Two-Phase Deep Learning-Based EDoS Detection System

Chien-Nguyen Nhu,Minho Park

doi:10.3390/app112110249

Abstract

Cloud computing is currently considered the most cost-effective platform for offering business and consumer IT services over the Internet. However, it is prone to new vulnerabilities. A new type of attack called an economic denial of sustainability (EDoS) attack exploits the pay-per-use model to scale up the resource usage over time to the extent that the cloud user has to pay for the unexpected usage charge. To prevent EDoS attacks, a few solutions have been proposed, including hard-threshold and machine learning-based solutions. Among them, long short-term memory (LSTM)-based solutions achieve much higher accuracy and false-alarm rates than hard-threshold and other machine learning-based solutions. However, LSTM requires a long sequence length of the input data, leading to a degraded performance owing to increases in the calculations, the detection time, and consuming a large number of computing resources of the defense system. We, therefore, propose a two-phase deep learning-based EDoS detection scheme that uses an LSTM model to detect each abnormal flow in network traffic; however, the LSTM model requires only a short sequence length of five of the input data. Thus, the proposed scheme can take advantage of the efficiency of the LSTM algorithm in detecting each abnormal flow in network traffic, while reducing the required sequence length of the input data. A comprehensive performance evaluation shows that our proposed scheme outperforms the existing solutions in terms of accuracy and resource consumption.

Highlights

From an analysis of the long short-term memory (LSTM) algorithm and recommendations on the defense inspired by two recently conducted in-depth studies on economic denial of sustainability (EDoS) characteristics ([18,19]), we propose a two-phase deep learning-based EDoS detection mechanism to take advantage of the LSTM and eliminate the limitations of the model complexity
The results show that our model can accurately detect when an EDoS attack occurs, which will help the flow detector quickly detect abnormal flows
Based on the comprehensive results given above, we summarize some of the outstanding points demonstrating the effectiveness of the two-phase deep learning-based EDoS

Summary

Introduction

Cloud computing is increasingly attracting big, medium, and small businesses by offering on-demand inexpensive and scalable resources for achieving the system requirements. An economic denial of sustainability (EDoS) attack is currently becoming one of the most challenging cloud security issues [1]. As mention in [19], an EDoS is a type of low-rate DDoS attack. DDoS attack, an EDoS attack is sophisticated and arduous to detect because of its low-rate traffic and stealthy behavior. EDoS and high-rate DDoS attacks are different in terms of their purpose. In high-rate DDoS attacks, the attacker’s goal is to disrupt the services offered by a cloud service provider. High-rate DDoS attackers irrationally launch attacks over a short amount of time with maximum resources. Because EDoS attack traffic looks similar to benign traffic, its detection is a challenging task

Methods

Findings

Discussion

Conclusion