Abstract
Distributed Denial of Service (DDoS) attack poses a significant threat to the cloud environment that can impoverish the resource availability, engage the server busy, and damage the entire system within a short period. The recent DDoS attacks use clever strategies such as low-rate attacks and attacking as an authenticated user. Apparently, the current research lacks auxiliary defense components to mitigate these attacks and instead mostly relies on a single component to perform attack detection. In this work, we propose a Multi-level defense system, a timely and active lightweight mechanism to handle the above constraints. This defense system introduces a novel filtering component called filter, sniffer, and analyzer (FSA) to discard malicious packets from authenticated users. The malicious packets are further inspected using Game-theory based attack prevention algorithm and sent to the blacklist database for future reference. Here the FSA filtering and game-theory are employed as they are more efficient in the detection of low-rate attacks in specific. Along with this, the defense system also employs a decision tree classifier followed by a ϕ-entropy component to detect malicious packets. Another novelty of this work is this integration of detection, filtering, and prevention and our experiments show the efficacy of this approach. The results evaluated using the CAIDA dataset shows that our proposed multi-level defense system attains 97% detection accuracy which outperforms the existing ϕ-entropy detection system by 10% absolute gain. In addition to this, the system achieves precision of 93% and detection rate of 82% along with 0.06 FAR. This shows that our multi-level defense system is faster and efficient in detecting and preventing the low-rate and high-rate DDoS attacks as compared to existing methods such as ϕ-Entropy, Generalized Entropy (GE) and Generalized Information Distance (GID) metrics. The future direction of this research work can be further enhanced by exploring different deep learning algorithms for network traffic classification. The deployment of the defense mechanism can be extended into multiple locations using a hybrid deployment model to improve detection accuracy.
Similar content being viewed by others
References
Ko, R., Lee, S.S.G.: Cloud computing vulnerability incidents: a statistical overview. Available from https://downloads.Cloudsecurityalliance.org/initiatives/cvwg/CSA_Whitepaper_Cloud_Computing_Vulnerability_Incidents.zip. Accessed on Sep 2014.
Divyasree, I.R., Selvamani K.: Defeating the distributed denial of service attack in cloud environment: a survey. In: International Conference on Circuit, Power and Computing Technologies (ICCPCT), IEEE, Kollam, pp.1–8, (2017)
Yan, Q., Yu, F., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016)
Kushwah, G.S., Ali, S.T.: Detecting DDoS attacks in cloud computing using ANN and black hole optimization. In: 2nd International Conference on Telecommunication and Networks (TEL-NET 2017), (2017)
. Karnwal, S. Thandapanii, Gnanasekaran, A.: A filter tree approach to protect cloud computing against XML DDoS and HTTP DDoS attack. In: Intelligent Informatics, Advances in Intelligent Systems and Computing, vol. 182. Springer, Berlin, (2013)
Oshima, S., Hirakawa, A., Nakashima T., Sueyoshi, T.: DoS/DDoS detection scheme using statistical method based on the destination port number. In: Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp.206–209, (2009)
Wang, H., Jin, C., Shin, K.G.: Defense against spoofed IP traffic using hop-count filtering. IEEE/ACM Trans. Netw. 15(1), 40–53 (2007)
Yaar, A., Perrig, A., Song, D.: StackPi: new packet marking and filtering mechanisms for DDoS and IP spoofing defense. IEEE J. Sel. Areas Commun. 24(10), 1853–1863 (2006)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 51(1), 1–7 (2015)
Idhammad, M. et al.: Detection system of HTTP DDoS attacks in a cloud environment based on information theoretic entropy and random forest. Secur. Commun. Netw (2018)
