Professional Documents
Culture Documents
Cloud computing is a model where the data center resources are distributed through
virtualization technology, that provide elasticity, on request network access and instant services
to its users and charges according to usage.Cloud models is a specific type of Cloud
environment, distinguished by its size, ownership and access method. Private cloud is solely for
an organization. General people can access the public cloud. Community cloud is used by an
organizations having similar kind of requirements that can share the cloud resources. Hybrid
cloud is the grouping of public cloud, private cloud and community cloud [1]. Infrastructure as a
Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS) are the delivery
model of cloud computing. Without installing software or application on our system SaaS
provide ability to use it. Virtualization technology is use to provide infrastructure is possible
through IaaS. Computing platform is delivered by PaaS. PaaS provide the facility of deployment
of apps without the cost of buying and managing [14].
Some fundamental cloud security issues is security related to data storage, security related to
third-party resources, data transmission security and application security [2]. In the environment
of cloud computing, data is located at different places so data security becomes particularly
serious [13].
2.1 Data storage security: Data storage security depends on the type of cloud deployment
model or access scope. The cloud computing is unable to manage the stored data in the Data
Centers. Data stored in data center is controlled by the cloud service provider, they can do any
malicious work such as destroy, replica, modify, etc. Cloud computing gives assurance to a
1
certain degree of control over the VMs. Eventually, this lack of control over the data results as
security issues.
2.2 Data transmission security: Data transmission security depends on the cloud delivery
model or services. In cloud computing environment, data transmit from source to destination
through several number of third-party infrastructure resources.
2.3 Application security: Cloud based services are available through the internet to the users
for fulfill their requirements. Consequently, cloud application automatically inherits the
vulnerability from traditional web application model. Through enterprise-distributed cloud
applications, the users can access their information. The availability and security of these
applications are extremely depends on the quality and behavior of cloud services, therefore, this
process should address the availability and integrity of data and software. One solution is to
encrypt the out sourced data confidentiality and provide the security. Furthermore, the securities
related to these services rely upon Application programming interface (APIs). Such software
interfaces or APIs provide security and availability of the cloud offerings.
2
Taxonomy of attack in cloud
This Trojan virus which is a small application enables the attackers to get remote access of the
user systems without their knowledge for control and commands capabilities in an attempt to
attack the intended target servers. These are called Bots or Zombies. These infected bots or
systems in turn further infect and compromise others then working as a group acts as Botnets
3
[11]. These zombie hosts or slaves are recruited unwittingly from the millions of vulnerable
computers that accessing the Internet through high bandwidth connections. With enough
participation of zombie hosts in the attack, the volume and the effects of DDoS attack can be
astonishing. Thus, the higher the impact of DDoS attacks, the higher the chances of targeted
server being unavailable and the higher the resources being wasted.
After cloud inception in 2007, enterprises took few years to start adopting the cloud
infrastructure, and now many organizations are partly or entirely transformed their IT
infrastructure into cloud. In case of cloud computing system, DDOS attack consider to be much
more serious, more difficult and even more complicated because cloud computing uses
virtualization, distributed server, the use of sharing resources and multi tenancy are some of the
reasons that make DDoS attacks to be highly destructive in the environment of cloud computing
[11]. Cloud computing system has new vulnerabilities since it consists of new protocols,
components, and concepts that allow the attackers to take advantage of this kind of
vulnerabilities to perform new DDoS attacks. Moreover, the key difference between DDoS
attacks using the conventional networks and DDoS attacks that use the environment of federated
cloud computing. We can see clearly in Figure 3 that all zombie hosts participated in the attack
of DDoS might be a cloud. For instance, the victim and the botnet themselves might be a cloud,
or the Command and Control servers (C&C servers) also might be a cloud. Thus, even the
attacker might be a cloud due to their high CPU efficiency. In this case, the attackers will have
the ability to have more accessible resources to preceding their attacks [3]. Thus, by using clouds
the attackers will make DDoS attacks’ prevention, handling, and detection more difficult and
more complicated. Generally, when the target of the DDoS attacker is a cloud, flooding the
gateway of the Internet of the cloud infrastructure is the first aim of the attacker. Though, if the
attackers failed to saturate it, then they will try to flood the servers of the cloud [14]. DDoS
attack will cause extremely large effect on availability in Cloud computing services which can
lead to violation of the agreement between the client and the cloud service provider which is
called Service Level Agreement (SLA). Now using the innovative “DDoS as a Service” tools is
making it easier for attackers to launch these effective and developed attacks.
