Detecting TCP SYN Flood Attack in the Cloud

In this paper, an approach to protecting virtual machines (VMs) against TCP SYN flood attack in a cloud environment is proposed. An open source cloud platform Eucalyptus is deployed and experimentation is carried out on this setup. We investigate attacks emanating from one VM to another in a multi-tenancy cloud environment. Various scenarios of the attack are executed on a webserver VM. To detect such attacks from a cloud provider’s perspective, a security mechanism involving a packet sniffer, feature extraction process, a classifier and an alerting component is proposed and implemented. We experiment with k-nearest neighbor and artificial neural network for classification of the attack. The dataset obtained from the attacks on the webserver VM is passed through the classifiers. The artificial neural network produced a F1 score of 1 with the test cases implying a 100% detection accuracy of the malicious attack traffic from legitimate traffic. The proposed security mechanism shows promising results in detecting TCP SYN flood attack behaviors in the cloud.

[1]  Ajith Abraham,et al.  A Profile Based Network Intrusion Detection and Prevention System for Securing Cloud Environment , 2013, Int. J. Distributed Sens. Networks.

[2]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[3]  Keith Phalp,et al.  Exploring discrepancies in findings obtained with the KDD Cup '99 data set , 2011, Intell. Data Anal..

[4]  Meenakshi Bansal,et al.  Improvement of Intrusion Detection System in Data Mining using Neural Network , 2013 .

[5]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[6]  Salavi Rashmi,et al.  Textural Feature Based Image Classification Using Artificial Neural Network , 2011 .

[7]  Sunil Pranit Lal,et al.  Gene Reduction for Cancer Classification Using Cascaded Neural Network with Gene Masking , 2014, Canadian Conference on AI.

[8]  Krishan Kumar,et al.  A traffic cluster entropy based approach to distinguish DDoS attacks from flash event using DETER testbed , 2014 .

[9]  Ryan Shea,et al.  Performance of Virtual Machines Under Networked Denial of Service Attacks: Experiments and Analysis , 2013, IEEE Systems Journal.

[10]  Ping Wang,et al.  Impact of virtual machine granularity on cloud computing workloads performance , 2010, 2010 11th IEEE/ACM International Conference on Grid Computing.

[11]  K. Usha Rani,et al.  Class : Class 0 : Normal Person . Class 1 : first stroke Class 2 : second stroke Class 3 : end of life Attribute Description , 2011 .