Skip to main content
SpringerLink
Log in

Distributed Denial-of-Service Attack Detection and Mitigation Using Feature Selection and Intensive Care Request Processing Unit

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Worldwide acceptance of cloud computing is increasing day by day because it provides large amount of IT resources in a very simplified and economic manner. Cloud provides high security to its customers, but still there are some vulnerabilities present in cloud that attracts many attackers. Distributed denial-of-service (DDoS) attack is one of the nightmares for many cloud providers which affects the availability of resources in cloud network. This paper proposes a DDoS attack detection and mitigation model using the feature selection method and Intensive Care Request Processing Unit (ICRPU). In the proposed work, initially traffic is analyzed using Hellinger distance function, and if some distance is found, then all the packets are analyzed and classified in two categories, as DDoS and legitimate request groups on the basis of feature selected for the classification. The entire legitimate requests are forwarded to Normal Request Processing Unit where these request could be completed. All the DDoS request are sent to ICRPU were these request got busy in question and answer and in parallel source of these request are identified and blocked for further access. The specialty of ICRPU is that the attacker will never realize that the request sent by them to exhaust the resources are trapped, so the attacker will not perform any reflex action, and it becomes easy to track the attacker. Results shows that the proposed method provides the best detection rate, accuracy, and false alarm in comparison with existing filter methods and other such proposed method.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Kumar, V.; Nithya, M.: Improving security issues and security attacks in cloud computing. Int. J. Adv. Res. Comput. Commun. Eng. 3(10), 8148–8151 (2014)

    Article  Google Scholar 

  2. Osanaiye, O.; Choo, R.; Dlodlo, M.: DDoS resilience in cloud—review and conceptual cloud mitigation framework. J. Comput. Netw. Appl. 67, 147–165 (2016)

    Article  Google Scholar 

  3. Hormati, M.; Khendek, F.; Toeroe, M.: Towards an evaluation framework for availability solutions in the cloud. In: International Symposium on Software Reliability Engineering Workshops, IEEE, pp. 43–46 (2014)

  4. Deshmukh, R.V.; Devadkar, K.K.: Understanding DDoS attack and its effect in cloud environment. Procedia Comput. Sci. 49, 202–210 (2015)

    Article  Google Scholar 

  5. Kumar, M.N.; Sujatha, P.; Kalva, V.; Nagori, R.; Katukojwala, A.K.; Kumar, M.: Mitigating economic denial of sustainability (edos) in cloud computing using in-cloud scrubber service. In: 2012 Fourth International Conference on IEEE Computational Intelligence and Communication Networks (CICN), pp. 535–539 (2012)

  6. Shamsolmoali, P.; Zareapoor, M.: Statistical-based filtering system against DDOS attacks in cloud computing. In: International Conference on Advances in Computing, Communications and Informatics ICACCI, pp. 1234–1239 (2014)

  7. Iyengar, N.C.S.N.; Ganapathy, G.; Mogan Kumar, P.C.; Abraham, A.: A multilevel thrust filtration defending mechanism against DDoS attacks in cloud computing environment. Int. J. Grid Util. Comput. 5(4), 236–248 (2014)

    Article  Google Scholar 

  8. Beigi-Mohammadi, N.; Barna, C.; Shtern, M.; Khazaei, H.; Litoiu, M.: CAAMP—completely automated DDoS attack mitigation platform in hybrid clouds. In: International Conference on Network and Service Management (CNSM), pp. 136–143 (2016)

  9. Mankins, D.; Krishnan, R.; Boyd, C.; Zao, J.; Frentz, M.: Mitigating distributed denial of service attacks with dynamic resource pricing. In: Computer Security Applications Conference (CSAC), pp. 411–421 (2001)

  10. Latif, R.; Abbas, H.; Assar, S.: Distributed denial of service (DDoS) attack in cloud-assisted wireless body area networks—a systematic literature review. J. Med. Syst. 38(11), 128 (2014)

    Article  Google Scholar 

  11. Sqalli, M.H.; Al-Haidari, F.; Salah, K.: Edos-shield-a two-steps mitigation technique against edos attacks in cloud computing. In: Fourth IEEE International Conference on Utility and Cloud Computing, pp. 49–56 (2011)

  12. Bharot, N.; Verma, P.; Suraparaju, V.; Gupta, S.: Mitigating distributed denial of service attack in cloud computing environment using threshold based technique. Indian J. Sci. Technol. 9(38), 1–7 (2016)

