International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, ISSN 2321-3469

International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD Nousheen R1, Shanmugapriya M2, Sujatha P3,Dhinakaran D4 Student, Computer Science and Engineering, Peri Institute of Technology, Chennai, India 1,2,3 Assistant professor, Computer Science and Engineering, Peri Institute of Technology, Chennai, India 4

ABSTRACT:

Cloud computing is current trend in market .It reduce the cost and complexity of service providers by the means of capital and operational cost.It allows users to access application remotely. This construct directs cloud service provider to handle cost of servers, software updates,etc. If the session tokens are not properly protected, an attacker can hijack an active session and assume the identity of a user. To focusing on session hijacking and broken authenticationOTP is generated it will send user mail.Once the user is authenticatedthey will be split into virtual machine it is initiate to the upload process into the cloud.Thecloud user files are uploaded and stored in domain based .Also in our proposed system encryption keys are maintained outside of the IaaS domain.For encryption, we proposed RSA algorithm .For data owner file encryption, we use camellia algorithm. Finally the files are stored in the public cloud named CloudMe.

Keywords: Cloud computing, session hijacking, OTP, Virtual machine, Iaas, CloudMe

[1] INTRODUCTION

Cloud computing is an information technology(IT) standard that enables universal access to share group of configurable system resource and higher-level services that can be quickly provisioned with minimal management effort, often over the internet. Cloud providers

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 1

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD

typically use a “pay-as-you-go” model which can lead to unexpected operating expenses if administrators are not comfortable with cloud-pricing models. Companies can greatly reduce IT costs by off –loading data and computation to cloud computing services mostly, due to outstanding concerns. Closed platform can give creators complete control over the structure and difficulty of the software stack, thus they can alter it to their security requests. Maintenance of cloud computing applications is easier, because they do not need to be installed on each user’s computer and can be accessed from different places (e.g., different work locations, while travelling, etc.). Infrastructure as a service (IaaS) refers to online services that provide high -level APIs used to dereference various low –level details of underlying network infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc. IaaSclouds often offer additional resources such as virtual –machine disk –image library, raw block storage, file or object storage, firewall, load balancer, IP addresses virtual local area networks (VLANs), and software bundles. Cloud computing has improved an idea to enormous deployment in various application domains. The difficulty of cloud computing introduce innovative security risk and challenges. Session hijacking is used to gain unauthorized access to information or service in a computer system by managing the user name and password. This proposes, a session hijacking attacks detection mechanism by periodicallymonitoring the received signal strengthvalues for a particular MAC addresses. The advantage is that it makes difficult for an attacker to avoid detection by modifying its transmission power since, it is difficult for the attacker to predict the use’s data. The need for operational and cost –effective cloud platform security mechanism is suitable for organisations that depend on cloud infrastructure. For the security of data the files are encrypted and stored in virtual machine. A set of protocols for launch of virtual machines (VM) in IaaS, which provide user with a proof that the requested VM instances were impelled on a host with an expected software stack. The domain –based storage protection protocol is introduced to allow domain manager’s to store encrypted data.An attacks applicable toIaaS environment and use them to develop protocols with preferred security stuffs, implement the security analysis and prove their conflict besides the attacks.

[2] EXISTING SYSTEM

In the existing system, the result offers cloud occupiers a proof regarding the integrity of computer hosts understanding their portion of the cloud infrastructure. Also no secure framework in cloud environment to deliver security against cloud attacks. The user’s files and data are stored in the single virtual machine and this leads to the congestion during the file request and response. VM environment can select to encrypt data on the operating system (OS) level within their datacentres. This method suffers from several drawbacks: first, the computer host will have right to use encryption keys whenever the VM performs cryptographic operations; second, this shift near the tenant burden of sustaining the encryption software in all their VM instances and increases the attack surface; third, this involves injecting, migrating and later securely extracting encryption keys to each of the VM instances with right to use the encrypted data, increasing the possibility than an attacker finally obtains the keys. In most cases cloud providers continues and manage the keys needed for encryption of data at rest. Then the cloud convolutes the earlier complex data migration process between different cloud

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 2

International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469

providers, disadvantaging tenant through a new variant of vendor lock –in. Also in existing system outbreaks or threats to the infrastructure is not efficiently handled.

