Abstract
Cloud computing is supported by Fog computing paradigm for achieving local data investigation at edge devices by offering storage support, infrastructure, computing and network facilities to end users. Availability is considered as the important security requirement for facilitating disruptive utilization of on-demand cloud service for diverse client applications. Seamless services of clouds are hindered by Distributed Denial of Service (DDoS) attacks in a cloud computing environment. In this paper, Deep Reinforcement Learning (DRL) and Long Short Term Memory (LSTM)-based DDoS attack mitigation scheme is propounded for handling the impacts of DDoS attacks in fog-assisted cloud computing environment. In the proposed scheme, Software Defined Network (SDN) is utilized for deploying defense module in the SDN controller for the purpose of identifying anomalous characteristics of DDoS attack in transport or network layer. It aids in filtering and forwarding legitimate packets by performing network traffic analysis while circumventing attacks caused by infected packets.
Similar content being viewed by others
Data Availability
The data that support the findings of this study are available from the corresponding author upon reasonable request.
References
Bawany, N. Z., Shamsi, J. A., & Salah, K. (2017). DDoS attack detection and mitigation using SDN: Methods, practices, and solutions. Arabian Journal for Science and Engineering, 42(2), 425–441.
Berral, J. L., Poggi, N., Alonso, J., Gavaldà, R., Torres, J., & Parashar, M. (2008). Adaptive distributed mechanism against flooding network attacks based on machine learning. In Proceedings of 1st ACM workshop on Workshop on AISec - AISec '08, 1(1), (pp. 67–74).
Cui, J., He, J., Xu, Y., & Zhong, H. (2018). TDDAD: Time-based detection and defense scheme against DDoS attack on SDN controller. Information Security and Privacy, 1(1), 649–665.
Elhassouny, A., & Smarandache, F. (2019). Trends in deep convolutional neural networks architectures: A review. In International conference of computer science and renewable energies (ICCSRE), 1(1),(pp. 87–96)
Sengathir J., Deva Priya M. (2021). Improved Artificial Bee Colony using Monarchy Butterfly Optimization Algorithm for Load Balancing (IABC-MBOA-LB) in Cloud Environment, Journal of Networks and Systems Management (Vol. 29, No. 39) Springer. ISSN: 1573-7705.
Deva Priya M., Muhammad Haaris J., Poovizhi Selvan C.Y., Ruban R., Sengathir J. (2021). “Batch Signature-based Verification of Data Computation in Cloud Applications” in the 6th International Conference on Recent Trends in Computing (ICRTC 2020), Lecture Notes in Networks and Systems (Vol. 177, pp. 733–747) Springer.
Deva Priya M., Amirthavarsini G., Angu Kaushika S., Deeptheshanmathie K. (2022). “A Cloud based Trusted Framework for Industrial Connected Vehicles” in the International Conference on Recent Trends in Computing (ICRTC 2021), Lecture Notes in Networks and Systems (Vol. 341, pp. 201–211) Springer.
Kumar, A., Abhishek, K., Liu, X., & Haldorai, A. (2021). An efficient privacy-preserving id centric authentication in iot based cloud servers for sustainable smart cities. Wireless Personal Communications, 117, 3229–3253.
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., & Maglaris, V. (2014). Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 62(1), 122–136.
Durai, K. N., Subha, R., & Haldorai, A. (2021). A novel method to detect and prevent SQLIA using ontology to cloud web security. Wireless Personal Communications, 117(4), 2995–3014.
Ha, T., Kim, S., An, N., Narantuya, J., Jeong, C., Kim, J., & Lim, H. (2016). Suspicious traffic sampling for intrusion detection in software-defined networks. Computer Networks, 109(1), 172–182.
Li, Q., Meng, L., Zhang, Y., & Yan, J. (2019). DDoS attacks detection using machine learning algorithms. Digital TV and Multimedia Communication, 1(1), 205–216.
Mihai-Gabriel, I., & Victor-Valeriu, P. (2014). Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In 15th IEEE International symposium on computational intelligence and informatics (CINTI), 1(1), (pp. 21–32).