    Article  Google Scholar 

  13. Bolon-Canedo, V.; Sanchez-Marono, N.; Alonso-Betanzos, A.: Feature selection and classification in multiple class datasets—an application to KDD Cup 99 dataset. Expert Syst. Appl. 38(5), 5947–5957 (2011)

    Article  Google Scholar 

  14. Sengar, H.; Wang, H.; Wijesekera, D.; Jajodia, S.: Detecting VoIP floods using the Hellinger distance. IEEE Trans. Parallel Distrib. Syst. 19(6), 794–805 (2008)

    Article  Google Scholar 

  15. Amrita; Ahmed, P.: A study of feature selection methods in intrusion detection system: a survey. Int. J. Comput. Sci. Eng. Inf. Technol. Res. 2(3), 1–25 (2012)

  16. http://www.cs.waikato.ac.nz/ml/weka/

  17. http://www.unb.ca/cic/research/datasets/nsl.html

  18. Tesfahun, A.; Bhaskari, D.L.: Intrusion detection using random forests classifier with SMOTE and feature reduction. In: International Conference on Cloud and Ubiquitous Computing and Emerging Technologies (CUBE), pp. 127–132 (2013)

  19. Yu, L.; Liu, H.: Feature selection for high-dimensional data—a fast correlation-based filter solution. In: Proceedings of the 20th International Conference on Machine Learning (ICML-03), pp. 856–863 (2003)

  20. Han, J.; Pei, J.; Kamber, M.: Data Mining Concepts and Techniques, 3rd edn., pp. 340–341. Morgan Kaufmann Publishers, USA (2012)

  21. Devi, K.L.; Subathra, P.; Kumar, P.N.: Tweet sentiment classification using an ensemble of machine learning supervised classifiers employing statistical feature selection methods. In: Proceedings of the Fifth International Conference on Fuzzy and Neuro Computing, pp. 1–13 (2015)

  22. Nissim, N.; Moskovitch, R.; Rokach, L.; Elovici, Y.: Detecting unknown computer worm activity via support vector machines and active learning. Pattern Anal. Appl. 15(4), 459–475 (2012)

    Article  MathSciNet  Google Scholar 

  23. Modi, U.; Jain, A.: A survey of IDS classification using KDD CUP 99 dataset in WEKA. Int. J. Sci. Eng. Res. 6(11), 947–954 (2015)

    Google Scholar 

  24. Koc, L.; Mazzuchi, T.A.; Sarkani, S.: A network intrusion detection system based on a Hidden Nave Bayes multiclass classifier. Expert Syst. Appl. 39(18), 13492–13500 (2012)

    Article  Google Scholar 

  25. Peng, J.; Choo, K.K.R.; Ashman, H.: Bit-level n-gram based forensic authorship analysis on social media: identifying individuals from linguistic profiles. J. Netw. Comput. Appl. 70, 171–182 (2016)

    Article  Google Scholar 

  26. Rastegari, S.; Hingston, P.; Lam, C.P.: Evolving statistical rule sets for network intrusion detection. Appl. Soft Comput. 33, 348–359 (2015)

    Article  Google Scholar 

  27. Eid, H.F.; Hassanien, A.E.; Kim, T.; Banerjee, S.: Linear correlation-based feature selection for network intrusion detection model. In: Awad, A.I., Hassanien, A.E., Baba, K. (eds.) Advances in Security of Information and Communication Networks. Communications in Computer and Information Science, vol. 381, pp. 240–248 (2013)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Aisect University, Bhopal, India

    Nitesh Bharot & Veenadhari Suraparaju

  2. Department of Information Technology, ABV-IIITM, Gwalior, India

    Priyanka Verma

  3. Department of Computer Science and Engineering, MANIT, Bhopal, India

    Sangeeta Sharma

Authors
  1. Nitesh Bharot
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Priyanka Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sangeeta Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Veenadhari Suraparaju
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nitesh Bharot.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bharot, N., Verma, P., Sharma, S. et al. Distributed Denial-of-Service Attack Detection and Mitigation Using Feature Selection and Intensive Care Request Processing Unit. Arab J Sci Eng 43, 959–967 (2018). https://doi.org/10.1007/s13369-017-2844-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-017-2844-0

Keywords

Search

Navigation