DISADVANTAGE

This approach suffers from several models: 1. The underlying computer host will still access the encryption keys whenever the VM approaches the cryptographic. 2. This shifts towards the tenant the burden of maintaining the encryption software in all their VM instances and increases the attack surfaces.

[3] PROPOSED SYSTEM In proposed system, a framework for data and operation security in IaaS is described that consist of protocols for a trusted launch of virtual machines and domain –based storage protection. Thus once the user is authenticated they will be launched in virtual machines where they initiate the upload process into the cloud.The cloud user files are uploaded and stored in domain based. To provide resistance against cloud based web application attacks (focusing on session hijacking and broken authentication). Authentication is a critical aspect of this process, but even solid authentication mechanisms can be undermined by flawed credential management functions, including password change, forgot my password, remember my password, account update, and other related functions. In either case, if the session tokens are not properly protected, an attacker can hijack an active session and assume the identity of a user. Creating a scheme to create strong session tokens and protect them throughout their lifecycle has proven elusive for many developers. For session management, we have implemented cookie management and idle timeout. Also in our proposed system encryption keys are maintained outside of the IaaS domain. For key encryption we proposed RSA algorithm. For data owner file encryption, we use camellia algorithm. Finally the files are stored in public cloud named CloudMe [4]SAMPLE MODULE

REGISTER &LOGIN Request key USER DOMAIN MANAGER

Response key Session Hijacking (overcome)&Broken Authentication

FILE FILE ENCRYPTION UPLOAD Key Generation using RSA

CAMELLIA ALGORITHM

ORIGINAL FILE DOMAIN SPECIFIC STORAGE

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 3

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD

VM1 VM2

DOWNLOAD

UPLOAD CLOUD DECRYPTION

The infrastructure cloud service model is used to store data securely using the privacy preserving .User will register using user details and Login into an account. User will Sign in with username and password. Two major attacks which is the SQL injection attack and session hijacking is explored in depth .In any case, if session tokens are not properly protected, an attacker can hijack the user identity .To overcome session hijacking,OTP is generated to user’s mail for security .If the OTP is success it enter into the user page otherwise its pushed out .Then user upload files and requests the domain manager .The user is authenticated the domain manager will response to the user .Once the user is authenticated they will be launched in virtual machines where they upload process into the cloud .The keys are encrypted using RSA algorithm. The domain manager accept the user file and it is upload in the user side. Domain manager will encrypt the file using camellia algorithm. Domain specific storage split the files into different virtual machine and upload the files in CloudMe. Once the user request for the file in the domain manager and download the files from cloud after decryption.

[5] IDENTITY MANAGEMENT:

Identity Management may come under the privacy preserving .This done in the user side. Initially while registering details in our system, we need to set the unique ID, during registration time for uniqueness. To access the suitable thing or to get the requested file after the file has been uploaded, Unique Id is needed. And some procedures are followed: Authentication: A legal user can access its own data fields, only the authorized partial or entire data fields can be identified by the authorized user. Data anonymity: Any unrelated thing cannot identify the exchanged data and communication state even it intercepts the exchanged messages by an open channel. User privacy: Any irrelevant entity cannot know or guess a user’s access desire, which represents a user’s interest in another user’s authorized data fields.

[6] BROKEN AUTHENTICATION:

Managing user name and passwords has become a huge task in today’s internet-driven world. As a result, authentication has become more advanced to protect the data, systems and networks against intruders. A brute force attack is a trial-and-error method used to obtain

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 4

International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469

information such as a user password or personal identification number (PIN).Our application provides field and security validation against broken authentication attacks.

