Skip to main content
SpringerLink
Log in

A Perspicacious Multi-level Defense System Against DDoS Attacks in Cloud Using Information Metric & Game Theoretical Approach

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Distributed Denial of Service (DDoS) attack poses a significant threat to the cloud environment that can impoverish the resource availability, engage the server busy, and damage the entire system within a short period. The recent DDoS attacks use clever strategies such as low-rate attacks and attacking as an authenticated user. Apparently, the current research lacks auxiliary defense components to mitigate these attacks and instead mostly relies on a single component to perform attack detection. In this work, we propose a Multi-level defense system, a timely and active lightweight mechanism to handle the above constraints. This defense system introduces a novel filtering component called filter, sniffer, and analyzer (FSA) to discard malicious packets from authenticated users. The malicious packets are further inspected using Game-theory based attack prevention algorithm and sent to the blacklist database for future reference. Here the FSA filtering and game-theory are employed as they are more efficient in the detection of low-rate attacks in specific. Along with this, the defense system also employs a decision tree classifier followed by a ϕ-entropy component to detect malicious packets. Another novelty of this work is this integration of detection, filtering, and prevention and our experiments show the efficacy of this approach. The results evaluated using the CAIDA dataset shows that our proposed multi-level defense system attains 97% detection accuracy which outperforms the existing ϕ-entropy detection system by 10% absolute gain. In addition to this, the system achieves precision of 93% and detection rate of 82% along with 0.06 FAR. This shows that our multi-level defense system is faster and efficient in detecting and preventing the low-rate and high-rate DDoS attacks as compared to existing methods such as ϕ-Entropy, Generalized Entropy (GE) and Generalized Information Distance (GID) metrics. The future direction of this research work can be further enhanced by exploring different deep learning algorithms for network traffic classification. The deployment of the defense mechanism can be extended into multiple locations using a hybrid deployment model to improve detection accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Ko, R., Lee, S.S.G.: Cloud computing vulnerability incidents: a statistical overview. Available from https://downloads.Cloudsecurityalliance.org/initiatives/cvwg/CSA_Whitepaper_Cloud_Computing_Vulnerability_Incidents.zip. Accessed on Sep 2014.

  2. Divyasree, I.R., Selvamani K.: Defeating the distributed denial of service attack in cloud environment: a survey. In: International Conference on Circuit, Power and Computing Technologies (ICCPCT), IEEE, Kollam, pp.1–8, (2017)

  3. Yan, Q., Yu, F., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016)

    Article  Google Scholar 

  4. Kushwah, G.S., Ali, S.T.: Detecting DDoS attacks in cloud computing using ANN and black hole optimization. In: 2nd International Conference on Telecommunication and Networks (TEL-NET 2017), (2017)

  5. . Karnwal, S. Thandapanii, Gnanasekaran, A.: A filter tree approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In: Intelligent Informatics, Advances in Intelligent Systems and Computing, vol. 182. Springer, Berlin, (2013)

  6. Oshima, S., Hirakawa, A., Nakashima T., Sueyoshi, T.: DoS/DDoS detection scheme using statistical method based on the destination port number. In: Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp.206–209, (2009)

  7. Wang, H., Jin, C., Shin, K.G.: Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Trans. Netw. 15(1), 40–53 (2007)

    Article  CAS  Google Scholar 

  8. Yaar, A., Perrig, A., Song, D.: StackPi: new packet marking and filtering mechanisms for DDoS and IP spoofing defense. IEEE J. Sel. Areas Commun. 24(10), 1853–1863 (2006)

    Article  Google Scholar 

  9. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 51(1), 1–7 (2015)

    Article  ADS  Google Scholar 

  10. Idhammad, M. et al.: Detection system of HTTP DDoS attacks in a cloud environment based on information theoretic entropy and random forest. Secur. Commun. Netw (2018)

  11. Behal, S., Kumar, K.: Detection of DDoS attacks and flash events using novel information theory metrics. Comput. Netw. 116, 96–110 (2017)

    Article  Google Scholar 

  12. Xiang, Y., et al.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inform. Forensics Secur. 6(2), 426–437 (2011)

    Article  Google Scholar 

  13. Bedi, H.S., Shiva, S.: Securing Cloud infrastructure against co-resident DoS attacks using game theoretic defense mechanisms. In: International Conference on Advances in Computing, Communications, and Informatics (ICACCI-2012), pp. 463–469 (2012)

  14. “Yahoo on the trail of Site Hackers”. Wired.com, Feb 8, 2000. http://www.wired.com/news/business/0,1367,34221,00.html. Accessed 15 May 2003

  15. Agrawal, N., Tapaswi, S.: Defense mechanisms against DDoS attacks in a cloud computing environment: state-of-the-art and research challenges. IEEE Comm. Surveys Tuts 21(4), 3769–3795 (2019)

    Article  Google Scholar 

  16. Kim, Y., Lau, W.C., Chuah, M.C., Chao, H.J.: Pocket score: statistics-based overload control against distributed denial-of-service attacks. In: IEEE INFOCOM 2004, Hong Kong, vol.4, pp. 2594–2604, (2004)

