Mitigating Economic Denial of Sustainability (EDoS) Attacks in Cloud Computing Using an AI-Driven Cost-Aware Defense System

The pay-per-use billing model of cloud computing makes cloud infrastructures highly vulnerable to Economic Denial of Sustainability (EDoS) attacks, where adversaries exploit auto-scaling mechanisms to trigger excessive resource consumption and inflated operational costs. Existing mitigation approaches, such as rate limiting and conventional anomaly detection, struggle to accurately distinguish legitimate traffic from attack-traffic requests, often leading to false negative alarm and unnecessary financial overhead. This paper proposes a Cost-Aware Adaptive Defense System (CADS), a novel artificial intelligence-driven (AI-driven) defense system that integrates deep learning-based (DL-based) traffic classification, Trust-based resource access control, and Software-Defined Networking-based (SDN-based) traffic filtering to mitigate EDoS attacks while preserving economic sustainability. The Trust-based access control mechanism dynamically assigns trust scores to incoming requests and restricts suspicious entities from triggering auto-scaling, thereby preventing fraudulent resource allocation. The proposed defense system introduces a lightweight computational overhead of approximately 85 ms for detection and 210 ms for mitigation response, ensuring real-time protection with minimal performance impact. Experimental evaluation was conducted in an OpenStack-based simulated cloud environment, modeling multiple EDoS attack strategies, including HTTP flood, ICMP-based, and workload-based attacks. Results demonstrate that CADS achieves a detection performance such as 97.1% for (F1-score), 97.5% for Recall and 96.8 for Precision, indicates significantly reducing missed attacks and false alarm. More importantly, CADS reduces overall cloud billing costs by approximately 25% compared to state-of-the-art EDoS mitigation mechanisms, such as Advanced EDoS Attack Defense Shell (EDoS-ADS) and Multi-head Attention Network (MAN-EDoS). The results highlight the practical effectiveness of CADS in enhancing cloud security resilience while substantially lowering operational expenses for cloud service providers. Although CADS has not been tested in real-world environments, it demonstrates strong performance under simulated conditions. Future work will focus on large-scale real-world deployments and the integration of reinforcement learning techniques to adapt to evolving attack patterns.