[7] SESSION HIJACKING:

Session hijacking is the operation of a suitable computer session, it is also to gain unauthorized access to information or services in a computer system. It’s nothing but hijacking a session .Session IDs are exposed in the URL (e.g., URL rewriting). Session IDs are weak to session difficult attacks. The Session Hijacking attack consists of the management of the web session control mechanism, which is normally managed for a session token. The Session Hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server. The session ID is normally stored within a URL. For most communications, authenticationprocedures are carried out at set up. Session hijacking takes advantage of that practice by intruding in real time, during a session.

[8] DOMAIN-BASED STORAGE PROTECTION:

We present DBSP (domain-based storage protection). In this all the data owners’ files are analysed accurately and stored in virtual machines in specific to the domains.

Advantage:

1. This would eliminate bottle neck problems and congestion. 2. Response time would be fast when compared to the traditional approach. 3. Easy to analyse and provider heap memory space based on the usage.

[9] KEY SEED MECHANISM:

The SEED key generation mechanism is a key generation mechanism for SEED. This is the techniques to create and hide the key to or from the user. In this mechanism keys such as encrypt and decrypt keys are generated by the key seed mechanism and also it give the keys if user forget or request the key from admin. The key seed mechanism mainly used for hiding the key from attacker. It will gives the keys only authorized users. The keys are encrypted using RSA algorithm during transmission.

[10] FILE ENCRYPTION:

RSA Algorithm:

The RSA algorithm is named after Ron Rivest, Adi Shamir and Len Adleman, who invented it in 1977 [RIVE78]. The basic technique was first discovered in 1973 by Clifford

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 5

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD

Cocks [COCK73] of CESG (part of the British GCHQ) but this was a secret until 1997. The patent taken out by RSA Labs has expired. The RSA cryptosystem is the most widely-used public key cryptography algorithm In the world. It can be used to encrypt 0a message without the need to exchange a secret key separately. The RSA algorithm can be used for both public key encryption and digital signatures. Its security is based on the difficulty of factoring large integers. Party A can send an encrypted message to party B without any prior exchange of secret keys. A just uses B's public key to encrypt the message and B decrypts it using the private key, which only he knows. RSA can also be used to sign a message, so A can sign a message using their private key and B can verify it using A's public key.

Camellia Algorithm:

Camellia was jointly developed by Nippon Telegraph and Telephone Corporation and Mitsubishi Electric Corporation in 2000 [CamelliaSpec]. Camellia specifies the 128-bit block size and 128-, Encryption Standard (AES). Camellia is characterized by its suitability for both software and hardware implementations as well as its high level of security. From a realistic viewpoint, it is designed to allow flexibility in software and hardware implementations on 32- bit processors generally used over the Internet and many applications, 8-bit processors used in smart cards, cryptographic hardware, embedded systems, and so on [CamelliaTech].Moreover, its key setup time is excellent, and its key quickness is better to that of AES. In particular, Camellia is a Feistel cipher with either 18 rounds (when using 128-bit keys) or 24 rounds (when using 192- or 256-bit keys). Every six rounds, a logical 15 B (1,601 words). The rounds are: 1.Blowfish Encryption Algorithm 2 .International Data Encryption Algorithm 3 .Data Encryption Standard (DES) 4 .Block cipher (redirect from Codebook algorithm) 5 .RC2 6 .RC5 7 .Khufu and Khafre 8 .KASUMI 9 .Speck 10 .Kuznyechik. 11 .CLEFIA12 .3-Way 13 .Kalyna (cipher) 14 .Xenon (cipher) 15 .Biclique attack 16 .Rebound attack 17 .M8 (cipher) 18 .T-function camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project [NESSIE] and also included in the list by the Japan Cryptography Research and Evaluation Committees (CRYPTREC).Camellia can be divided into "key scheduling part" and "data randomizing part".

Key Scheduling Part:

In the key schedule part of Camellia, the 128-bit variables of KL and KR are defined as follows. For 128-bit keys, the 128-bit key K is used as KL and KR is 0. For 192-bit keys, the leftmost 128-bits of key K are used as KL and the concatenation of the rightmost 64-bits of K and the complement of the rightmost 64-bits of K are used as KR. For 256-bit keys, the leftmost 128-bits of key K are used as KL and the rightmost 128-bits of K are used as KR.