Behal, S., Kumar, K.: Detection of DDoS attacks and flash events using novel information theory metrics. Comput. Netw. 116, 96–110 (2017)
Xiang, Y., et al.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inform. Forensics Secur. 6(2), 426–437 (2011)
Bedi, H.S., Shiva, S.: Securing Cloud infrastructure against co-resident DoS attacks using game theoretic defense mechanisms. In: International Conference on Advances in Computing, Communications, and Informatics (ICACCI-2012), pp. 463–469 (2012)
“Yahoo on the trail of Site Hackers”. Wired.com, Feb 8, 2000. http://www.wired.com/news/business/0,1367,34221,00.html. Accessed 15 May 2003
Agrawal, N., Tapaswi, S.: Defense mechanisms against DDoS attacks in a cloud computing environment: state-of-the-art and research challenges. IEEE Comm. Surveys Tuts 21(4), 3769–3795 (2019)
Kim, Y., Lau, W.C., Chuah, M.C., Chao, H.J.: Pocket score: statistics-based overload control against distributed denial-of-service attacks. In: IEEE INFOCOM 2004, Hong Kong, vol.4, pp. 2594–2604, (2004)
Ayres, P.E., Sun, H., Chao, H.J., Lau, W.C.: ALPi: a DDoS defense system for high-speed networks. IEEE J. Sel. Areas Commun. 24(10), 1864–1876 (2006)
Kulkarni, A., Bush, S.: Detecting distributed denial-of-service attacks using kolmogorov complexity metrics. J. Netw. Syst. Manage. 14(1), 69–80 (2006)
Aborujilah, A., Musa, S.: Cloud-based DDoS HTTP attack detection using covariance matrix approach. J. Comput. Netw. Commun. 5, 1–8 (2017)
Shea, R., Liu, J.: Performance of virtual machines under networked denial of service attacks: experiments and analysis. IEEE Syst. J. 7(2), 335–345 (2013)
Latanicki, J., Massonet, P., Naqvi, S., Rochwerger, B., Villari, M.: Scalable Cloud defenses for detection, analysis and mitigation of DDoS attacks. Future Internet Assembly 15, 127–137 (2010)
Zhang, J., Qin, Z., Ou, L., Jiang P., Liu, J.R., Liu, A.X.: An advanced entropy-based DDOS detection scheme. In: International Conference on Information, Networking and Automation (ICINA), pp. 67–71, (2010)
Ma, X., Chen, Y.: DDoS detection method based on chaos analysis of network traffic entropy. IEEE Commun. Lett. 18(1), 114–117 (2014)
Salah, K., Elbadawi, K., Boutaba, R.: Performance modeling and analysis of network firewalls. IEEE Trans. Netw. Serv. Manage. 9(1), 12–21 (2012)
Idziorek, T.M.F., Jacobson, D.: The insecurity of cloud utility models. IT Professional 15(2), 22–27 (2013)
Wahab, O.A., Bentahar, J., Otrok, H., Mourad, A.: Optimal load distribution for the detection of VM-based DDoS attacks in the cloud. Trans. Serv. Comput. 13(1), 114–129 (2020)
Ferguson, P., Senie, D.: Network ingress filtering: Defeating Denial of Service attacks which employ IP source address spoofing. In: RFC 2827 (2001)
Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: an architecture for mitigating DDoS attacks. IEEE J. Sel. Areas Commun. 22(1), 176–188 (2004)
Feng, Y., Guo, R., Wang, D., Zhang, B.: Research on the Active DDoS filtering algorithm based on IP flow. In: Fifth International Conference on Natural Computation, Tianjin, pp. 628–632 (2009)
Shui, Yu., Tian, Y., Guo, S., Wu, D.O.: Can we beat DDoS attacks in clouds? IEEE Trans. Parall. Distrib. Syst. 25(9), 2245–2254 (2014)
Dou, W., Chen, Qi., Chen, J.: A confidence-based filtering method for DDoS attack defense in a cloud environment. Futur. Gener. Comput. Syst. 29, 1838–1850 (2013)
Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attack using artificial neural networks. J. Neurocomput. 172, 385–393 (2016)
Kalkan, K., Alagoz, F.: A distributed filtering mechanism against DDoS attacks: ScoreForCore. Comput. Netw. 108, 199–209 (2016)
Wang, L., Li, Q., Jiang, Y., Jia, X., Jianping, Wu.: Woodpecker: Detecting and mitigating link-flooding attack via SDN. Comput. Netw. 147, 1–13 (2018)
Priyadarshini, R., et al.: Fog-SDN: a light mitigation scheme for DDoS attack in fog computing framework. Int. J. Commun. Syst. 33(9), 7 (2020)
