Skip to main content
SpringerLink
Log in

An Adaptive Threshold-Based Attribute Selection to Classify Requests Under DDoS Attack in Cloud-Based Systems

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Cloud-based services are increasing day by day for various purposes due to its perpetuity and diverse dexterity. However, offensive network traffic such as distributed denial of service (DDoS) plays a significant role in threatening the cloud-based services. Therefore, defense for such attacks is required to save the cloud resources. Most of the attribute selection approaches for request classification are based on static threshold statistics. These statistics are the default values used to reduce the dimensionality of data. However, these default statistics do not work well with varying network conditions and for different intensities of DDoS attack. Therefore, an adaptive statistic is required to deal with different network and incoming traffic conditions. This paper also gives an comprehensive analysis of TCP, UDP and ICMP protocol-based DDoS attack and its effects on the cloud network. Based on the analysis and above issues, this paper presents an adaptive hybrid approach for attribute selection and classification of incoming traffic. The proposed approach consists of three subsystems such as (1) preprocessing subsystem, (2) adaptive attribute selection subsystem and (3) detection and prevention subsystem. The work utilizes NSL-KDD dataset which helps in the evaluation of the proposed approach. It is concluded that the combination of Mean Absolute Deviation technique with Random Forest classifier (MAD-RF) outperforms the other combinations. Therefore, MAD-RF is selected for further analysis. MAD-RF is also capable of dealing with TCP, UDP and ICMP protocol-based DDoS attack. The result shows that MAD-RF outperforms dimensionality reduction, traditional attribute selection methods and state-of-the-art approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20

Similar content being viewed by others

References

  1. Zissis, D.; Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)

    Google Scholar 

  2. Riad, K.; Hamza, R.; Yan, H.: Sensitive and energetic IoT access control for managing cloud electronic health records. IEEE Access 7, 86384–86393 (2019)

    Google Scholar 

  3. Aldossary, S.; Allen, W.: Data security, privacy, availability and integrity in cloud computing: issues and current solutions. Int. J. Adv. Comput. Sci. Appl. 7(4), 485–498 (2016)

    Google Scholar 

  4. Deshmukh, R.V.; Devadkar, K.K.: Understanding DDoS attack and its effect in cloud environment. Procedia Comput. Sci. 49, 202–210 (2015)

    Google Scholar 

  5. Hamza, R.; Yan, Z.; Muhammad, K.; Bellavista, P.; Titouna, F.: A privacy-preserving cryptosystem for IoT E-healthcare. Inf. Sci. (2019). https://doi.org/10.1016/j.ins.2019.01.070

    Article  Google Scholar 

  6. Peng, T.; Leckie, C.; Ramamohana Rao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. (CSUR) 39(1), 3 (2007)

    Google Scholar 

  7. Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M.; Rajarajan, M.; Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4, 22–32 (2017). https://doi.org/10.1109/MCC.2017.14

    Article  Google Scholar 

  8. Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M.; Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput. Commun. 107, 30–48 (2017)

    Google Scholar 

  9. Chaudhary, D.; Bhushan, K.; Gupta, B.B.: Survey on DDoS attacks and defense mechanisms in cloud and fog computing. Int. J. E-Serv. Mob. Appl. (IJESMA) 10(3), 61–83 (2018)

    Google Scholar 

  10. Gupta, B.B.; Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)

    Google Scholar 

  11. Koc, L.; Mazzuchi, T.A.; Sarkani, S.: A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier. Expert Syst. Appl. 39(18), 13492–13500 (2012)

    Google Scholar 

  12. Wang, W.; Gombault, S.: Efficient detection of DDoS attacks with important attributes. In: Third International Conference on Risks and Security of Internet and Systems, 2008. CRiSIS’08, pp. 61–67. IEEE (2008)

  13. De la Hoz, E.; De La Hoz, E.; Ortiz, A.; Ortega, J.; Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015)

    Google Scholar 

  14. Yang, C.: Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput. (2018). https://doi.org/10.1007/s10586-018-1755-5

    Article  Google Scholar 

  15. Hajimirzaei, B.; Navimipour, N.J.: Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. ICT Express. ISSN 2405–9595 (2018). https://doi.org/10.1016/j.icte.2018.01.014