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 6

International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469

Data Randomizing Part:

Encryption for 128-bit keys 128-bit plaintext M is divided into the left 64-bit D1 and the right 64-bit D2. D1 = M >> 64; D2 = M & MASK64; Encryption for 192- and 256-bit keys 128-bit plaintext M is divided into the left 64-bit D1 and the right 64-bit D2. D1 = M >> 64; D2 = M & MASK64;

Cloud Storage:

Cloud storage is a data storage where the digital data is stored in logical pools, the physical storage spans multiple servers (and often locations), and the cloud is managed by a hosting company. These cloud storage providers are responsible for keeping the data available and accessible, and the physical environment protected and running. People and organizations buy or lease storage capacity from the providers to store user, organization, or application data. The group user can upload the files in real cloud server named cloudMe. Duplication of files are checked and the files is been uploaded in the cloud server. To get a file, the user needs to send a request to the cloud server. The cloud server will also check the user’s identity before issuing the related file to the user. During file access the user key has to match by the group manager and the requested file can be downloaded by the group user.

[11] ALGORITHMS RSA ALGORITHM:

RSA encrypts messages through the following algorithm, which is divided into 3 steps: 1. Key Generation I. Choose two distinct prime numbers p and q. II. Find n such that n = pq n will be used as the modulus for both the public and private keys. III. Find the totient of n ϕ (n) ϕ (n) = (p-1) (q-1). IV. Choose an e such that 1 < e <ϕ (n), and such that e and ϕ (n) share no divisors other than 1 (e and ϕ (n) are relatively prime).e is kept as the public key exponent. V. Determine d (using modular arithmetic) which satisfies the congruence relation de ≡ 1 (mod ϕ (n)). In other words, pick d such that de - 1 can be evenly divided by (p-1) (q-1), the totient, or ϕ(n). This is often computed using the Extended Euclidean Algorithm, since e and ϕ (n) are relatively prime and d is to be the modular multiplicative inverse of e. d is kept as the private

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 7

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD

key exponent. The public key has modulus n and the public (or encryption) exponent e. The private key has modulus n and the private (or decryption) exponent d, which is kept secret.

2. Encryption I. Person A transmits his/her public key (modulus n and exponent e) to Person B, keeping his/her private key secrete

II. When Person B wishes to send the message "M" to Person A, he first converts M to an integer such that 0 < m < n by using agreed upon reversible protocol known as a padding scheme. III. Person B computes, with Person A's public key information, the ciphertext c corresponding to c ≡ me (mod n). IV. Person B now sends message "M" in cipher text, or c, to Person A.

3. Decryption I. Person A recovers m from c by using his/her private key exponent, d, by the computation m ≡ cd (mod n). II. Given m, Person A can recover the original message "M" by reversing the padding scheme. This procedure works since c ≡ me (mod n),cd ≡(me)d (mod n),cd ≡ mde (mod n). By the symmetry property of mods we have that mde ≡ mde (mod n). Since de = 1 + k ϕ (n), we can write mde ≡ m1 + k ϕ(n) (mod n), mde ≡ m(mk)ϕ(n) (mod n), mde ≡ m (mod n).

Key Generation Algorithm

1. Choose two very large random prime integers: p and q 2. Compute n and φ (n): n = pq and φ(n) = (p-1)(q-1) 3. Choose an integer e, 1 < e < φ(n) such that: gcd(e, φ(n)) = 1(where gcd means greatest common denominator) 4. Compute d, 1 < d < φ (n) such that: ed ≡ 1 (mod φ(n))

 the public key is (n, e) and the private key is (n, d)  the values of p, q and φ(n) are private  e is the public or encryption exponent  d is the private or decryption exponent

Encryption

The cipher text C is found by the equation 'C =Me mod n' where M is the original message.

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 8

International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469

Decryption

The message M can be found form the cipher text C by the equation 'M = Cd mod n'.

