Abstract
Worldwide acceptance of cloud computing is increasing day by day because it provides large amount of IT resources in a very simplified and economic manner. Cloud provides high security to its customers, but still there are some vulnerabilities present in cloud that attracts many attackers. Distributed denial-of-service (DDoS) attack is one of the nightmares for many cloud providers which affects the availability of resources in cloud network. This paper proposes a DDoS attack detection and mitigation model using the feature selection method and Intensive Care Request Processing Unit (ICRPU). In the proposed work, initially traffic is analyzed using Hellinger distance function, and if some distance is found, then all the packets are analyzed and classified in two categories, as DDoS and legitimate request groups on the basis of feature selected for the classification. The entire legitimate requests are forwarded to Normal Request Processing Unit where these request could be completed. All the DDoS request are sent to ICRPU were these request got busy in question and answer and in parallel source of these request are identified and blocked for further access. The specialty of ICRPU is that the attacker will never realize that the request sent by them to exhaust the resources are trapped, so the attacker will not perform any reflex action, and it becomes easy to track the attacker. Results shows that the proposed method provides the best detection rate, accuracy, and false alarm in comparison with existing filter methods and other such proposed method.
Similar content being viewed by others
References
Kumar, V.; Nithya, M.: Improving security issues and security attacks in cloud computing. Int. J. Adv. Res. Comput. Commun. Eng. 3(10), 8148–8151 (2014)
Osanaiye, O.; Choo, R.; Dlodlo, M.: DDoS resilience in cloud—review and conceptual cloud mitigation framework. J. Comput. Netw. Appl. 67, 147–165 (2016)
Hormati, M.; Khendek, F.; Toeroe, M.: Towards an evaluation framework for availability solutions in the cloud. In: International Symposium on Software Reliability Engineering Workshops, IEEE, pp. 43–46 (2014)
Deshmukh, R.V.; Devadkar, K.K.: Understanding DDoS attack and its effect in cloud environment. Procedia Comput. Sci. 49, 202–210 (2015)
Kumar, M.N.; Sujatha, P.; Kalva, V.; Nagori, R.; Katukojwala, A.K.; Kumar, M.: Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: 2012 Fourth International Conference on IEEE Computational Intelligence and Communication Networks (CICN), pp. 535–539 (2012)
Shamsolmoali, P.; Zareapoor, M.: Statistical-based filtering system against DDOS attacks in cloud computing. In: International Conference on Advances in Computing, Communications and Informatics ICACCI, pp. 1234–1239 (2014)
Iyengar, N.C.S.N.; Ganapathy, G.; Mogan Kumar, P.C.; Abraham, A.: A multilevel thrust filtration defending mechanism against DDoS attacks in cloud computing environment. Int. J. Grid Util. Comput. 5(4), 236–248 (2014)
Beigi-Mohammadi, N.; Barna, C.; Shtern, M.; Khazaei, H.; Litoiu, M.: CAAMP—completely automated DDoS attack mitigation platform in hybrid clouds. In: International Conference on Network and Service Management (CNSM), pp. 136–143 (2016)
Mankins, D.; Krishnan, R.; Boyd, C.; Zao, J.; Frentz, M.: Mitigating distributed denial of service attacks with dynamic resource pricing. In: Computer Security Applications Conference (CSAC), pp. 411–421 (2001)
Latif, R.; Abbas, H.; Assar, S.: Distributed denial of service (DDoS) attack in cloud-assisted wireless body area networks—a systematic literature review. J. Med. Syst. 38(11), 128 (2014)
Sqalli, M.H.; Al-Haidari, F.; Salah, K.: Edos-shield-a two-steps mitigation technique against edos attacks in cloud computing. In: Fourth IEEE International Conference on Utility and Cloud Computing, pp. 49–56 (2011)
Bharot, N.; Verma, P.; Suraparaju, V.; Gupta, S.: Mitigating distributed denial of service attack in cloud computing environment using threshold based technique. Indian J. Sci. Technol. 9(38), 1–7 (2016)
Bolon-Canedo, V.; Sanchez-Marono, N.; Alonso-Betanzos, A.: Feature selection and classification in multiple class datasets—an application to KDD Cup 99 dataset. Expert Syst. Appl. 38(5), 5947–5957 (2011)
Sengar, H.; Wang, H.; Wijesekera, D.; Jajodia, S.: Detecting VoIP floods using the Hellinger distance. IEEE Trans. Parallel Distrib. Syst. 19(6), 794–805 (2008)
Amrita; Ahmed, P.: A study of feature selection methods in intrusion detection system: a survey. Int. J. Comput. Sci. Eng. Inf. Technol. Res. 2(3), 1–25 (2012)
Tesfahun, A.; Bhaskari, D.L.: Intrusion detection using random forests classifier with SMOTE and feature reduction. In: International Conference on Cloud and Ubiquitous Computing and Emerging Technologies (CUBE), pp. 127–132 (2013)
Yu, L.; Liu, H.: Feature selection for high-dimensional data—a fast correlation-based filter solution. In: Proceedings of the 20th International Conference on Machine Learning (ICML-03), pp. 856–863 (2003)
Han, J.; Pei, J.; Kamber, M.: Data Mining Concepts and Techniques, 3rd edn., pp. 340–341. Morgan Kaufmann Publishers, USA (2012)
Devi, K.L.; Subathra, P.; Kumar, P.N.: Tweet sentiment classification using an ensemble of machine learning supervised classifiers employing statistical feature selection methods. In: Proceedings of the Fifth International Conference on Fuzzy and Neuro Computing, pp. 1–13 (2015)
Nissim, N.; Moskovitch, R.; Rokach, L.; Elovici, Y.: Detecting unknown computer worm activity via support vector machines and active learning. Pattern Anal. Appl. 15(4), 459–475 (2012)
Modi, U.; Jain, A.: A survey of IDS classification using KDD CUP 99 dataset in WEKA. Int. J. Sci. Eng. Res. 6(11), 947–954 (2015)
Koc, L.; Mazzuchi, T.A.; Sarkani, S.: A network intrusion detection system based on a Hidden Nave Bayes multiclass classifier. Expert Syst. Appl. 39(18), 13492–13500 (2012)
Peng, J.; Choo, K.K.R.; Ashman, H.: Bit-level n-gram based forensic authorship analysis on social media: identifying individuals from linguistic profiles. J. Netw. Comput. Appl. 70, 171–182 (2016)
Rastegari, S.; Hingston, P.; Lam, C.P.: Evolving statistical rule sets for network intrusion detection. Appl. Soft Comput. 33, 348–359 (2015)
Eid, H.F.; Hassanien, A.E.; Kim, T.; Banerjee, S.: Linear correlation-based feature selection for network intrusion detection model. In: Awad, A.I., Hassanien, A.E., Baba, K. (eds.) Advances in Security of Information and Communication Networks. Communications in Computer and Information Science, vol. 381, pp. 240–248 (2013)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bharot, N., Verma, P., Sharma, S. et al. Distributed Denial-of-Service Attack Detection and Mitigation Using Feature Selection and Intensive Care Request Processing Unit. Arab J Sci Eng 43, 959–967 (2018). https://doi.org/10.1007/s13369-017-2844-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-017-2844-0