A Robust and Efficient Detection Model of DDoS Attack for Cloud Services

  • Jian Zhang
  • Ya-Wei Zhang
  • Jian-Biao HeEmail author
  • Ou Jin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9530)


Recently, DDoS attacks have become a major security threat to cloud services. How to detect and defend against DDoS attacks is currently a hot topic in both industry and academia. In this paper, we propose a novel model to detect DDoS attacks and identify attack packets for abnormal traffic filtering. The novelties of the model are that: (1) combined with the characteristics of three types of IP spoofing-based attacks and temporal correlation of transport layer connection state, a set of accurate check rules for abnormal packets are designed; (2) by improving the Bloom Filter algorithm, the efficient mapping mechanism of TCP2HC/UDP2HC and the reliable two-way checking mechanism of abnormal data packet are implemented; (3) DDoS attacks detection and filtering are realized by using non-parameter CUSUM algorithm to model the growth scale of abnormal packets. Experiments show that no matter what type of IP spoofing technology and the attack traffic scale, detection model can accurately detect the DDoS attacks as early as possible.


DDoS IP spoofing HOP COUNT Check CUSUM 



This work is partially supported by the Planned Science and Technology Project of Hunan Province, China (NO.2015JC3044), and the National Natural Science Foundation of China (NO.61272147).


  1. 1.
    Sumter, R.L.Q.: Cloud Computing: Security Risk Classification. ACMSE, Oxford (2010)CrossRefGoogle Scholar
  2. 2.
    Jansen, W., et al.: Cloud hooks: security and privacy issues in cloud computing. In: 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2011)Google Scholar
  3. 3.
    Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. bxt031 (2013)Google Scholar
  4. 4.
    Patel, K.: Security survey for cloud computing: threats and existing IDS/IPS techniques. In: 24th International Conference on Control, Communication and Computer Technology, pp. 88–92. IEEE (2013)Google Scholar
  5. 5.
    Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)CrossRefGoogle Scholar
  6. 6.
    Gupta, S., Kumar, P., Abraham, A.: A profile based network intrusion detection and prevention system for securing cloud environment. Int. J. Distrib. Sens. Netw. (2013)Google Scholar
  7. 7.
    Yi, F., Yu, S., Zhou, W., Hai, J., Bonti, A.: Source-based filtering scheme against DDoS attacks. Int. J. Database Theory Appl. 1(1), 9–20 (2008)Google Scholar
  8. 8.
    Gavaskar, S., Surendiran, R., Ramaraj, D.E.: Three counter defense mechanism for TCP SYN flooding attacks. Int. J. Comput. Appl. 6(6), 0975–8887 (2010)Google Scholar
  9. 9.
    Gulshan, S., Kavita, S., Swarnlata, R.: A technical overview DoS and DDoS attack. Proc. Int. Conf. Comput. 2010, 274–282 (2010)Google Scholar
  10. 10.
    Bogdanoski, M., Suminoski, T., Risteski, A.: Analysis of the SYN flood DoS attack. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 5(8), 1–11 (2013)Google Scholar
  11. 11.
    Bhandari, N.H.: Survey on DDoS attacks and its detection and defence approaches. Int. J. Sci. Mod. Eng. (IJISME) 1(3), 2319–6386 (2013)Google Scholar
  12. 12.
    Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attacks using history-based IP filtering. In: IEEE International Conference on Communications, pp. 482–486 (2003)Google Scholar
  13. 13.
    Tao, Y., Yu, S.: DDoS attack detection at local area networks using information theoretical metrics. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 233–240 (2013)Google Scholar
  14. 14.
    François, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. (TON) 20(6), 1828–1841 (2012)CrossRefGoogle Scholar
  15. 15.
    Chouhan, V., Peddoju, S.K.: Packet monitoring approach to prevent DDoS attack in cloud computing. Int. J. Comput. Sci. Electr. Eng. (IJCSEE) 1(2), 2315–4209 (2013)Google Scholar
  16. 16.
    Chonka, A., Singh, J., Zhou, W.: Chaos theory based detection against network mimicking DDoS attacks. IEEE Commun. Lett. 13(9), 717–719 (2009)CrossRefGoogle Scholar
  17. 17.
    Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for DDoS attack defense in cloud environment. Future Gener. Comput. Syst. 29(7), 1838–1850 (2013)CrossRefGoogle Scholar
  18. 18.
    Wang, F., Wang, H., Wang, X., Su, J.: A new multistage approach to detect subtle DDoS attacks. Math. Comput. Model. 55(1), 198–213 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Bhuyan, M.H., Bhattacharyya, D., Kalita, J.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)CrossRefGoogle Scholar
  20. 20.
    Broder, A., Mitzenmacher, M.: Network applications of bloom filters: a survey. Internet Math. 1(4), 485–509 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Paxson, V.: End-to-end routing behavior in the internet. IEEE/ACM Trans. Netw. 5(5), 601–615 (1997)CrossRefGoogle Scholar
  22. 22.
    Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for cdns and web sites. In: Proceedings of the 11th International Conference on World WideWeb, pp. 293–304. ACM (2002)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Jian Zhang
    • 1
  • Ya-Wei Zhang
    • 1
  • Jian-Biao He
    • 1
    Email author
  • Ou Jin
    • 1
  1. 1.School of Information Science and EngineeringCentral South UniversityChangshaChina

Personalised recommendations