Camellia Algorithm

Camellia is a symmetric block cipher with secret key of size of 128, 192 or 256 bits. The length of plaintext and ciphertext blocks is always equal to 128 bits. In the following description, the original names of variables and functions the Camellia documentation are used to describe its algorithm. The most important elements of the algorithm are F-functions. They are used during encryption, decryption and creating helper variables of the key. The F-function takes 128 input

bits, mixes them with bits of subkeys ki and returns 128 new bits. Modification of bits in the F- function is referred to as one round of the algorithm. F-function calls are gathered in blocks. Each block contains six rounds. Six-round blocks (that means block of six calls of the F-function) are separated by calls of FL-functions and FL-1-functions. They manipulate 64-bit long parts of data and mix them

with subkeys kli. Both encryption and decryption algorithms are about to perform some repetitions of the 6-round blocks described above. The number of repetitions depends on the length of the currently used secret key:  3 repetitions of the 6-round blocks - for the 128-bit secret key,  4 repetitions of the 6-round blocks - for the 192-bit or 256-bit secret keys. Furthermore, at the beginning and at the end of both encryption and decryption

algorithms, additional operations are performed: data bits are added to bits of subkeys kwi. Subkeys, which are used to encrypt each data block (or to decrypt each ciphertext block), are created in the separate process. Tens of subkeys are calculated from the secret key for each block. They are used for various operations in the main algorithm.

Key schedule

The secret key using in the Camellia cipher can consist of 128, 192 or 256 bits. In order to encrypt data blocks, one have to create a few helper variables and then subkeys, based on secret key bits. Each subkey is 64-bit long.

At first, one should calculate two variables of size of 128 bits (KL and KR) and four

variables of size of 64 bits (KLL, KLR, KRL and KRR). The following equations describe connections between those variables:

 KLL = 64 left bits of KL

 KLR = 64 right bits of KL

 KRL = 64 left bits of KR

 KRR = 64 right bits of KR The rest of connections should be determined based on the length of the secret key K.

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 9

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD

 for the 128-bit long key:

o KL = K

o KR = 0  for the 192-bit long key:

o KL = 128 left bits of K

o KRL = 64 right bits of K

o KRR = ~KRL (negation of bits)  for the 256-bit long key:

o KL = 128 left bits of K

o KR = 128 right bits of K

Then, it is possible to calculate two new helper variables: KA and KB, based on

the previous ones. They are both 128-bit long. KB is nonzero if and only if the secret key

consists of 192 or 256 bits. While creating KA and KB one should use six help constant values,

which are referred to as ∑i.

At the end, based on four 128-bit long just created variables KL, KR, KA and KB, one

should compute all secret subkeys of size of 64 bits: ki, kwi and kli. Subkeys are used in all the steps during encryption and decryption in the Camellia algorithm.

[12] CONCLUSION The cloud security model does not hold the threat models which is developed for the traditional model there the hosts are operated and used by same organisation. Here, the steady progress is carried towards strengthening the IaaS security model. In this proposed work, trusted framework for infrastructure cloud deployment is presented with 4 focus points: 1. VM deployment on trusted computer hosts, 2. Domain –based protection of stored data 3. Resistance against cloud attacks and 4. Secure cloud storage.

[13] OUTPUT: User:

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 10

International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469

Domain manager:

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 11

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD

REFERENCES

[1] NicolaePaladi, Christian Gehrmann, and AntonisMichalas,” providing restrictions against attack and congestion control in public infrastructure cloud,” in Thisarticle has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCC.2016.2525991, IEEETransactions on Cloud Computing, (c) 2016.

[2] X. Guan, B.-Y. Choi, and S. Song, “Topology and migration-aware energy efficient virtual network embedding for green data centers,” in computer communication2158 and Networks (ICCCN),2014 23rdinternational Conference on. IEEE, 2014, pp. 1–8.

