An Efficient DDoS TCP Flood Attack Detection and Prevention System in a Cloud Environment

Although the number of cloud projects has dramatically increased over the last few years, ensuring the availability and security of project data, services, and resources is still a crucial and challenging research issue. Distributed denial of service (DDoS) attacks are the second most prevalent cybercrime attacks after information theft. DDoS TCP flood attacks can exhaust the cloud’s resources, consume most of its bandwidth, and damage an entire cloud project within a short period of time. The timely detection and prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. In this paper, we present a new classifier system for detecting and preventing DDoS TCP flood attacks (CS_DDoS) in public clouds. The proposed CS_DDoS system offers a solution to securing stored records by classifying the incoming packets and making a decision based on the classification results. During the detection phase, the CS_DDOS identifies and determines whether a packet is normal or originates from an attacker. During the prevention phase, packets, which are classified as malicious, will be denied to access the cloud service and the source IP will be blacklisted. The performance of the CS_DDoS system is compared using the different classifiers of the least squares support vector machine (LS-SVM), naïve Bayes, K-nearest, and multilayer perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classifier is adopted. It can detect DDoS TCP flood attacks with about 97% accuracy and with a Kappa coefficient of 0.89 when under attack from a single source, and 94% accuracy with a Kappa coefficient of 0.9 when under attack from multiple attackers. Finally, the results are discussed in terms of accuracy and time complexity, and validated using a K-fold cross-validation model.

[1]  Sanjeev Khanna,et al.  Adaptive Selective Verification: An Efficient Adaptive Countermeasure to Thwart DoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[2]  Pat Langley,et al.  Estimating Continuous Distributions in Bayesian Classifiers , 1995, UAI.

[3]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[4]  Taieb Znati,et al.  Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach , 2010, IEEE Transactions on Parallel and Distributed Systems.

[5]  Jinjun Chen,et al.  A confidence-based filtering method for DDoS attack defense in cloud environment , 2013, Future Gener. Comput. Syst..

[6]  R. Lippmann,et al.  An introduction to computing with neural nets , 1987, IEEE ASSP Magazine.

[7]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[8]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[9]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Collateral damage to non-targets , 2016, Comput. Networks.

[10]  Ehab Al-Shaer,et al.  Agile Virtual Infrastructure for Cyber Deception Against Stealthy DDoS Attacks , 2016, Cyber Deception.

[11]  Mehdi MORADI,et al.  A Neural Network Based System for Intrusion Detection and Classification of Attacks , 2004 .

[12]  Jeffrey M. Voas,et al.  What's in a Name? Distinguishing between SaaS and SOA , 2008, IT Professional.

[13]  Issa M. Khalil,et al.  Cloud Computing Security: A Survey , 2014, Comput..

[14]  Sanjeev Kumar,et al.  Denial of Service Due to Direct and Indirect ARP Storm Attacks in LAN Environment , 2010, J. Information Security.

[15]  H. Jonathan Chao,et al.  ALPi: A DDoS Defense System for High-Speed Networks , 2006, IEEE Journal on Selected Areas in Communications.

[16]  Ping Wang,et al.  An improved ant colony system algorithm for solving the IP traceback problem , 2016, Inf. Sci..

[17]  Antoine Geissbühler,et al.  Comparative Performance Analysis of State-of-the-Art Classification Algorithms Applied to Lung Tissue Categorization , 2010, Journal of Digital Imaging.

[18]  Moses Garuba,et al.  The Design, Data Flow Architecture, and Methodologies for a Newly Researched Comprehensive Hybrid Model for the Detection of DDoS Attacks on Cloud Computing Environment , 2016 .

[19]  Richard O. Duda,et al.  Pattern classification and scene analysis , 1974, A Wiley-Interscience publication.

[20]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[21]  Richard P. Lippmann,et al.  An introduction to computing with neural nets , 1987 .

[22]  Art Noda,et al.  Kappa coefficients in medical research , 2002, Statistics in medicine.

[23]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[24]  Mohammad Shukri Salman,et al.  Back-propagation algorithm with variable adaptive momentum , 2016, Knowl. Based Syst..

[25]  Rui Guo,et al.  Research on the Active DDoS Filtering Algorithm Based on IP Flow , 2009, 2009 Fifth International Conference on Natural Computation.

[26]  Brian W. Cashell The Economic Impact of Cyber-Attacks , 2004 .

[27]  David M. Allen,et al.  The Relationship Between Variable Selection and Data Agumentation and a Method for Prediction , 1974 .

[28]  Johan A. K. Suykens,et al.  Least Squares Support Vector Machine Classifiers , 1999, Neural Processing Letters.

[29]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[30]  Yao Zheng,et al.  DDoS attack protection in the era of cloud computing and Software-Defined Networking , 2015, Comput. Networks.

[31]  Raouf Boutaba,et al.  Performance Modeling and Analysis of Network Firewalls , 2012, IEEE Transactions on Network and Service Management.

[32]  Yan Li,et al.  Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan , 2016, Comput. Biol. Medicine.

[33]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[34]  David Lai,et al.  Preventing man-in-the-middle attack in Diffie-Hellman key exchange protocol , 2015, 2015 22nd International Conference on Telecommunications (ICT).

[35]  Fabio Del Frate,et al.  Neural Networks and Support Vector Machine Algorithms for Automatic Cloud Classification of Whole-Sky Ground-Based Images , 2015, IEEE Geoscience and Remote Sensing Letters.

[36]  Seymour Geisser,et al.  The Predictive Sample Reuse Method with Applications , 1975 .

[37]  Daihee Park,et al.  Traffic flooding attack detection with SNMP MIB using SVM , 2008, Comput. Commun..

[38]  Michael K. Reiter,et al.  Using Web-Referral Architectures to Mitigate Denial-of-Service Threats , 2010, IEEE Transactions on Dependable and Secure Computing.

[39]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[40]  Antonio Nucci,et al.  Robust and efficient detection of DDoS attacks for large-scale internet , 2007, Comput. Networks.

[41]  B. Aazhang,et al.  An algorithm for training multilayer perceptrons for data classification and function interpolation , 1994 .

[42]  Rasool Jalili,et al.  Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks , 2005, ISPEC.

[43]  Yan Li,et al.  Parallel encryption mode for probabilistic scheme to secure data in the cloud , 2015 .

[44]  M. Stone Cross‐Validatory Choice and Assessment of Statistical Predictions , 1976 .

[45]  Ying Ma,et al.  A hybrid method based on extreme learning machine and k-nearest neighbor for cloud classification of ground-based visible cloud image , 2015, Neurocomputing.

[46]  Myung-Sup Kim,et al.  Traffic Flooding Attack Detection on SNMP MIB Using SVM , 2008 .

[47]  U. Rajendra Acharya,et al.  Automated characterization and classification of coronary artery disease and myocardial infarction by decomposition of ECG signals: A comparative study , 2017, Inf. Sci..

[48]  Geoffrey J. McLachlan,et al.  Analyzing Microarray Gene Expression Data , 2004 .

[49]  Wei Wei,et al.  A Rank Correlation Based Detection against Distributed Reflection DoS Attacks , 2013, IEEE Communications Letters.