web server on port http port 80. A total of 2,353,585 packets were transmitted in a short period which were captured and analyzed using Wireshark and contained less TCP errors indicating successful mitigation of DDoS attacks. When the resources were hosted online and integrated with Cloudflare, integrity checks were successful before the resources were loaded, indicating complete mitigation of attacks.

Keywords: Bandwidth, Botnet, Cloudflare, Wireshark and Zombie


Cloud computing is a way of accessing compute and storage systems without actually owning and doing active management of the resources. Billions of devices are part of this network and tend to make physical objects, devices and many other deployment areas smarter. Cloud technology had a $543 billion market in 2021. Experts estimate that it will become an $864 billion market by 2025 [1].  The Internet is used by the cloud computing method of IT service delivery to distribute computing resources and software tools. Under this service model, the user simply pays for the time spent using the computer as well as the amount of storage and bandwidth. However, besides the advantages that cloud computing are offering, it comes along with numerous security challenges as well. Increased social dependence on the information and communication technology has resulted in enhanced vulnerability to the plethora of critical cyber oriented attacks. One such attack is the cyber-attack infamously called Distributed Denial of Service (DDoS).

The day when first DDoS attack was launched, an increased annual impact, not only in the number but also in the type and rigorousness of DDoS incidents, has been observed. In fact, nowadays, DDoS attacks are considered to be one of the most severe threats to the stability of the entire Internet, particularly cloud computing. The year 2023 marked a significant rise in attacks, sustaining the growth trajectory from the previous quarter with a 68% Year-over-Year (YoY) increase in DDoS [2, 3, 4]. DDoS attacks can be launched for various reasons ranging from activism to state-sponsored disruption, with many attacks being carried out simply for profit. Hiring services online for DDoS attacks is relatively inexpensive, especially in relation to the amount of damage they can cause. The impact of these attacks are the availability of applications or websites and these attacks can last for hours or even days and block your users from normal usage of your applications. The financial impact on business, this can lead to loss of revenue, increased expenses on IT infrastructure provisioning. DDoS attacks can lead to data losses and reputation of an organization.  DDoS attacks can be mainly divided by which layer of the OSI model they attack. DDoS attacks can be mainly divided by which layer of the OSI model they attack: Application-Layer Attacks (layer 7) – HTTP floods, DNS query floods: Composed of requests (HTTP GETs and DNS queries are popular) that are designed to consume application resources (memory, CPU, bandwidth). An example is an attacker who continuously uses a website functionality (submitting a contact form or any API requests) where he knows that it causes database and application processing so that the underlying web service is busy with malicious requests and cannot deliver to other users anymore.  State-Exhaustion Attacks (layer 4) – SYN Flood: Consume the TCP connection state tables present in many network infrastructure and security devices, including routers, firewalls, and load-balancers, as well as the application servers themselves. The attacker quickly initiates a connection to a server without finalizing the connection. These attacks can block access for legitimate users or make security devices inoperative, sometimes even leaving defenses wide-open to data exfiltration. Volumetric Attacks (layer 3): Also referred to as Network floods, and includes UDP floods (UDP reflection attacks) and ICMP floods. This type of attack occurs when a network is overwhelmed by a large amount of malicious traffic, causing your applications or services to become unavailable to users. DDoS attacks in cloud environments have been a significant concern due to the proliferation of cloud services and the potential for attackers to exploit the shared infrastructure. All this has been fueled by a rise in botnet usage. This trend heightens the risks for organizations lacking DDoS protection, making them prone to severe and extended outages. A DDoS attack is an attempt to disrupt the regular operation of a system by overwhelming it with traffic. In the case of a cloud environment, this usually takes place by sending thousands upon thousands of connections simultaneously. These requests flood the server and prevent it from processing legitimate requests.


Cloud computing comes with a lot of security risks. It is recommended that the model developed in this study be used by cloud based companies to safeguard their infrastructure, platform and software. It is further recommended that further studies be conducted in this area due to ever-increasing threats and vulnerabilities evident in computing environment to further mitigate DDoS attacks.