  16. Thaseen, I.S.; Kumar, C.A.: Intrusion detection model using fusion of chi-square feature selection and multi class SVM. J. King Saud Univ. Comput. Inf. Sci. 29(4), 462–472 (2017)

    Google Scholar 

  17. Mazini, M.; Shirazi, B.; Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. Comput. Inf. Sci 31(4), 541–553 (2019)

    Google Scholar 

  18. Sreeram, I.; Vuppala, V.P.K.: HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl. Comput. Inform. 15(1), 59–66 (2019)

    Google Scholar 

  19. Manavi, M.T.: Defense mechanisms against Distributed Denial of Service attacks: a survey. Comput. Electr. Eng. 72, 26–38 (2018)

    Google Scholar 

  20. Kaur, P.; Kumar, M.; Bhari, A.: A review of detection approaches for distributed Denial of service attacks. Syst. Sci. Control Eng. 5(1), 301–320 (2017)

    Google Scholar 

  21. Inayat, Z.; Gani, A.; Anuar, N.B.; Anwar, S.; Khan, M.K.: Cloud-based intrusion detection response system: open research issues, solutions. Arab. J. Sci. Eng. 42(2), 399–423 (2017)

    Google Scholar 

  22. Yusof, A.R.A.; Udzir, N.I.; Selamat, A.; Hamdan, H.; Abdullah, M.T.: Adaptive feature selection for Denial of services (DoS) attack. In: 2017 IEEE Conference on Application, Information Network Security (AINS), pp. 81–84 (2017)

  23. Balkanli, E.; Zincir-Heywood, A.N.; Heywood, M.I.: Feature selection for robust backscatter DDoS detection. In: 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), pp. 611–618. IEEE (2015)

  24. Zi, L.; Yearwood, J.; Wu, X.W.: Adaptive clustering with feature ranking for DDoS attacks detection. In: 2010 Fourth International Conference on Network System Security, pp. 281–286. IEEE (2010)

  25. Osanaiye, O.; Cai, H.; Choo, K.K.R.; Dehghantanha, A.; Xu, Z.; Dlodlo, M.: Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016(1), 130 (2016)

    Google Scholar 

  26. Cao, J.; Yu, B.; Dong, F.; Zhu, X.; Xu, S.: Entropy-based Denial-of-service attack detection in cloud data center. Concurr. Comput. Pract. Exp. 27(18), 5623–5639 (2015)

    Google Scholar 

  27. Özçelik, İ.; Brooks, R.R.: Deceiving entropy based DoS detection. Comput. Secur. 48, 234–245 (2015)

    Google Scholar 

  28. Jian-Qi, Z.; Feng, F.; Ke-Xin, Y.; Yan-Heng, L.: Dynamic entropy based DoS attack detection method. Comput. Electr. Eng. 39(7), 2243–2251 (2013)

    Google Scholar 

  29. Jun, J.H.; Ahn, C.W.; Kim, S.H.: DDoS attack detection by using packet sampling flow features. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 711–712 (2014)

  30. Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: An empirical evaluation of information metrics for low-rate high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)

    Google Scholar 

  31. Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: E-LDAT: a lightweight system for DDoS flooding attack detection IP traceback using extended entropy metric. Secur. Commun. Netw. 9(16), 3251–3270 (2016)

    Google Scholar 

  32. Lee, K.; Kim, J.; Kwon, K.H.; Han, Y.; Kim, S.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34(3), 1659–1665 (2008)

    Google Scholar 

  33. Özçelik, İ.; Brooks, R.R.: Cusum-entropy: an efficient method for DDoS attack detection. In: 2016 4th International Istanbul Smart Grid Congress Fair (ICSG), pp. 1–5. IEEE (2016)

  34. Patrikakis, C.; Masikos, M.; Zouraraki, O.: Distributed Denial of service attacks. Internet Protoc. J. 7(4), 13–35 (2004)

