Abstract
Cloud-based services are increasing day by day for various purposes due to its perpetuity and diverse dexterity. However, offensive network traffic such as distributed denial of service (DDoS) plays a significant role in threatening the cloud-based services. Therefore, defense for such attacks is required to save the cloud resources. Most of the attribute selection approaches for request classification are based on static threshold statistics. These statistics are the default values used to reduce the dimensionality of data. However, these default statistics do not work well with varying network conditions and for different intensities of DDoS attack. Therefore, an adaptive statistic is required to deal with different network and incoming traffic conditions. This paper also gives an comprehensive analysis of TCP, UDP and ICMP protocol-based DDoS attack and its effects on the cloud network. Based on the analysis and above issues, this paper presents an adaptive hybrid approach for attribute selection and classification of incoming traffic. The proposed approach consists of three subsystems such as (1) preprocessing subsystem, (2) adaptive attribute selection subsystem and (3) detection and prevention subsystem. The work utilizes NSL-KDD dataset which helps in the evaluation of the proposed approach. It is concluded that the combination of Mean Absolute Deviation technique with Random Forest classifier (MAD-RF) outperforms the other combinations. Therefore, MAD-RF is selected for further analysis. MAD-RF is also capable of dealing with TCP, UDP and ICMP protocol-based DDoS attack. The result shows that MAD-RF outperforms dimensionality reduction, traditional attribute selection methods and state-of-the-art approaches.
Similar content being viewed by others
References
Zissis, D.; Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)
Riad, K.; Hamza, R.; Yan, H.: Sensitive and energetic IoT access control for managing cloud electronic health records. IEEE Access 7, 86384–86393 (2019)
Aldossary, S.; Allen, W.: Data security, privacy, availability and integrity in cloud computing: issues and current solutions. Int. J. Adv. Comput. Sci. Appl. 7(4), 485–498 (2016)
Deshmukh, R.V.; Devadkar, K.K.: Understanding DDoS attack and its effect in cloud environment. Procedia Comput. Sci. 49, 202–210 (2015)
Hamza, R.; Yan, Z.; Muhammad, K.; Bellavista, P.; Titouna, F.: A privacy-preserving cryptosystem for IoT E-healthcare. Inf. Sci. (2019). https://doi.org/10.1016/j.ins.2019.01.070
Peng, T.; Leckie, C.; Ramamohana Rao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. (CSUR) 39(1), 3 (2007)
Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M.; Rajarajan, M.; Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4, 22–32 (2017). https://doi.org/10.1109/MCC.2017.14
Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M.; Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput. Commun. 107, 30–48 (2017)
Chaudhary, D.; Bhushan, K.; Gupta, B.B.: Survey on DDoS attacks and defense mechanisms in cloud and fog computing. Int. J. E-Serv. Mob. Appl. (IJESMA) 10(3), 61–83 (2018)
Gupta, B.B.; Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)
Koc, L.; Mazzuchi, T.A.; Sarkani, S.: A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier. Expert Syst. Appl. 39(18), 13492–13500 (2012)
Wang, W.; Gombault, S.: Efficient detection of DDoS attacks with important attributes. In: Third International Conference on Risks and Security of Internet and Systems, 2008. CRiSIS’08, pp. 61–67. IEEE (2008)
De la Hoz, E.; De La Hoz, E.; Ortiz, A.; Ortega, J.; Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015)
Yang, C.: Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput. (2018). https://doi.org/10.1007/s10586-018-1755-5
Hajimirzaei, B.; Navimipour, N.J.: Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. ICT Express. ISSN 2405–9595 (2018). https://doi.org/10.1016/j.icte.2018.01.014
Thaseen, I.S.; Kumar, C.A.: Intrusion detection model using fusion of chi-square feature selection and multi class SVM. J. King Saud Univ. Comput. Inf. Sci. 29(4), 462–472 (2017)
Mazini, M.; Shirazi, B.; Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. Comput. Inf. Sci 31(4), 541–553 (2019)
Sreeram, I.; Vuppala, V.P.K.: HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl. Comput. Inform. 15(1), 59–66 (2019)