[3] W. Huang, X. Li, and Z. Qian, “An energy efficient virtual machine placement algorithm with balanced resource utilization,” in Innovative Mobile and InternetServices in Ubiquitous Computing (IMIS), 2013 Seventh International Conference on. IEEE, 2013, pp. 313–319.

[4] H.-J. Hong, D.-Y. Chen, C.-Y. Huang, K.-T. Chen, and C.-H. Hsu, “Placing virtual machines to optimize cloud gaming experience,” Cloud Computing, IEEE Transactionson, vol. 3, no. 1, pp. 42–53, 2015.

[5] A. Beloglazov and R. Buyya, “Adaptive threshold-based approach for energy-efficient consolidation of virtual machines in cloud data centers,” in Proceedings of the 8thInternational Workshop on Middleware for Grids, Cloudsand e-Science, vol. 4. ACM, 2010.

[6] X. Meng, V. Pappas, and L. Zhang, “Improving the scalability of data center networks with traffic- aware virtual machine placement,” in INFOCOM, 2010 ProceedingsIEEE. IEEE, 2010, pp. 1–9.

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 12

International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469

[7] H. Yanagisawa, T. Osogami, and R. Raymond, “Dependable virtual machine allocation,” in INFOCOM, 2013Proceedings IEEE. IEEE, 2013, pp. 629–637. [8] X. Li, J. Wu, S. Tang, and S. Lu, “Let’s stay together: Towards traffic aware virtual machine placement in datacenters,” in INFOCOM, 2014 Proceedings IEEE. IEEE, 2014, pp. 1842–1850.

[9] A. Greenberg, J. Hamilton, D. A. Maltz, and P. Patel, “The cost of a cloud: research problems in data centernetworks,” ACM SIGCOMM computer communicationreview, vol. 39, no. 1, pp. 68–73, 2008.

[10] A. Verma, P. Ahuja, and A. Neogi, “pmapper: power and migration cost aware application placement in virtualized systems,” in Middleware 2008. Springer, 2008, pp. 243–264.

[11] M. Wang, X. Meng, and L. Zhang, “Consolidating virtual machines with dynamic bandwidth demand in datacenters,” in INFOCOM, 2011 Proceedings IEEE. IEEE, 2011, pp. 71–75.

[12] J. W. Jiang, T. Lan, S. Ha, M. Chen, and M. Chiang,“Joint vm placement and routing for data center traffic engineering,” in INFOCOM, 2012 Proceedings IEEE. IEEE, 2012, pp. 2876–2880.

[13] M. H. Ferdaus and M.Murshed, “Energy-aware virtual machine consolidation in iaas cloud computing,” inCloud Computing. Springer, 2014, pp. 179–208.

[14] A. Beloglazov and R. Buyya, “Optimal online deterministic algorithms and adaptive heuristics for energy and performance efficient dynamic consolidation of virtual machines in cloud data centers,” Concurrency and Computation:Practice and Experience, vol. 24, no. 13, pp. 1397–1420, 2012.

[15] R. N. Calheiros, R. Ranjan, A. Beloglazov, C. A. De Rose, and R. Buyya, “Cloudsim: a toolkit for modelling and simulation of cloud computing environments and evaluation of resource provisioning algorithms,” Software: Practice and Experience, vol. 41, no. 1, pp. 23–50,2011.

[16] W. Tian, Y. Zhao, M. Xu, Y. Zhong, and X. Sun, “A toolkit for modeling and simulation of real-time virtual machine allocation in a cloud data center,” AutomationScience and Engineering, IEEE Transactions on, vol. 12, no. 1, pp. 153–161, 2015.

[17] N. Quang-Hung, N. Thoai, and N. T. Son, “Epobf: energy efficient allocation of virtual machines in high performance computing cloud,” in Transactions on Large-ScaleData-and Knowledge-Centered Systems XVI. Springer, 2014, pp. 71–86.

[18] A. W. Services, “Amazon ec2,” Website, http://aws.amazon.com/ec2/.

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 13

PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD

Nousheen R, Shanmugapriya M, Sujatha P,Dhinakaran D 14