  1. Nancy Pais, (2023). Future of Cloud Computing 2025: 10 Trends and Predictions. Available on Retrieved on 25th September 2023
  2. StormWall, (2023). DDoS Attack Statistics by Country in Q2 2023. Available on Retrieved 25th September, 2023.
  3. Val Hyginus U. Eze, Chinyere Nneoma Ugwu and Ifeanyi Cornelius Ugwuanyi (2023). A Study of Cyber Security Threats, Challenges in Different Fields and its Prospective Solutions: A Review. INOSR Scientific Research 9(1):13-24.
  4. Eze, M. C., Eze, V. H. U., Chidebelu, N. O., Ugwu, S. A., Odo, J. I., & Odi, J. I. (2017). NOVEL PASSIVE NEGATIVE AND POSITIVE CLAMPER CIRCUITS DESIGN FOR ELECTRONIC SYSTEMS. International Journal of Scientific & Engineering Research, 8(5), 856–867.
  5. Bhuyan, M. H., Kashyap, H. J., Bhattacharyy, D. K., & Kalita, J. K. (2013). Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions at Colorado Springs.
  6. Chen, Y., Hwang, K., & Ku, W. S. (2006). “Distributed change-point detection of DDoS attacks over multiple network domains”, Proceedings of the IEEE International Symposium on Collaborative Technologies and Systems, Las Vegas, NV, IEEE CS, vol. 14-17, pp. 543–550.
  7. Lonea, A. M., & Popescu, D. E. (2013). “Tianfield Detecting DDoS Attacks in, Cloud Comp Int. Journal Comput Commun, ISSN 1841-9836 8, no. 1,(2013), pp. 70-78.
  8. Roschke, S., Cheng, F., & Meinel, C. (2009). “Intrusion detection in the cloud,” in Dependable, Autonomic and Secure Computing, 2009. DASC’09. Eighth IEEE International Conference on, pp. 729-734.
  9. Lo, C. C., Huang, C. C., & Ku, J. (2010). “A Cooperative Intrusion Detection System Framework for Cloud Computing Networks”, In 39th International Conference on Parallel Processing Workshops, 280-284.
  10. Choi, J., Choi, C., Ko, B., Choi, D., & Kim, P. (2013). “Detecting Web based DDoS Attack using MapReduce operations in Cloud Computing Environment”. Journal of Internet Services and Information Security (JISIS), volume: 3, number: 3/4, pp. 28-37.
  11. Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., Rajarajan, M., & Gujarat, N. S. (2013). Survey of intrusion detection “A techniques Elsevier in Journal Cloud of Network and Computer Applications, vol. 36, (2013), pp. 42– 57.
  12. Muda, Z., Yassin, W., Sulaiman, M.N. & Udzir, N. I. (2011). “I and Naïve Bayes classification”, 7th International Conference, on Emerging Convergences and Singularity of Forms (CITA).
  13. Komviriyavut, T., Sangkatsanee, P., & Wattanapongsakor, N. (2009). “Detection and classification with decision tree and r on Communications and Information Technology (ISCIT), pp. 1046-1050.
  14. Chouhan, V. and Peddoju, S. K. (2012). “Packet Monitoring Approach to Prevent DDoS Attack in Cloud Computing,” no. 2315, pp. 38–42.
  15. Dou, W., Chen, Q. and Chen, J. (2013). “A confidence-based filtering method for DDoS attack defense in cloud environment,” Futur. Gener. Comput. Syst., vol. 29, no. 7, pp. 1838–1850.
  16. Siva, T., Krishna, E. S. P., Vidyanikethan, S. and Dist, C. (2013). “Controlling various network based A DoS Attacks in cloud computing environment: International Journal of Engineering Trends and Technology (IJETT), vol. 4,no. 5 pp. 2099–2104.
  17. Ankali, S. B. (2011). “Detection Architecture of Application Layer DDoS Attack for Internet,” vol. 990, pp. 984–990.
  18. Gadze, J. D., Bamfo-Asante, A. A., Agyemang, J. O., Nunoo-Mensah, H. and Opare, K. A. B. (2021). “An investigation into the application of deep learning in the detection and mitigation of DDOS attack on SDN controllers,” Technologies, vol. 9, no. 1, p. 14.
  19. Bojović, P.D., Bašičević, I., Ocovaj, S. & Popović, M. (2019). “A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method”. Computers & Electrical Engineering, 73, pp.84-96.
  20. Priya, S.S., Sivaram, M., Yuvaraj, D., & Jayanthiladevi, A. (2020). “Machine learning based DDoS detection”. In Proceedings of the 2020 International Conference on Emerging Smart Computing and Informatics (ESCI), Pune, India, 12–14; pp. 234–237.
  21. Wani, A.R., Rana, Q.P., Saxena, U., & Pandey, N. (2019). “Analysis and Detection of DDoS Attacks on Cloud Computing Environment using Machine Learning Techniques”. In Proceedings of the Amity International Conference on Artificial Intelligence (AICAI), Dubai, United Arab Emirates, pp.4–6.
  22. Ogbomo-Odikayor. I. F., Anigbogu. S.O., Edebeatu Dom & Anigbogu, G.N. (2018). “A hybrid model of intrusion detection system in a cloud computing environment,” International Research Journal of Advanced Engineering and Science, Volume 3, Issue 3, pp. 194-200.
  23. Khalid, A. F. (2016). “An Overview of DDOS Attacks Detection and Prevention in the Cloud”. International Journal of Applied Information Systems (IJAIS) – ISSN: 2249-0868 Foundation of Computer Science FCS, New York, USA Volume, pp.11 – No. 7 –
  24. Wei Y., Jang-Jaccard J., Sabrina F., Singh A., Xu, W. and Camtepe, S. (2021). “AE-MLP: a hybrid deep learning approach for DDoS detection and classification,” IEEE Access, vol. 9, pp. 146810–146821.
  25. Modi, C. N., Patel, D. R., Patel, A. and Muttukrishnan, R. (2012).  “Bayesian Classifier and Snort based network intrusion detection system in cloud computing,” 2012 Third Int. Conf. Comput. Commun. Netw. Technol., vol. 39, no. July, pp. 1–7.

CITE AS: Joshua John, Okonkwo Obikwelu, Godspower Akawuku and Chika Lilian Onyagu (2023). Detecting and Preventing of DDoS Attack in Cloud Computing Environment Based on Hybrid Technique (Cloudflare and WAF). NEWPORT INTERNATIONAL JOURNAL OF ENGINEERING AND PHYSICAL SCIENCES (NIJEP) 3(3)28-40.