Manavi, M.T.: Defense mechanisms against Distributed Denial of Service attacks: a survey. Comput. Electr. Eng. 72, 26–38 (2018)
Kaur, P.; Kumar, M.; Bhari, A.: A review of detection approaches for distributed Denial of service attacks. Syst. Sci. Control Eng. 5(1), 301–320 (2017)
Inayat, Z.; Gani, A.; Anuar, N.B.; Anwar, S.; Khan, M.K.: Cloud-based intrusion detection response system: open research issues, solutions. Arab. J. Sci. Eng. 42(2), 399–423 (2017)
Yusof, A.R.A.; Udzir, N.I.; Selamat, A.; Hamdan, H.; Abdullah, M.T.: Adaptive feature selection for Denial of services (DoS) attack. In: 2017 IEEE Conference on Application, Information Network Security (AINS), pp. 81–84 (2017)
Balkanli, E.; Zincir-Heywood, A.N.; Heywood, M.I.: Feature selection for robust backscatter DDoS detection. In: 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), pp. 611–618. IEEE (2015)
Zi, L.; Yearwood, J.; Wu, X.W.: Adaptive clustering with feature ranking for DDoS attacks detection. In: 2010 Fourth International Conference on Network System Security, pp. 281–286. IEEE (2010)
Osanaiye, O.; Cai, H.; Choo, K.K.R.; Dehghantanha, A.; Xu, Z.; Dlodlo, M.: Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016(1), 130 (2016)
Cao, J.; Yu, B.; Dong, F.; Zhu, X.; Xu, S.: Entropy-based Denial-of-service attack detection in cloud data center. Concurr. Comput. Pract. Exp. 27(18), 5623–5639 (2015)
Özçelik, İ.; Brooks, R.R.: Deceiving entropy based DoS detection. Comput. Secur. 48, 234–245 (2015)
Jian-Qi, Z.; Feng, F.; Ke-Xin, Y.; Yan-Heng, L.: Dynamic entropy based DoS attack detection method. Comput. Electr. Eng. 39(7), 2243–2251 (2013)
Jun, J.H.; Ahn, C.W.; Kim, S.H.: DDoS attack detection by using packet sampling flow features. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 711–712 (2014)
Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: An empirical evaluation of information metrics for low-rate high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)
Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: E-LDAT: a lightweight system for DDoS flooding attack detection IP traceback using extended entropy metric. Secur. Commun. Netw. 9(16), 3251–3270 (2016)
Lee, K.; Kim, J.; Kwon, K.H.; Han, Y.; Kim, S.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34(3), 1659–1665 (2008)
Özçelik, İ.; Brooks, R.R.: Cusum-entropy: an efficient method for DDoS attack detection. In: 2016 4th International Istanbul Smart Grid Congress Fair (ICSG), pp. 1–5. IEEE (2016)
Patrikakis, C.; Masikos, M.; Zouraraki, O.: Distributed Denial of service attacks. Internet Protoc. J. 7(4), 13–35 (2004)
Gil, T.M.; Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: USENIX Security Symposium, pp. 23–38 (2001)
Zunnurhain, K.; Vrbsky, S.V.; Hasan, R.: FAPA: flooding attack protection architecture in a cloud system. Int. J. Cloud Comput. 3(4), 379–401 (2014)
Mirkovic, J.; Reiher, P.: D-WARD: a source-end defense against flooding Denial-of-service attacks. IEEE Trans. Dependable Secure Comput. 2(3), 216–232 (2005)
Rahmani, H.; Sahli, N.; Kamoun, F.: DDoS flooding attack detection scheme based on F-divergence. Comput. Commun. 35(11), 1380–1391 (2012)
Han, J.; Pei, J.; Kamber, M.: Data Mining: Concepts Techniques. Elsevier, New York (2011)
Shannon, C.: A mathematical theory of communication. ACM SIGMOBILE Mob. Comput. Commun. Rev. 5, 3–55 (2001)
Sree, T.R.; Bhanu, S.M.S.: Detection of HTTP flooding attacks in cloud using dynamic entropy method. Arab. J. Sci. Eng. 43(12), 6995–7014 (2018)
Beloglazov, A.; Abawajy, J.; Buyya, R.: Energy-aware resource allocation heuristics for efficient management of data centers for cloud computing. Future Gener. Comput. Syst. 28(5), 755–768 (2012)
Senthilkumaran, N.; Vaithegi, S.: Image segmentation by using thresholding techniques for medical images. Comput. Sci. Eng. Int. J. 6(1), 1–13 (2016)
Zou, X.; Cao, J.; Guo, Q.; Wen, T.: A novel network security algorithm based on improved support vector machine from smart city perspective. Comput. Electr. Eng. 65, 67–78 (2018)
Joshi, A.; Monnier, C.; Betke, M.; Sclaroff, S.: Comparing rom forest approaches to segmenting classifying gestures. Image Vis. Comput. 58, 86–95 (2017)