    Google Scholar 

  35. Gil, T.M.; Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: USENIX Security Symposium, pp. 23–38 (2001)

  36. Zunnurhain, K.; Vrbsky, S.V.; Hasan, R.: FAPA: flooding attack protection architecture in a cloud system. Int. J. Cloud Comput. 3(4), 379–401 (2014)

    Google Scholar 

  37. Mirkovic, J.; Reiher, P.: D-WARD: a source-end defense against flooding Denial-of-service attacks. IEEE Trans. Dependable Secure Comput. 2(3), 216–232 (2005)

    Google Scholar 

  38. Rahmani, H.; Sahli, N.; Kamoun, F.: DDoS flooding attack detection scheme based on F-divergence. Comput. Commun. 35(11), 1380–1391 (2012)

    Google Scholar 

  39. Han, J.; Pei, J.; Kamber, M.: Data Mining: Concepts Techniques. Elsevier, New York (2011)

    MATH  Google Scholar 

  40. Shannon, C.: A mathematical theory of communication. ACM SIGMOBILE Mob. Comput. Commun. Rev. 5, 3–55 (2001)

    Google Scholar 

  41. Sree, T.R.; Bhanu, S.M.S.: Detection of HTTP flooding attacks in cloud using dynamic entropy method. Arab. J. Sci. Eng. 43(12), 6995–7014 (2018)

    Google Scholar 

  42. Beloglazov, A.; Abawajy, J.; Buyya, R.: Energy-aware resource allocation heuristics for efficient management of data centers for cloud computing. Future Gener. Comput. Syst. 28(5), 755–768 (2012)

    Google Scholar 

  43. Senthilkumaran, N.; Vaithegi, S.: Image segmentation by using thresholding techniques for medical images. Comput. Sci. Eng. Int. J. 6(1), 1–13 (2016)

    Google Scholar 

  44. Zou, X.; Cao, J.; Guo, Q.; Wen, T.: A novel network security algorithm based on improved support vector machine from smart city perspective. Comput. Electr. Eng. 65, 67–78 (2018)

    Google Scholar 

  45. Joshi, A.; Monnier, C.; Betke, M.; Sclaroff, S.: Comparing rom forest approaches to segmenting classifying gestures. Image Vis. Comput. 58, 86–95 (2017)

    Google Scholar 

  46. Xu, Y.; Zhu, Q.; Fan, Z.; Qiu, M.; Chen, Y.; Liu, H.: Coarse to fine K nearest neighbor classifier. Pattern Recognit. Lett. 34(9), 980–986 (2013)

    Google Scholar 

  47. Hu, Y.C.: Pattern classification by multi-layer perceptron using fuzzy integral-based activation function. Appl. Soft Comput. 10(3), 813–819 (2010)

    MathSciNet  Google Scholar 

  48. Chu, J.; Lee, T.H.; Ullah, A.: Component-Wise AdaBoost Algorithms for High-Dimensional Binary Classification Class Probability Prediction. Handbook of Statistics, Elsevier (2018). https://doi.org/10.1016/bs.host.2018.10.003

  49. Trabelsi, A.; Elouedi, Z.; Lefevre, E.: Decision tree classifiers for evidential attribute values class labels. Fuzzy Sets Syst. (2018). https://doi.org/10.1016/j.fss.2018.11.006

    Article  MATH  Google Scholar 

  50. http://www.unb.ca/cic/datasets/nsl.html

  51. Guo, C.; Ping, Y.; Liu, N.; Luo, S.S.: A two-level hybrid approach for intrusion detection. Neurocomputing 214, 391–400 (2016)

    Google Scholar 

  52. Eesa, A.S.; Orman, Z.; Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42(5), 2670–2679 (2015)

    Google Scholar 

  53. Raman, M.G.; Somu, N.; Kirthivasan, K.; Liscano, R.; Sriram, V.S.: An efficient intrusion detection system based on hypergraph: genetic algorithm for parameter optimization feature selection in support vector machine. Knowl. Based Syst. 134, 1–12 (2017)

