Skip to main content
SpringerLink
Log in

Detection of HTTP flooding attacks in cloud using fuzzy bat clustering

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

Cloud computing plays a major role in reducing the expenditure of infrastructural costs on the basis of pay per use model. Security is the major concern wherein detection of security attacks and crimes is very difficult. Due to the distributed nature of attacks and crimes in the cloud, there is a need for an efficient security mechanism. Traditional security mechanisms cannot be applied directly to identify the source of attack due to the dynamic changes in the cloud. Hypertext Transfer Protocol (HTTP) flooding attacks are identified by keeping track of all the activities of the virtual machine instances running in the cloud. It is hard to identify the source of an attack since an attacker deletes all the possible traces. So, in order to mitigate this issue, the proposed method reads the logs, extracts the relevant features and investigates HTTP flooding attacks by a grouping of similar input patterns using fuzzy bat clustering and determines the anomalous behavior using deviated anomalous score. The suspicious source is determined by finding the event correlation between the virtual machine instance issued by cloud service provider with the suspicious source list. The experimental results are compared with the existing approaches, viz., k-means clustering, fuzzy c-means clustering, bat clustering and Bartd method in which the proposed method determines the anomalies accurately with very few false alarm than existing approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Yu S, Tian Y, Guo S, Wu DO (2014) Can we beat ddos attacks in clouds? IEEE Trans Parallel Distrib Syst 25(9):2245–2254

    Google Scholar 

  2. Khorshed MT, Ali ABM, Wasimi SA (2012) Classifying different denial-of-service attacks in cloud computing using rule-based learning. Secur Commun Netw 5(11):1235–1247

    Google Scholar 

  3. Nelson P (2015) Cybercriminals moving into cloud big time, report says. Network world

  4. Ali M, Khan SU, Vasilakos AV (2015) Security in cloud computing: opportunities and challenges. Inf Sci 305:357–383

    MathSciNet  Google Scholar 

  5. Karnwal T, Thandapanii S, Gnanasekaran A (2013) A filter tree approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In: Abraham A, Thampi S (eds) Intelligent informatics. Springer, Berlin, Heidelberg, pp 459–469

    Google Scholar 

  6. Anitha E, Malliga S (2013) A packet marking approach to protect cloud environment against ddos attacks. In: 2013 international conference on information communication and embedded systems (ICICES). IEEE, pp 367–370

  7. Chonka A, Zhou W, Xiang Y (2009) Defending grid web services from xdos attacks by sota. In: IEEE international conference on pervasive computing and communications. PerCom 2009. IEEE, pp 1–6

  8. Yang L, Zhang T, Song J, Wang JS, Chen P (2012) Defense of ddos attack for cloud computing. In: 2012 IEEE international conference on computer science and automation engineering (CSAE), vol 2. IEEE, pp 26–629

  9. Chonka A, Xiang Y, Zhou W, Bonti A (2011) Cloud security defence to protect cloud computing against http-dos and xml-dos attacks. J Netw Comput Appl 34(4):1097–1107

    Google Scholar 

  10. Bedi HS, Shiva S (2012) Securing cloud infrastructure against co-resident dos attacks using game theoretic defense mechanisms. In: Proceedings of the international conference on advances in computing, communications and informatics. ACM, pp 463–469

  11. Keunsoo L, Juhyun K, Hoon KK, Younggoo H, Sehun K (2008) Ddos attack detection method using cluster analysis. Expert Syst Appl 34(3):1659–1665

    Google Scholar 

  12. Bezdek JC, Ehrlich R, Full W (1984) Fcm: the fuzzy c-means clustering algorithm. Comput Geosci 10(2–3):191–203

    Google Scholar 

  13. Al-Sultan KS, Selim SZ (1993) A global algorithm for the fuzzy clustering problem. Pattern Recognit 26(9):1357–1361

    Google Scholar 

  14. Buckles BP, Petry FE, Prabhu D, George R, Srikanth R (1994) Fuzzy clustering with genetic search. In: Proceedings of the 1st IEEE conference on evolutionary computation, 1994. IEEE world congress on computational intelligence. IEEE, pp 46–50

