<![CDATA[As cloud computing becomes increasingly central to modern digital operations, it has also become a primary target for Distributed Denial of Service (DDoS) attacks. This research investigates the major vulnerabilities within cloud infrastructure that are commonly exploited by DDoS attackers and evaluates the effectiveness of various mitigation strategies. The study employs a mixed-methods approach, combining vulnerability assessment, simulated attack scenarios, and comparative performance analysis of traditional and advanced defense mechanisms, including rate limiting, Intrusion Detection Systems (IDS), Software-Defined Networking (SDN), and machine learning-based anomaly detection. The findings reveal that key weaknesses in cloud systems such as shared resource models, unsecured APIs, and auto-scaling configurations can be leveraged to disrupt services or cause economic damage. The comparative evaluation highlights the limitations of conventional tools in handling sophisticated or large-scale attacks, while also showcasing the superior adaptability of SDN and AI-driven techniques under dynamic threat conditions. This research contributes to the field of cloud security by offering a comprehensive understanding of DDoS threat vectors, identifying effective defense combinations, and providing practical recommendations for strengthening the security posture of cloud systems. The study emphasizes the importance of proactive, layered, and intelligent defense frameworks to enhance the resilience of cloud-based infrastructures against evolving DDoS threats.]]>