4
Figure 5: DDOS attack using cloud computing
DDoS attacks
Smurf Fraggle
5
DDoS Attack Prevention: It is a proactive measure in cloud, where suspected hackers requests
are refine or rejected before these requests initiate to affect the servers. ‘Presence of attack’ state
is unavailable to the prevention method but available to the mitigation and detection technique.
DDoS Attack Detection: This method is applied in circumstances when attack signs are present
on the server. These attack signs explain such attack that has just initiated to take the form, or
there may be a condition, somewhere the attack has already degrade the performance.
DDoS Attack Mitigation: in the presence of an attack, this technique would allow victim server
to continue serve requests in attack state[5].
5. Related Work
P. Shamsolmoali et al. (2014) suggested in his research that cloud confidence DDoS filtering
method having 2 stages. Pre-processing stage takes network traffic as a input and provide output
in form of classified data. In detection stage system extract TTL value field from each incoming
packet TTL value is compare with IP2HC. If no matches are found then discard the packet. And
the remaining packets are forwarded to next level that is anomaly detection. It distinguishes the
legal and attack traffic by comparing with already learned traffic [4].
Salman Iqbal et al. (2016) determine the potential attacks on the cloud computing environment
and their possible impact on cloud services. An attack surface includes all the points in the
software environment through which an adversary or unauthorized users can try to gain access to
a system and cause damage to the environment. In cloud multitenant environment, resource
sharing is one of the most crtical issues creating new attack vectors. DDoS is most prominent
security attack in cloud computing which can impact on the availability of resourcs since it has
muti-tenant behavior of SaaS. DDoS aatacks are the malicious attempt to render the system or
network resources unavailable to users. Cloud computing infrastructures are shared by millions
of users, making it more difficult to resolve this sort of attacks due to its potiential to have much
greater impact compared to single tenanted architectures.
6
Yusof A. R. et al. (2017) proposed a method that integrate two feature selection method CSE
(Consistency-based-Subset-Evaluation) and DCF (DDoS characteristic based features) to pick
relevant features from entire data-set. On the full feature training dataset, they performed a
feature selection method, with a total of 41 features, before applying DDoS characteristic based
features (DCF) and Consistency based Subset-Evaluation (CSE) parallel. The o/p of these 2
feature selection method is combine using the simple majority vote method in order to select the
most appropriate features based on a selected threshold. If selected feature is beyond the
threshold, feature is dropped otherwise select the feature [16].
Gaurav Somani et al. (2017) provided a comprehensive and detailed survey about the DDoS
attack and defense mechanisms eventually available in the cloud computing environment.
Bin Jia et al. (2017) proposed a DDoS attack detection method based on hybrid heterogeneous
multiclassifier ensemble learning and design a heuristic detection algorithm based on Singular
Value Decomposition (SVD) to construct our detection system. Experimentally results show that
our detection method is excellent in TNR, accuracy and precision. Therefore, our algoritm has
good detective performance for DDoS attack. Through the comparisions with Random Forest, k-
Nearest Neighbor(k-NN) and Baaggging comprising the component classifiers when the three
algorithms are used alone by SVD and by un-SVD, it is shown that our model is superior to the
state-of-the-art attack detection techniques in system generalization ability, detection stability
and overall detection performance.
C. Wang et al. (2019) proposed a 2 level filter-selection method that is based on the MRMR and
IG. The mRMR algorithm is used to filter out the redundant features as well as remain the
maximum relevant features. Mutual information is used by MAMR filter selection method.
