Detecting the Origin of DDoS Attacks in OpenStack Cloud Platform Using Data Mining Techniques

  • Konstantin Borisenko
  • Andrey Rukavitsyn
  • Andrei Gurtov
  • Andrey ShorovEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9870)


The paper presents the results of the design and implementation of detection system against DDoS attacks for OpenStack cloud computing platform. Proposed system uses data mining techniques to detect malicious traffic. Formal models of detecting components are described. To train data mining models real legitimate traffic was combined with modelled malicious one. Paper presents results of detecting the origin of DDoS attacks on cloud instances.


Cloud security DDoS attacks Cloud security components Data mining 



The authors want to gratefully thank the director of Second Saint Petersburg Highschool Marder Ludmila Maratovna and system administrator Shilnikov Denis Evgenievich for providing us the possibility to implement our components in schools corporate network and monitoring the traffic flows values.

The paper has been prepared within the scope of the state project “Organization of scientific research” of the main part of the state plan of the Board of Education of Russia, the project part of the state plan of the Board of Education of Russia (task 2.136.2014/K), supported by grant of RFBR #16-07-00625, supported by Russian President’s fellowship, as well as with the financial support of the Foundation for Assistance to Small Innovative Enterprises in the scientific and technical spheres #10134gu2015.


  1. 1. What is Cloud Computing? - Salesforce UK.
  2. 2.
    Secucloud web-site: Secucloud.
  3. 3.
    Weins, K.: RightScale State of the Cloud 2013: A New Industry Survey.
  4. 4.
    Munz, G., Li, S., Carle, G.: Traffic anomaly detection using k-means clustering. In: GI/ITG Workshop MMBnet (2007)Google Scholar
  5. 5. OpenStack Docs: Scenario: Legacy with Open vSwitch.
  6. 6.
    Michael Scheck. Netflow For Incident Detection/Cisco CSIRT.
  7. 7.
    Oracle web-site: Oracle Exalogic Elastic Cloud: System Overview.
  8. 8.
    Delimitrou, C., Kozyrakis, C.: Security Implications of Data Mining in Cloud Scheduling. IEEE Comput. Arch. Lett. 1–1 (2015)Google Scholar
  9. 9.
    Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for DDoS attack defense in cloud environment. Future Gen. Comput. Syst. 29, 1838–1850 (2013)CrossRefGoogle Scholar
  10. 10.
    Vieira, K., Schulter, A., Westphall, C., Westphall, C.: Intrusion detection for grid and cloud computing. IT Prof. 12, 38–43 (2010)CrossRefGoogle Scholar
  11. 11.
    Zolotukhin, M., Hamalainen, T., Kokkonen, T., et al.: Data mining approach for detection of DDoS attacks utilizing SSL/TLS protocol. In: 15th International Conference, NEW2AN 2015, St. Petersburg, Russia, pp. 274–285 (2015)Google Scholar
  12. 12.
    Bekeneva, Y., Borisenko, K., Shorov, A., Kotenko, I.: Investigation of DDoS attacks by hybrid simulation. In: Khalil, I., et al. (eds.) ICT-EurAsia 2015 and CONFENIS 2015. LNCS, vol. 9357, pp. 179–189. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24315-3_18 CrossRefGoogle Scholar
  13. 13.
    Borisenko, K., Smirnov, A., Novikova, E., Shorov, A.: DDoS attacks detection in cloud computing using data mining techniques. In: Perner, P. (ed.) ICDM 2016. LNCS (LNAI), vol. 9728, pp. 197–211. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-41561-1_15 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Konstantin Borisenko
    • 1
  • Andrey Rukavitsyn
    • 1
  • Andrei Gurtov
    • 2
    • 3
  • Andrey Shorov
    • 1
    Email author
  1. 1.Department of Computer Science and EngineeringSaint-Petersburg Electrotechnical University “LETI”Saint-PetersburgRussia
  2. 2.Department of Computer and Information ScienceLinköping UniversityLinköpingSweden
  3. 3.SCA Research LabITMO UniversitySaint-PetersburgRussia

Personalised recommendations