  17. Ayres, P.E., Sun, H., Chao, H.J., Lau, W.C.: ALPi: a DDoS defense system for high-speed networks. IEEE J. Sel. Areas Commun. 24(10), 1864–1876 (2006)

    Article  Google Scholar 

  18. Kulkarni, A., Bush, S.: Detecting distributed denial-of-service attacks using kolmogorov complexity metrics. J. Netw. Syst. Manage. 14(1), 69–80 (2006)

    Article  Google Scholar 

  19. Aborujilah, A., Musa, S.: Cloud-based DDoS HTTP attack detection using covariance matrix approach. J. Comput. Netw. Commun. 5, 1–8 (2017)

    Google Scholar 

  20. Shea, R., Liu, J.: Performance of virtual machines under networked denial of service attacks: experiments and analysis. IEEE Syst. J. 7(2), 335–345 (2013)

    Article  ADS  Google Scholar 

  21. Latanicki, J., Massonet, P., Naqvi, S., Rochwerger, B., Villari, M.: Scalable Cloud defenses for detection, analysis and mitigation of DDoS attacks. Future Internet Assembly 15, 127–137 (2010)

    Google Scholar 

  22. Zhang, J., Qin, Z., Ou, L., Jiang P., Liu, J.R., Liu, A.X.: An advanced entropy-based DDOS detection scheme. In: International Conference on Information, Networking and Automation (ICINA), pp. 67–71, (2010)

  23. Ma, X., Chen, Y.: DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun. Lett. 18(1), 114–117 (2014)

    Article  Google Scholar 

  24. Salah, K., Elbadawi, K., Boutaba, R.: Performance modeling and analysis of network firewalls. IEEE Trans. Netw. Serv. Manage. 9(1), 12–21 (2012)

    Article  Google Scholar 

  25. Idziorek, T.M.F., Jacobson, D.: The insecurity of cloud utility models. IT Professional 15(2), 22–27 (2013)

    Article  Google Scholar 

  26. Wahab, O.A., Bentahar, J., Otrok, H., Mourad, A.: Optimal load distribution for the detection of VM-based DDoS attacks in the cloud. Trans. Serv. Comput. 13(1), 114–129 (2020)

    Article  Google Scholar 

  27. Ferguson, P., Senie, D.: Network ingress filtering: Defeating Denial of Service attacks which employ IP source address spoofing. In: RFC 2827 (2001)

  28. Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: an architecture for mitigating DDoS attacks. IEEE J. Sel. Areas Commun. 22(1), 176–188 (2004)

    Article  Google Scholar 

  29. Feng, Y., Guo, R., Wang, D., Zhang, B.: Research on the Active DDoS filtering algorithm based on IP flow. In: Fifth International Conference on Natural Computation, Tianjin, pp. 628–632 (2009)

  30. Shui, Yu., Tian, Y., Guo, S., Wu, D.O.: Can we beat DDoS attacks in clouds? IEEE Trans. Parall. Distrib. Syst. 25(9), 2245–2254 (2014)

    Article  Google Scholar 

  31. Dou, W., Chen, Qi., Chen, J.: A confidence-based filtering method for DDoS attack defense in a cloud environment. Futur. Gener. Comput. Syst. 29, 1838–1850 (2013)

    Article  Google Scholar 

  32. Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attack using artificial neural networks. J. Neurocomput. 172, 385–393 (2016)

    Article  Google Scholar 

  33. Kalkan, K., Alagoz, F.: A distributed filtering mechanism against DDoS attacks: ScoreForCore. Comput. Netw. 108, 199–209 (2016)

    Article  Google Scholar 

  34. Wang, L., Li, Q., Jiang, Y., Jia, X., Jianping, Wu.: Woodpecker: Detecting and mitigating link-flooding attack via SDN. Comput. Netw. 147, 1–13 (2018)

    Article  ADS  Google Scholar 

  35. Priyadarshini, R., et al.: Fog-SDN: a light mitigation scheme for DDoS attack in fog computing framework. Int. J. Commun. Syst. 33(9), 7 (2020)

    Article  Google Scholar 

  36. Alqahtani, S., Gamble, R.F.: DDoS attacks in service clouds. In: 48th Hawaii International Conference on System Sciences, Kauai pp. 5331–5340, (2015)

  37. Cheng, J., Zhang, C., Tang, X., Sheng, V.S., Dong, Z., Li, J.: Adaptive DDoS attack detection method based on multiple-kernel learning. J. Secur. Commun. Netw. 4, 1–19 (2018)

    CAS  Google Scholar 

  38. Liu, G., Quan, W., Cheng, N., Zhang, H., Yu, S.: Efficient DDoS attacks mitigation for stateful forwarding in Internet of Thing”. J. Netw. Comput. Appl. 130, 1–13 (2019)