Alqahtani, S., Gamble, R.F.: DDoS attacks in service clouds. In: 48th Hawaii International Conference on System Sciences, Kauai pp. 5331–5340, (2015)
Cheng, J., Zhang, C., Tang, X., Sheng, V.S., Dong, Z., Li, J.: Adaptive DDoS attack detection method based on multiple-kernel learning. J. Secur. Commun. Netw. 4, 1–19 (2018)
Liu, G., Quan, W., Cheng, N., Zhang, H., Yu, S.: Efficient DDoS attacks mitigation for stateful forwarding in Internet of Thing”. J. Netw. Comput. Appl. 130, 1–13 (2019)
Divyasree, I.R., Selvamani, K.: Detection of high-rate distributed denial of service attack using entropy metrics in cloud computing environment. In: International Conference on Grid, Cloud & Cluster Computing (GCC’18), Las Vegas, pp. 53–59, (2018)
Shannon, C.E.: A mathematical theory of communication. Mobile Comput. Commun. Rev. 5(1), 3–55 (2001)
Bhatia, P.: K and surender singh, "on a new Csiszar’s f-divergence measure. Cybernet. Inform. Technol. 13(2), 43–57 (2013)
Roy, S., Ellis, C.S. Shiva, D. Dasgupta, V. Shandilya, Wu, Q.: A survey of game theory as applied to network security. In: 43rd Hawaii International Conference on System Sciences, Honolulu, pp. 1–10, (2010)
Alcorn, J.A., Chow, C.E.: A framework for large-scale modelling and simulation of attacks on an OpenFlow network. In: 23rd International Conference on Computer Communication and Networks (ICCCN), (2014)
Cooperative Analysis for Internet Data Analysis DDoS attack 2007 dataset. https://www.caida.org/data/passive/ddos-20070804-dataSET.XML,2010
Cooperative Analysis for Internet Data Analysis DDoS attack 2013 dataset. https://www.caida.org/data/passive/passive_2013_dataset.xml.
Bhushan, K., Gupta, B.B.: Hypothesis test for low-rate DDoS attack detection in cloud computing environment. Procedia Comput. Sci. 132, 947–955 (2018)
Sreeram, I., Vuppala, V.P.K.: HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl. Comput. Inform. 15(1), 59–66 (2019)
Hong, K., Kim, Y., Choi, H., Park, J.: SDN-Assisted Slow HTTP DDoS Attack Defense Method. IEEE Commun. Lett. 22(4), 12–24 (2023)
Yungaicela-Naula, N.M., Rosales, C.V., Perez, J.A., Jacob, E., Cagnazzo, C.M.: Physical assessment of an SDN-based security framework for DDoS attack mitigation: introducing the SDN-SlowRate-DDoS dataset. IEEE Access 11(2), 46820–46831 (2023)
Li, Z., Kong, Y., Wang, C., Jiang, C.: DDoS Mitigation based on space-time flow regularities in IoV: a feature adaption reinforcement learning approach. IEEE Trans. Intell. Transp. Syst. 23(23), 2262–2278 (2022)
Yungaicela-Naula, N.M., Rosales, C.V., Diaz, J.A.P.: Real-time DDoS detection and alleviation in software-defined in-vehicle networks. IEEE Sens. Lett. 6(9), 12–25 (2022)
Dong, S., Sarem, M.: DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8(2), 5039–5048 (2023)
Sharif, D.M., Beitollahi, H., Fazeli, M.: Application-layer DDoS attacks produced by various freely accessible toolkits using machine learning. IEEE Access 11, 51810–51819 (2023)
Liu, Y., Tsang, K.F., Wu, C.K., Wei, Y., Wang, H., Zhu, H.: IEEE P2668-compliant multi-layer IoT-DDoS defense system using deep reinforcement learning. IEEE Trans. Consum. Electron. 69(1), 49–64 (2023)
Cai, T., Jia, T., Yuqi Li, S., Yang, Z.: ADAM: an adaptive DDoS attack mitigation scheme in software-defined cyber-physical system. IEEE Trans. Ind. Inform. 19(6), 7803–7813 (2023)
Chen, X., Chen, Y., Feng, W.: Real-time DDoS defense in 5G-enabled IoT: a multidomain collaboration perspective. IEEE Internet Things J. 10(5), 4490–4505 (2023)
Author information
Authors and Affiliations
Contributions
MM proposed the concept and written the paper and VT and SB Over all supervision
Corresponding author
Ethics declarations
Competing interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Mohan, M., Tamizhazhagan, V. & Balaji, S. A Perspicacious Multi-level Defense System Against DDoS Attacks in Cloud Using Information Metric & Game Theoretical Approach. J Netw Syst Manage 31, 85 (2023). https://doi.org/10.1007/s10922-023-09776-7
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-023-09776-7