Mutual information is used to articulate the relationship and co-relation between features. Two
level filter selection method having four stages. Preparation stage define the raw dataset,
execution is used to select features using mRMR, result of last stage is further selected in
selection stage for rejecting irrelevant features and in the last stage integrate all the relevant
features from both the level [15]. Selecting relevant features from a dataset is not depending on
the classifier.
Omar E. Elejla et al. (2019) evaluates classification algorithms or detecting the dangerous and
popular IPv6 attacks which are ICMPv6-based DDoS attacks. A comparision between five
A comparison between five classification algorithms namely Decision Tree (DT), Support
Vector Machine (SVM), Naïve Bayes (NB), K-Nearest Neighbors (KNN) and Neural Networks
(NN) were conducted. The comparison was conducted using a publicly available flow-based
dataset. The experimental results showed that classifiers have detected most of the included
attacks with a range from 73%-85% for the true positive rate. Moreover, KNN classification
algorithm has been the fastest algorithm (0.12 seconds) with the best detection accuracy (85.7%)
and less false alarms (0.171). However, SVM achieved the lowest detection accuracy (73%)
while NN was the slowest algorithm in training the detection model (323 seconds).
7
6. Analysis of existing detection techniques
8
router itself and has less
computation overhead.)
7. Research Questions
8. Objectives
The proposed research work will have following objectives
1. Designing a framework for detecting DDoS attack system based on the machine learning
model using feature selection method.
2. To generate the confusion matrix.
3. To compute parameters accuracy, precision, error rate and F1 Measure.
4. Compare, analyze and validate the proposed detection techniques and algorithms found in
the literature.
9
9. Proposed model
Feature Adjustment
Feature Elimination Label encoding for ordinal features/
Domain knowledge, One- hot encoding and removal of
duplication, muticollinearity dummy variables for categorical
features
Machine Learning
KNN, NB, SVM, RF, ANN
Optimization Evaluation
Number of Neighbors, Validation Accuracy, false positives,
kernel trick, decision K-fold cross validation error ROC to avoid
trees, ANN layers accuracy paradox
10
Figure 7: Proposed model for DDoS attack detection
9. Conclusion
Since the system is under the continuous attack, the existing security measures can be improved
with the machine learning technique for computerized security system, so that very little human
intervention is required for detecting, preventing and monitoring the attack. Feature selection
filter method used to pre-processing features datasets before attack classification in cloud. A
good feature filter selection method can increase the speed and simplify the model. Performance
of ML algorithm is depends on the good feature selection method.
10. References
1. Md. Tanzim Khorshed, A.B.M. Shawkat Ali, Saleh A. Wasimi, “A survey on gaps, threat
remediation challenges and some thoughts for proactive attack detection in cloud
computing,” Future Generation Computer Systems, Volume 28, Issue 6, 2012, Pages
833-851.
2. Subashini, Shashikala & Kavitha, V. (2011). A Survey on Security Issues in Service
Delivery Models of Cloud Computing. The Journal of Network and Computer
Applications, Elsevier. 35. 1-11.
3. Chaudhary, D., Bhushan, K., & Gupta, B. B. (2018). Survey on DDoS attacks and
defense mechanisms in cloud and fog computing. International Journal of E-Services and
Mobile Applications (IJESMA), 10(3), 61-83.
4. Shamsolmoali, P., Alam, M. A., & Biswas, R. (2014). C₂DF: High Rate DDOS filtering
method in Cloud Computing. Computer Network and Information Security no. August,
43-50.
5. Gaurav Somani, Manoj Singh Gaur, Dheeraj Sanghi, Mauro Conti, Rajkumar Buyya,
DDoS attacks in cloud computing: Issues, taxonomy, and future directions, Computer
Communications, Volume 107, 2017, Pages 30-48, ISSN0140-3664.