    Google Scholar 

  54. Kuang, F.; Xu, W.; Zhang, S.: A novel hybrid KPCA SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)

    Google Scholar 

  55. Singh, R.; Kumar, H.; Singla, R.K.: An intrusion detection system using network traffic profiling online sequential extreme learning machine. Expert Syst. Appl. 42(22), 8609–8624 (2015)

    Google Scholar 

  56. de la Hoz, E.; Ortiz, A.; Ortega, J.; de la Hoz, E.: Network anomaly classification by support vector classifiers ensemble non-linear projection techniques. In: International Conference on Hybrid Artificial Intelligence Systems, pp. 103–111. Springer, Berlin (2013)

  57. Kayacik, H.G.; Zincir-Heywood, A.N.; Heywood, M.I.: A hierarchical SOM-based intrusion detection system. Eng. Appl. Artif. Intell. 20(4), 439–451 (2007)

    Google Scholar 

  58. Raman, M.G.; Somu, N.; Kirthivasan, K.; Sriram, V.S.: A hypergraph arithmetic residue-based probabilistic neural network for classification in intrusion detection systems. Neural Netw. 92, 89–97 (2017)

    Google Scholar 

  59. Bamakan, S.M.H.; Wang, H.; Yingjie, T.; Shi, Y.: An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199, 90–102 (2016)

    Google Scholar 

  60. Aminanto, M.E.; Kim, H.; Kim, K.M.; Kim, K.: Another fuzzy anomaly detection system based on ant clustering algorithm. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 100(1), 176–183 (2017)

    Google Scholar 

  61. Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)

    Google Scholar 

  62. Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)

    Google Scholar 

  63. Hamamoto, A.H.; Carvalho, L.F.; Sampaio, L.D.H.; Abrão, T.; Proença Jr., M.L.: Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst. Appl. 92, 390–402 (2018)

    Google Scholar 

  64. Sharma, R.; Chaurasia, S.: An enhanced approach to fuzzy C-means clustering for anomaly detection. In: Proceedings of First International Conference on Smart System, Innovations and Computing, pp. 623–636. Springer, Singapore (2018)

  65. Borah, S.; Panigrahi, R.; Chakraborty, A.: An enhanced intrusion detection system based on clustering. In: Saeed, K., Chaki, N., Pati, B., Bakshi, S., Mohapatra, D. (eds.) Progress in Advanced Computing and Intelligent Engineering. Advances in Intelligent Systems and Computing, vol. 564. Springer, Singapore (2018)

    Google Scholar 

  66. Achbarou, O.; El Kiram, M.A.; Bourkoukou, O.; Elbouanani, S.: A new distributed intrusion detection system based on multi-agent system for cloud environment. Int. J. Commun. Netw. Inf. Secur. 10(3), 526 (2018)

    Google Scholar 

  67. Verma, P.; Anwar, S.; Khan, S.; Mane, S.B.: Network intrusion detection using clustering and gradient boosting. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7. IEEE (2018)

  68. Ghosh, P.; Karmakar, A.; Sharma, J.; Phadikar, S.: CS-PSO based intrusion detection system in cloud environment. In: Emerging Technologies in Data Mining and Information Security, pp. 261–269. Springer, Singapore (2019)

  69. Mohammadi, S.; Amiri, F.: An efficient hybrid self-learning intrusion detection system based on neural networks. Int. J. Comput. Intell. Appl. 18(01), 1950001 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Atal Bihari Vajpayee - Indian Institute of Information Technology and Management, Gwalior, India

    Priyanka Verma, Shashikala Tapaswi & W. Wilfred Godfrey

Authors
  1. Priyanka Verma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shashikala Tapaswi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. W. Wilfred Godfrey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Priyanka Verma.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Verma, P., Tapaswi, S. & Godfrey, W.W. An Adaptive Threshold-Based Attribute Selection to Classify Requests Under DDoS Attack in Cloud-Based Systems. Arab J Sci Eng 45, 2813–2834 (2020). https://doi.org/10.1007/s13369-019-04178-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-019-04178-x

Keywords

Search

Navigation