  15. Wang L, Liu Y, Zhao X, Xu Y (2006) Particle swarm optimization for fuzzy c-means clustering. In: The 6th world congress on intelligent control and automation. WCICA 2006, vol 2. IEEE, pp 6055–6058

  16. Karaboga D, Basturk B (2007) A powerful and efficient algorithm for numerical function optimization: artificial bee colony (abc) algorithm. J Glob Optim 39(3):459–471

    MathSciNet  MATH  Google Scholar 

  17. Behera HS, Nayak J, Nanda M, Nayak K (2015) A novel hybrid approach for real world data clustering algorithm based on fuzzy c-means and firefly algorithm. Int J Fuzzy Comput Model 1(4):431–448

    Google Scholar 

  18. Anwar F, Anwar Z et al (2011) Digital forensics for eucalyptus. In: Frontiers of information technology (FIT), 2011. IEEE, pp 110–116

  19. Birk D, Wegener C (2011) Technical issues of forensic investigations in cloud computing environments. In: 2011 IEEE 6th international workshop on systematic approaches to digital forensic engineering (SADFE). IEEE, pp 1–10

  20. Mazzariello C, Bifulco R, Canonico R (2010) Integrating a network ids into an open source cloud computing environment. In: 2010 6th international conference on information assurance and security (IAS). IEEE, pp 265–270

  21. Lonea AM, Popescu DE, Tianfield H (2013) Detecting ddos attacks in cloud computing environment. Int J Comput Commun Control 8(1):70–78

    Google Scholar 

  22. Özçelik İ, Brooks RR (2015) Deceiving entropy based dos detection. Comput Secur 48:234–245

    Google Scholar 

  23. Singh K, Singh P, Kumar K (2017) Application layer http-get flood ddos attacks: research landscape and challenges. Computs Secur 65:344–372

    Google Scholar 

  24. Chwalinski P, Belavkin R, Cheng X (2013) Detection of HTTP-GET attack with clustering and information theoretic measurements. In: Garcia-Alfaro J, Cuppens F, Cuppens-Boulahia N, Miri A, Tawbi N (eds) Foundations and practice of security. Springer, Berlin, Heidelberg, pp 45–61

    MATH  Google Scholar 

  25. Yang X-S (2011) Bat algorithm for multi-objective optimisation. Int J Bio-inspired Comput 3(5):267–274

    Google Scholar 

  26. Khan K, Nikov A, Sahai A (2011) A fuzzy bat clustering method for ergonomic screening of office workplaces. In: 3rd international conference on software, services and semantic technologies S3T 2011. Springer, pp 59–66

  27. Komarasamy G, Wahi A (2012) An optimized k-means clustering technique using bat algorithm. Eur J Sci Res 84(2):263–273

    Google Scholar 

  28. Alomari OA, Khader AT, Mohammed AA-B, Abualigah LM, Nugroho H, Chandra GR, Katyayani A, Sandhya N, Hossain J, Fazlida Mohd Sani N et al (2017) Mrmr ba: a hybrid gene selection algorithm for cancer classification. J Theor Appl Inf Technol 95(12):1

    Google Scholar 

  29. Rizk-Allah RM, Hassanien AE (2018) New binary bat algorithm for solving 0–1 knapsack problem. Complex Intell Syst 4(1):31–53

    Google Scholar 

  30. Yilmaz S, Kucuksille EU (2013) Improved bat algorithm (iba) on continuous optimization problems. Lect Notes Softw Eng 1(3):279

    Google Scholar 

  31. Li L, Zhou Y (2014) A novel complex-valued bat algorithm. Neural Comput Appl 25(6):1369–1381

    Google Scholar 

  32. Sathya MR, Ansari MMT (2015) Load frequency control using bat inspired algorithm based dual mode gain scheduling of pi controllers for interconnected power system. Int J Electr Power Energy Syst 64:365–374