Xu, Y.; Zhu, Q.; Fan, Z.; Qiu, M.; Chen, Y.; Liu, H.: Coarse to fine K nearest neighbor classifier. Pattern Recognit. Lett. 34(9), 980–986 (2013)
Hu, Y.C.: Pattern classification by multi-layer perceptron using fuzzy integral-based activation function. Appl. Soft Comput. 10(3), 813–819 (2010)
Chu, J.; Lee, T.H.; Ullah, A.: Component-Wise AdaBoost Algorithms for High-Dimensional Binary Classification Class Probability Prediction. Handbook of Statistics, Elsevier (2018). https://doi.org/10.1016/bs.host.2018.10.003
Trabelsi, A.; Elouedi, Z.; Lefevre, E.: Decision tree classifiers for evidential attribute values class labels. Fuzzy Sets Syst. (2018). https://doi.org/10.1016/j.fss.2018.11.006
Guo, C.; Ping, Y.; Liu, N.; Luo, S.S.: A two-level hybrid approach for intrusion detection. Neurocomputing 214, 391–400 (2016)
Eesa, A.S.; Orman, Z.; Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42(5), 2670–2679 (2015)
Raman, M.G.; Somu, N.; Kirthivasan, K.; Liscano, R.; Sriram, V.S.: An efficient intrusion detection system based on hypergraph: genetic algorithm for parameter optimization feature selection in support vector machine. Knowl. Based Syst. 134, 1–12 (2017)
Kuang, F.; Xu, W.; Zhang, S.: A novel hybrid KPCA SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)
Singh, R.; Kumar, H.; Singla, R.K.: An intrusion detection system using network traffic profiling online sequential extreme learning machine. Expert Syst. Appl. 42(22), 8609–8624 (2015)
de la Hoz, E.; Ortiz, A.; Ortega, J.; de la Hoz, E.: Network anomaly classification by support vector classifiers ensemble non-linear projection techniques. In: International Conference on Hybrid Artificial Intelligence Systems, pp. 103–111. Springer, Berlin (2013)
Kayacik, H.G.; Zincir-Heywood, A.N.; Heywood, M.I.: A hierarchical SOM-based intrusion detection system. Eng. Appl. Artif. Intell. 20(4), 439–451 (2007)
Raman, M.G.; Somu, N.; Kirthivasan, K.; Sriram, V.S.: A hypergraph arithmetic residue-based probabilistic neural network for classification in intrusion detection systems. Neural Netw. 92, 89–97 (2017)
Bamakan, S.M.H.; Wang, H.; Yingjie, T.; Shi, Y.: An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199, 90–102 (2016)
Aminanto, M.E.; Kim, H.; Kim, K.M.; Kim, K.: Another fuzzy anomaly detection system based on ant clustering algorithm. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 100(1), 176–183 (2017)
Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)
Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)
Hamamoto, A.H.; Carvalho, L.F.; Sampaio, L.D.H.; Abrão, T.; Proença Jr., M.L.: Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst. Appl. 92, 390–402 (2018)
Sharma, R.; Chaurasia, S.: An enhanced approach to fuzzy C-means clustering for anomaly detection. In: Proceedings of First International Conference on Smart System, Innovations and Computing, pp. 623–636. Springer, Singapore (2018)
Borah, S.; Panigrahi, R.; Chakraborty, A.: An enhanced intrusion detection system based on clustering. In: Saeed, K., Chaki, N., Pati, B., Bakshi, S., Mohapatra, D. (eds.) Progress in Advanced Computing and Intelligent Engineering. Advances in Intelligent Systems and Computing, vol. 564. Springer, Singapore (2018)
Achbarou, O.; El Kiram, M.A.; Bourkoukou, O.; Elbouanani, S.: A new distributed intrusion detection system based on multi-agent system for cloud environment. Int. J. Commun. Netw. Inf. Secur. 10(3), 526 (2018)
Verma, P.; Anwar, S.; Khan, S.; Mane, S.B.: Network intrusion detection using clustering and gradient boosting. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7. IEEE (2018)
Ghosh, P.; Karmakar, A.; Sharma, J.; Phadikar, S.: CS-PSO based intrusion detection system in cloud environment. In: Emerging Technologies in Data Mining and Information Security, pp. 261–269. Springer, Singapore (2019)
Mohammadi, S.; Amiri, F.: An efficient hybrid self-learning intrusion detection system based on neural networks. Int. J. Comput. Intell. Appl. 18(01), 1950001 (2019)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Verma, P., Tapaswi, S. & Godfrey, W.W. An Adaptive Threshold-Based Attribute Selection to Classify Requests Under DDoS Attack in Cloud-Based Systems. Arab J Sci Eng 45, 2813–2834 (2020). https://doi.org/10.1007/s13369-019-04178-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-019-04178-x