Abstract
Cloud computing plays a major role in reducing the expenditure of infrastructural costs on the basis of pay per use model. Security is the major concern wherein detection of security attacks and crimes is very difficult. Due to the distributed nature of attacks and crimes in the cloud, there is a need for an efficient security mechanism. Traditional security mechanisms cannot be applied directly to identify the source of attack due to the dynamic changes in the cloud. Hypertext Transfer Protocol (HTTP) flooding attacks are identified by keeping track of all the activities of the virtual machine instances running in the cloud. It is hard to identify the source of an attack since an attacker deletes all the possible traces. So, in order to mitigate this issue, the proposed method reads the logs, extracts the relevant features and investigates HTTP flooding attacks by a grouping of similar input patterns using fuzzy bat clustering and determines the anomalous behavior using deviated anomalous score. The suspicious source is determined by finding the event correlation between the virtual machine instance issued by cloud service provider with the suspicious source list. The experimental results are compared with the existing approaches, viz., k-means clustering, fuzzy c-means clustering, bat clustering and Bartd method in which the proposed method determines the anomalies accurately with very few false alarm than existing approaches.
Similar content being viewed by others
References
Yu S, Tian Y, Guo S, Wu DO (2014) Can we beat ddos attacks in clouds? IEEE Trans Parallel Distrib Syst 25(9):2245–2254
Khorshed MT, Ali ABM, Wasimi SA (2012) Classifying different denial-of-service attacks in cloud computing using rule-based learning. Secur Commun Netw 5(11):1235–1247
Nelson P (2015) Cybercriminals moving into cloud big time, report says. Network world
Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: opportunities and challenges. Inf Sci 305:357–383
Karnwal T, Thandapanii S, Gnanasekaran A (2013) A filter tree approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In: Abraham A, Thampi S (eds) Intelligent informatics. Springer, Berlin, Heidelberg, pp 459–469
Anitha E, Malliga S (2013) A packet marking approach to protect cloud environment against ddos attacks. In: 2013 international conference on information communication and embedded systems (ICICES). IEEE, pp 367–370
Chonka A, Zhou W, Xiang Y (2009) Defending grid web services from xdos attacks by sota. In: IEEE international conference on pervasive computing and communications. PerCom 2009. IEEE, pp 1–6
Yang L, Zhang T, Song J, Wang JS, Chen P (2012) Defense of ddos attack for cloud computing. In: 2012 IEEE international conference on computer science and automation engineering (CSAE), vol 2. IEEE, pp 26–629
Chonka A, Xiang Y, Zhou W, Bonti A (2011) Cloud security defence to protect cloud computing against http-dos and xml-dos attacks. J Netw Comput Appl 34(4):1097–1107
Bedi HS, Shiva S (2012) Securing cloud infrastructure against co-resident dos attacks using game theoretic defense mechanisms. In: Proceedings of the international conference on advances in computing, communications and informatics. ACM, pp 463–469
Keunsoo L, Juhyun K, Hoon KK, Younggoo H, Sehun K (2008) Ddos attack detection method using cluster analysis. Expert Syst Appl 34(3):1659–1665
Bezdek JC, Ehrlich R, Full W (1984) Fcm: the fuzzy c-means clustering algorithm. Comput Geosci 10(2–3):191–203
Al-Sultan KS, Selim SZ (1993) A global algorithm for the fuzzy clustering problem. Pattern Recognit 26(9):1357–1361
Buckles BP, Petry FE, Prabhu D, George R, Srikanth R (1994) Fuzzy clustering with genetic search. In: Proceedings of the 1st IEEE conference on evolutionary computation, 1994. IEEE world congress on computational intelligence. IEEE, pp 46–50
Wang L, Liu Y, Zhao X, Xu Y (2006) Particle swarm optimization for fuzzy c-means clustering. In: The 6th world congress on intelligent control and automation. WCICA 2006, vol 2. IEEE, pp 6055–6058
Karaboga D, Basturk B (2007) A powerful and efficient algorithm for numerical function optimization: artificial bee colony (abc) algorithm. J Glob Optim 39(3):459–471
Behera HS, Nayak J, Nanda M, Nayak K (2015) A novel hybrid approach for real world data clustering algorithm based on fuzzy c-means and firefly algorithm. Int J Fuzzy Comput Model 1(4):431–448
Anwar F, Anwar Z et al (2011) Digital forensics for eucalyptus. In: Frontiers of information technology (FIT), 2011. IEEE, pp 110–116
Birk D, Wegener C (2011) Technical issues of forensic investigations in cloud computing environments. In: 2011 IEEE 6th international workshop on systematic approaches to digital forensic engineering (SADFE). IEEE, pp 1–10
Mazzariello C, Bifulco R, Canonico R (2010) Integrating a network ids into an open source cloud computing environment. In: 2010 6th international conference on information assurance and security (IAS). IEEE, pp 265–270