Santos, R., Souza, D., Santo, W., Ribeiro, A., & Moreno, E. (2019). Machine learning algorithms to detect DDoS attacks in SDN. Concurrency and Computation: Practice and Experience, 1(1), e5402.
Saxena, R., & Dey, S. (2019). DDoS attack prevention using collaborative approach for cloud computing. Cluster Computing, 1(1), 23–31.
Shon, T, Kim, Y, Lee, C & Jongsub Moon. (2005.). A machine learning framework for network anomaly detection using SVM and GA. In proceedings from the sixth annual IEEE systems, man and cybernetics (SMC) information assurance workshop, 1(1), (pp. 56–64).
Wang, C., Miu, T. T., Luo, X., & Wang, J. (2018). SkyShield: A sketch-based defense system against application layer DDoS attacks. IEEE Transactions on Information Forensics and Security, 13(3), 559–573.
Manikopoulos, C., & Papavassiliou, S. (2002). Network intrusion and fault detection: A statistical anomaly approach. IEEE Communications Magazine, 40(10), 76–82.
Seufert, S., & O'Brien, D. (2007). Machine learning for automatic defence against distributed denial of service attacks. In IEEE international conference on communications, 1(2), (pp. 67–73)
Kumar, P. A. R., & Selvakumar, S. (2013). Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Computer Communications, 36(3), 303–319.
He, Z., Zhang, T., & Lee, R. B. (2017). Machine learning based DDoS attack detection from source side in cloud. In 4th IEEE international conference on cyber security and cloud computing (CSCloud), 1(1), (pp. 23–32).
Yuan, X., Li, C., & Li, X. (2017). DeepDefense: Identifying DDoS attack via deep learning. In IEEE international conference on smart computing (SMARTCOMP) (pp. 1–8).
Li, C., Wu, Y., Yuan, X., Sun, Z., Wang, W., Li, X., & Gong, L. (2018). Detection and defense of DDoS attack-based on deep learning in openflow-based SDN. International Journal of Communication Systems, 31(5), e3497.
Priyadarshini, R., & Barik, R. K. (2019). A deep learning based intelligent framework to mitigate DDoS attack in fog environment. Journal of King Saud University–Computer and Information Sciences, 2(1), 23–38.
Bhardwaj, A., Mangat, V., & Vig, R. (2020). Hyperband tuned deep neural network with well posed stacked sparse autoencoder for detection of DDoS attacks in cloud. IEEE Access, 8, 181916–181929.
Kachavimath, A. V., & Narayan, D. G. (2021). A deep learning-based framework for distributed denial-of-service attacks detection in cloud environment. In Advances in computing and network communications: proceedings of CoCoNet 2020, Volume 1 (pp. 605–618). Springer Singapore.
Gudla, S. P. K., Bhoi, S. K., Nayak, S. R., & Verma, A. (2022). DI-ADS: A deep intelligent distributed denial of service attack detection scheme for fog-based IoT applications. Mathematical Problems in Engineering, 2022, 1–17.
Alzahrani, R. J., & Alzahrani, A. (2023). A novel multi algorithm approach to identify network anomalies in the IoT using Fog computing and a model to distinguish between IoT and Non-IoT devices. Journal of Sensor and Actuator Networks, 12(2), 19.
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys and Tutorials, 18(1), 602–622.
Zekri, M., Kafhali, S. E., Aboutabit, N., & Saadi, Y. (2017). DDoS attack detection using machine learning techniques in cloud computing environments. In 3rd international conference of cloud computing technologies and applications (CloudTech), 1(1) (pp. 21–34).
https://www.sciencedirect.com/topics/computer-science/floodlight-controller
https://www.tensorflow.org/guide/keras/training_keras_models_on_cloud
Funding
This research work has not received any funding from any organization.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflicts of interest
The authors declare that ther is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Janakiraman, S., Deva Priya, M. A Deep Reinforcement Learning-based DDoS Attack Mitigation Scheme for Securing Big Data in Fog-Assisted Cloud Environment. Wireless Pers Commun 130, 2869–2886 (2023). https://doi.org/10.1007/s11277-023-10407-2
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-023-10407-2