    Google Scholar 

  33. Ye Z-W, Wang M-W, Liu W, Chen S-B (2015) Fuzzy entropy based optimal thresholding using bat algorithm. Appl Soft Comput 31:381–395

    Google Scholar 

  34. Senthilnath J, Omkar SN, Mani V (2011) Clustering using firefly algorithm: performance study. Swarm Evolut Comput 1(3):164–171

    Google Scholar 

  35. Yang X-S, He X (2013) Bat algorithm: literature review and applications. Int J Bio-Inspired Comput 5(3):141–149

    Google Scholar 

  36. Sreeram I, Vuppala VPK (2017) HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl Comput Inform 15(1):59–66

    Google Scholar 

  37. Aboubi Y, Drias H, Kamel N (2016) Bat-clara: Bat-inspired algorithm for clustering large applications. IFAC-PapersOnLine 49(12):243–248

    Google Scholar 

  38. Yahya NM, Tokhi MO, Yahya NM, Tokhi MO (2017) A modified bats echolocation-based algorithm for solving constrained optimisation problems. Int J Bio-Inspired Comput 10(1):12–23

    Google Scholar 

  39. Wang G-G, Lu M, Zhao X-J (2016) An improved bat algorithm with variable neighborhood search for global optimization. In: 2016 IEEE congress on evolutionary computation (CEC). IEEE, pp 1773–1778

  40. Eslahi M, Rohmad MS, Nilsaz H, Naseri MV, Tahir NM, Hashim H (2015) Periodicity classification of http traffic to detect http botnets. In: 2015 IEEE symposium on computer applications and industrial electronics (ISCAIE). IEEE, pp 119–123

  41. Yang X-S (2010) A new metaheuristic bat-inspired algorithm. Nature inspired cooperative strategies for optimization (NICSO 2010), pp 65–74

  42. BoussaïD I, Lepagnot J, Siarry P (2013) A survey on optimization metaheuristics. Inf Sci 237:82–117

    MathSciNet  MATH  Google Scholar 

  43. Openstack. Openstack guide (2016). https://docs.openstack.org/liberty/install-guide-ubuntu/. Accessed 10 Jan 2016

  44. Sree TR, Bhanu SMS (2018) Detection of http flooding attacks in cloud using dynamic entropy method. Arab J Sci Eng 43(12):6995–7014

    Google Scholar 

  45. IRCbot (2016) Irc bot. https://github.com/paulbarbu/IRC-Bot. Accessed 10 Feb 2016

  46. Dirtjumper (2015) Dirt jumper-kerbs on security. https://Krebsonsecurity.com/tag/dirt-jumper/. Accessed 10 Feb 2016

  47. HULK (2016) Hulk attack. http://github.com/grafov/hulk. Accessed 10 Feb 2016

  48. Goldeneye (2016) Golden eye. https://github.com/jseidl/Goldeneye/. Accessed 10 Feb 2016

  49. HTTP flood (2016) Owasp http get ddos attack. www.exploiterz.blogspot.in/2013/0/owasp-http-getpost-ddos-attacker-tool.html. Accessed 10 Feb 2016

  50. HOIC (2016) Hoic attack tool. www.hackersnews.com/2012/013/another-ddos-tool-from-anonymous-hoic.html. Accessed 10 Feb 2016

  51. Slowloris (2016) Slowloris attack tool. https://sourceforge.net/projects/slowlorisgui/. Accessed 10 Feb 2016

  52. Prasad KM, Reddy ARM, Rao KV (2017) Bartd: Bio-inspired anomaly based real time detection of under rated app-ddos attack on web. J King Saud Univ Comput Inf Sci

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli, India

    T. Raja Sree & S. Mary Saira Bhanu

Authors
  1. T. Raja Sree
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Mary Saira Bhanu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to T. Raja Sree.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Raja Sree, T., Mary Saira Bhanu, S. Detection of HTTP flooding attacks in cloud using fuzzy bat clustering. Neural Comput & Applic 32, 9603–9619 (2020). https://doi.org/10.1007/s00521-019-04473-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-019-04473-6

Keywords

Search

Navigation