Lonea AM, Popescu DE, Tianfield H (2013) Detecting ddos attacks in cloud computing environment. Int J Comput Commun Control 8(1):70–78
Özçelik İ, Brooks RR (2015) Deceiving entropy based dos detection. Comput Secur 48:234–245
Singh K, Singh P, Kumar K (2017) Application layer http-get flood ddos attacks: research landscape and challenges. Computs Secur 65:344–372
Chwalinski P, Belavkin R, Cheng X (2013) Detection of HTTP-GET attack with clustering and information theoretic measurements. In: Garcia-Alfaro J, Cuppens F, Cuppens-Boulahia N, Miri A, Tawbi N (eds) Foundations and practice of security. Springer, Berlin, Heidelberg, pp 45–61
Yang X-S (2011) Bat algorithm for multi-objective optimisation. Int J Bio-inspired Comput 3(5):267–274
Khan K, Nikov A, Sahai A (2011) A fuzzy bat clustering method for ergonomic screening of office workplaces. In: 3rd international conference on software, services and semantic technologies S3T 2011. Springer, pp 59–66
Komarasamy G, Wahi A (2012) An optimized k-means clustering technique using bat algorithm. Eur J Sci Res 84(2):263–273
Alomari OA, Khader AT, Mohammed AA-B, Abualigah LM, Nugroho H, Chandra GR, Katyayani A, Sandhya N, Hossain J, Fazlida Mohd Sani N et al (2017) Mrmr ba: a hybrid gene selection algorithm for cancer classification. J Theor Appl Inf Technol 95(12):1
Rizk-Allah RM, Hassanien AE (2018) New binary bat algorithm for solving 0–1 knapsack problem. Complex Intell Syst 4(1):31–53
Yilmaz S, Kucuksille EU (2013) Improved bat algorithm (iba) on continuous optimization problems. Lect Notes Softw Eng 1(3):279
Li L, Zhou Y (2014) A novel complex-valued bat algorithm. Neural Comput Appl 25(6):1369–1381
Sathya MR, Ansari MMT (2015) Load frequency control using bat inspired algorithm based dual mode gain scheduling of pi controllers for interconnected power system. Int J Electr Power Energy Syst 64:365–374
Ye Z-W, Wang M-W, Liu W, Chen S-B (2015) Fuzzy entropy based optimal thresholding using bat algorithm. Appl Soft Comput 31:381–395
Senthilnath J, Omkar SN, Mani V (2011) Clustering using firefly algorithm: performance study. Swarm Evolut Comput 1(3):164–171
Yang X-S, He X (2013) Bat algorithm: literature review and applications. Int J Bio-Inspired Comput 5(3):141–149
Sreeram I, Vuppala VPK (2017) HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl Comput Inform 15(1):59–66
Aboubi Y, Drias H, Kamel N (2016) Bat-clara: Bat-inspired algorithm for clustering large applications. IFAC-PapersOnLine 49(12):243–248
Yahya NM, Tokhi MO, Yahya NM, Tokhi MO (2017) A modified bats echolocation-based algorithm for solving constrained optimisation problems. Int J Bio-Inspired Comput 10(1):12–23
Wang G-G, Lu M, Zhao X-J (2016) An improved bat algorithm with variable neighborhood search for global optimization. In: 2016 IEEE congress on evolutionary computation (CEC). IEEE, pp 1773–1778
Eslahi M, Rohmad MS, Nilsaz H, Naseri MV, Tahir NM, Hashim H (2015) Periodicity classification of http traffic to detect http botnets. In: 2015 IEEE symposium on computer applications and industrial electronics (ISCAIE). IEEE, pp 119–123
Yang X-S (2010) A new metaheuristic bat-inspired algorithm. Nature inspired cooperative strategies for optimization (NICSO 2010), pp 65–74
BoussaïD I, Lepagnot J, Siarry P (2013) A survey on optimization metaheuristics. Inf Sci 237:82–117
Openstack. Openstack guide (2016). https://docs.openstack.org/liberty/install-guide-ubuntu/. Accessed 10 Jan 2016
Sree TR, Bhanu SMS (2018) Detection of http flooding attacks in cloud using dynamic entropy method. Arab J Sci Eng 43(12):6995–7014
IRCbot (2016) Irc bot. https://github.com/paulbarbu/IRC-Bot. Accessed 10 Feb 2016
Dirtjumper (2015) Dirt jumper-kerbs on security. https://Krebsonsecurity.com/tag/dirt-jumper/. Accessed 10 Feb 2016
HULK (2016) Hulk attack. http://github.com/grafov/hulk. Accessed 10 Feb 2016
Goldeneye (2016) Golden eye. https://github.com/jseidl/Goldeneye/. Accessed 10 Feb 2016
HTTP flood (2016) Owasp http get ddos attack. www.exploiterz.blogspot.in/2013/0/owasp-http-getpost-ddos-attacker-tool.html. Accessed 10 Feb 2016
HOIC (2016) Hoic attack tool. www.hackersnews.com/2012/013/another-ddos-tool-from-anonymous-hoic.html. Accessed 10 Feb 2016
Slowloris (2016) Slowloris attack tool. https://sourceforge.net/projects/slowlorisgui/. Accessed 10 Feb 2016
Prasad KM, Reddy ARM, Rao KV (2017) Bartd: Bio-inspired anomaly based real time detection of under rated app-ddos attack on web. J King Saud Univ Comput Inf Sci
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Raja Sree, T., Mary Saira Bhanu, S. Detection of HTTP flooding attacks in cloud using fuzzy bat clustering. Neural Comput & Applic 32, 9603–9619 (2020). https://doi.org/10.1007/s00521-019-04473-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-019-04473-6