    Article  ADS  Google Scholar 

  39. Divyasree, I.R., Selvamani, K.: Detection of high-rate distributed denial of service attack using entropy metrics in cloud computing environment. In: International Conference on Grid, Cloud & Cluster Computing (GCC’18), Las Vegas, pp. 53–59, (2018)

  40. Shannon, C.E.: A mathematical theory of communication. Mobile Comput. Commun. Rev. 5(1), 3–55 (2001)

    Article  MathSciNet  Google Scholar 

  41. Bhatia, P.: K and surender singh, "on a new Csiszar’s f-divergence measure. Cybernet. Inform. Technol. 13(2), 43–57 (2013)

    Article  Google Scholar 

  42. Roy, S., Ellis, C.S. Shiva, D. Dasgupta, V. Shandilya, Wu, Q.: A survey of game theory as applied to network security. In: 43rd Hawaii International Conference on System Sciences, Honolulu, pp. 1–10, (2010)

  43. Alcorn, J.A., Chow, C.E.: A framework for large-scale modelling and simulation of attacks on an OpenFlow network. In: 23rd International Conference on Computer Communication and Networks (ICCCN), (2014)

  44. Cooperative Analysis for Internet Data Analysis DDoS attack 2007 dataset. https://www.caida.org/data/passive/ddos-20070804-dataSET.XML,2010

  45. Cooperative Analysis for Internet Data Analysis DDoS attack 2013 dataset. https://www.caida.org/data/passive/passive_2013_dataset.xml.

  46. Bhushan, K., Gupta, B.B.: Hypothesis test for low-rate DDoS attack detection in cloud computing environment. Procedia Comput. Sci. 132, 947–955 (2018)

    Article  Google Scholar 

  47. Sreeram, I., Vuppala, V.P.K.: HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl. Comput. Inform. 15(1), 59–66 (2019)

    Article  Google Scholar 

  48. Hong, K., Kim, Y., Choi, H., Park, J.: SDN-Assisted Slow HTTP DDoS Attack Defense Method. IEEE Commun. Lett. 22(4), 12–24 (2023)

    Google Scholar 

  49. Yungaicela-Naula, N.M., Rosales, C.V., Perez, J.A., Jacob, E., Cagnazzo, C.M.: Physical assessment of an SDN-based security framework for DDoS attack mitigation: introducing the SDN-SlowRate-DDoS dataset. IEEE Access 11(2), 46820–46831 (2023)

    Article  Google Scholar 

  50. Li, Z., Kong, Y., Wang, C., Jiang, C.: DDoS Mitigation based on space-time flow regularities in IoV: a feature adaption reinforcement learning approach. IEEE Trans. Intell. Transp. Syst. 23(23), 2262–2278 (2022)

    Article  Google Scholar 

  51. Yungaicela-Naula, N.M., Rosales, C.V., Diaz, J.A.P.: Real-time DDoS detection and alleviation in software-defined in-vehicle networks. IEEE Sens. Lett. 6(9), 12–25 (2022)

    Google Scholar 

  52. Dong, S., Sarem, M.: DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8(2), 5039–5048 (2023)

    Google Scholar 

  53. Sharif, D.M., Beitollahi, H., Fazeli, M.: Application-layer DDoS attacks produced by various freely accessible toolkits using machine learning. IEEE Access 11, 51810–51819 (2023)

    Article  Google Scholar 

  54. Liu, Y., Tsang, K.F., Wu, C.K., Wei, Y., Wang, H., Zhu, H.: IEEE P2668-compliant multi-layer IoT-DDoS defense system using deep reinforcement learning. IEEE Trans. Consum. Electron. 69(1), 49–64 (2023)

    Article  CAS  Google Scholar 

  55. Cai, T., Jia, T., Yuqi Li, S., Yang, Z.: ADAM: an adaptive DDoS attack mitigation scheme in software-defined cyber-physical system. IEEE Trans. Ind. Inform. 19(6), 7803–7813 (2023)

    Article  Google Scholar 

  56. Chen, X., Chen, Y., Feng, W.: Real-time DDoS defense in 5G-enabled IoT: a multidomain collaboration perspective. IEEE Internet Things J. 10(5), 4490–4505 (2023)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Technology, Annamalai University, Chidambaram, Tamilnadu, India

    M. Mohan & V. Tamizhazhagan

  2. Department of Computer Science and Engineering, Panimalar Engineering College, Chennai, Tamilnadu, India

    S. Balaji

Authors
  1. M. Mohan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. Tamizhazhagan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Balaji
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

MM proposed the concept and written the paper and VT and SB Over all supervision

Corresponding author

Correspondence to M. Mohan.

Ethics declarations

Competing interest

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mohan, M., Tamizhazhagan, V. & Balaji, S. A Perspicacious Multi-level Defense System Against DDoS Attacks in Cloud Using Information Metric & Game Theoretical Approach. J Netw Syst Manage 31, 85 (2023). https://doi.org/10.1007/s10922-023-09776-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-023-09776-7

Keywords

Search

Navigation