6. Yu, J., Kang, H., Park, D., Bang, H. C., & Kang, D. W. (2013). An in-depth analysis on
traffic flooding attacks detection and system using data mining techniques. Journal of
Systems Architecture, 59(10), 1005-1012.
7. Osanaiye, O., Cai, H., Choo, K. K. R., Dehghantanha, A., Xu, Z., & Dlodlo, M. (2016).
Ensemble-based multi-filter feature selection method for DDoS detection in cloud
computing. EURASIP Journal on Wireless Communications and Networking, 2016(1),
130.
8. Rastegari, S., Hingston, P., & Lam, C. P. (2015). Evolving statistical rule sets for network
intrusion detection. Applied soft computing, 33, 348-359.
11
9. Elejla, O. E., Belaton, B., Anbar, M., Alabsi, B., & Al-Ani, A. K. (2019). Comparison of
Classification Algorithms on ICMPv6-Based DDoS Attacks Detection. In Computational
Science and Technology (pp. 347-357). Springer, Singapore.
10. P. Shamsolmoali and M. Zareapoor, "Statistical-based filtering system against DDOS
attacks in cloud computing," 2014 International Conference on Advances in Computing,
Communications and Informatics (ICACCI), New Delhi, 2014, pp. 1234-1239.
11. Kilari, N., & Sridaran, R. (2015). An Overview of DDoS Attacks in Cloud
Environment. International Journal of Advanced Networking & Applications.
12. Srinivasan, K., Mubarakali, A., Alqahtani, A. S., & Kumar, A. D. (2019, February). A
Survey on the Impact of DDoS Attacks in Cloud Computing: Prevention, Detection and
Mitigation Techniques. In Intelligent Communication Technologies and Virtual Mobile
Networks (pp. 252-270). Springer, Cham.
13. Sun Y, Zhang J, Xiong Y, Zhu G. Data security and privacy in cloud computing.
International Journal of Distributed Sensor Networks. 2014 Jul 16;10(7):190903.
14. Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack & its effect in
cloud environment. Procedia Computer Science, 49, 202-210.
15. Wang, C., Ye, X., He, X., Tian, Y., & Gong, L. (2019, April). Two-Level Feature
Selection Method for Low Detection Rate Attacks in Intrusion Detection. In International
Conference on Security and Privacy in New Computing Environments (pp. 689-696).
Springer, Cham.
16. Yusof, A. R., Udzir, N. I., Selamat, A., Hamdan, H., & Abdullah, M. T. (2017). Adaptive
feature selection for denial of services (DoS) attack. 2017 IEEE Conference on
Application, Information and Network Security (AINS).doi:10.1109/ains.2017.8270429
17. C. Chung, P. Khatkar,T. Xing, J. Lee and D. Huang, “NICE: Network Intrusion Detection
and Countermeasure Selection in Virtual Network Systems”, IEEE Transactions on
Dependable and Secure Computing, vol.10, no.4, pp.198 - 211, 2013.
18. Elejla, O. E., Belaton, B., Anbar, M., Alabsi, B., & Al-Ani, A. K. (2019). Comparison of
Classification Algorithms on ICMPv6-Based DDoS Attacks Detection. In Computational
Science and Technology (pp. 347-357). Springer, Singapore.
19. Parneet Kaur, Manish Kumar & Abhinav Bhandari, “ A review of detection approaches
for distributed denial of service attacks,” Systems Science & Control
Engineering, 5:1, 301-320
20. Chirag Modi, Dhiren Patel, Bhavesh Borisaniya, Hiren Patel, Avi Patel, Muttukrishnan
Rajarajan, “A survey of intrusion detection techniques in Cloud,” Journal of Network and
Computer Applications, Volume 36, Issue 1, Pages 42-57, 2013.
21. A.S.Navaz, V.Sangeetha, C.Prabhadevi, “Entropy based Anomaly Detection System to
Prevent DDoS Attacks in Cloud”, International Journal of Computer Applications,
vol.62, no.14, 2013.
12