DDoS Attacks In Cloud Research Articles

Understanding and Mitigating Cloud Computing Security Attacks: A Case of DDoS

Although cloud computing is considered the most widespread technology. Despite of what it offers, the end users still suffers many challenges, especially related to its security issues such as vulnerability to malicious attacks such as Distributed Denial of Service attack (DDoS), that prevents accessing the internet. This paper is design to bring understanding and ways of mitigating DDoS attacks in cloud computing environment by leveraging from the pool of diverse solutions proffered that detect and prevent such attacks from harming network communication. Keywords: Cloudflare, Firewall, Gateway, Webserver and Zombies

LRDADF: An AI enabled framework for detecting low-rate DDoS attacks in cloud computing environments

DDoS attacks, also known as distributed denial-of-service attacks, pose a significant risk to networks in the cloud. The attackers aim to flood the target system with an overwhelming amount of data and requests until it becomes completely overloaded and unable to function properly. These attacks are becoming smarter and more dangerous all the time. A low-rate DDoS attack is one such strategy that makes detection difficult. At the same time, cloud infrastructure is rapidly evolving. Container-based technology makes it possible for cloud computing to use resources efficiently and scale services in a flexible way. Existing methods for detecting DDoS attacks in cloud computing are insufficient when adversaries use low-rate DDoS attacks. A method is required that can not only identify the attack but also prevent it to some extent. A Low-Rate DDoS Attack Detection Framework (LRDADF) was proposed for this purpose when adversaries use low-rate DDoS attacks. A comprehensive approach is required because low-rate DDoS attacks are difficult to detect. In addition to employing deep learning methods to detect such attacks, we proposed a mathematical model to realize a mitigation strategy. As a result, we proposed a new algorithm called the Hybrid Approach for Low-Rate DDoS Detection (HA-LRDD). The algorithm employs an AI-enabled method comprised of deep convolutional neural networks (CNN) and a deep auto encoder. We defined another algorithm called Dynamic Low-Rate DDoS Mitigation (DLDM), which mitigates the impact of an attack once it has been identified. It also ensures that the attack is defeated and that the infrastructure continues to operate. A comprehensive simulation study revealed that the proposed framework is capable of detecting and mitigating low-rate DDoS attacks to ensure an acceptable level of service in cloud computing environments.

Intrusion detection and prevention of DDoS attacks in cloud computing environment: a review on issues and current methods

Intrusion detection and prevention of DDoS attacks in cloud computing environment: a review on issues and current methods

Intrusion detection and prevention of DDoS attacks in cloud computing environment: a review on issues and current methods

Intrusion detection and prevention of DDoS attacks in cloud computing environment: a review on issues and current methods

A Feature Similarity Machine Learning Model for DDoS Attack Detection in Modern Network Environments for Industry 4.0

• A new traffic attribute-pattern similarity function SWATHI for similarity computation between network traffic attribute patterns and evolutionary feature clustering of traffic attribute patterns to carry feature transformation-based dimensionality reduction. • A Gaussian based network traffic similarity function for similarity computation between network traffic instances. • A machine learning model SWASTHIKA which considers network traffic data obtained after feature transformation for detection of low rate and high-rate network attacks. Recent advancements in artificial intelligence and machine learning technologies have laid the flagstone for the fourth industrial revolution, Industry 4.0. The industry 4.0 is at a very high momentum when compared to previous revolutions witnessed by humans in a way which was never anticipated. Cyber Physical Systems and Cloud computing are the basis for Industry 4.0. An ongoing research challenge in cloud computing is the immediate need to address security and data availability challenges coined in modern networking environments. For instance, DDoS attacks in cloud are continuously throwing new challenges to network community which makes detection of these attacks, an ongoing research challenge with respect to cloud security. At the outset, the research reported in this work has addressed three important contributions (i) A new gaussian based traffic attribute-pattern similarity function for evolutionary feature clustering to achieve feature transformation-based dimensionality reduction, (ii) A Gaussian based network traffic similarity function for similarity computation between network traffic instances and (iii) A machine learning model SWASTHIKA which uses feature transformation traffic for detection of low rate and high-rate network attacks. For experimental study, the most recent benchmark dataset namely IoT DoS and DDoS attack dataset available at IEEE Dataport is considered as this dataset has highly non-linear traffic instances which are like the real-world traffic. The performance evaluation of the proposed machine learning model SWASTHIKA is done by considering various classifier evaluation parameters such as accuracy, precision, detection rate, and F-Score. The experiment results proved that the attack detection rate of SWASTHIKA is significantly better compared to state of art machine learning classifiers.

Voting extreme learning machine based distributed denial of service attack detection in cloud computing

Distributed denial of service attack is one of the most dangerous attacks in cloud computing. This attack makes the cloud services inaccessible to the end-users by exhausting resources, resulting in heavy economic and reputation loss. So, developing defensive solutions against these attacks is necessary for the widespread adoption of cloud computing technology. This paper proposes a new system for detecting DDoS attacks in cloud computing environment. The proposed system is built using voting extreme learning machine (V-ELM), a type of artificial neural network. Experiments were performed to evaluate the performance of the proposed system by using two benchmark datasets viz. NSL-KDD dataset and ISCX intrusion detection dataset. It has been shown by experiments that the proposed system detects attacks with an accuracy of 99.18% with the NSL-KDD dataset and 92.11% with the ISCX dataset. Performance of the proposed system has been compared with other systems based on backpropagation artificial neural network, artificial neural network trained with black hole optimization, extreme learning machine, random forest and, adaboost. It performs better than these systems. Experiments have also been performed to analyze the performance of the proposed system under different parameter values viz. number of ELMs in V-ELM and number of hidden layer neurons in a single ELM.

Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud

Cloud computing has very attractive features like elastic, on demand and fully managed computer system resources and services. However, due to its distributed and dynamic nature as well as vulnerabilities in virtualization implementation, the cloud environment is prone to various cyber-attacks and security issues related to cloud model. Some of them are inability to access data coming to and from cloud service, theft and misuse of data hosted, no control over sensitive data access, advance threats like malware injection attack, wrapping attacks, virtual machine escape, distributed denial of service attack (DDoS) etc. DDoS is one of the notorious attack. Despite a number of available potential solutions for the detection of DDoS attacks, the increasing frequency and potency of recent attacks and the constantly evolving attack vectors, necessitate the development of improved detection approaches. This article proposes a novel architecture that combines a well posed stacked sparse AutoEncoder (AE) for feature learning with a Deep Neural Network (DNN) for classification of network traffic into benign traffic and DDoS attack traffic. AE and DNN are optimized for detection of DDoS attacks by tuning the parameters using appropriately designed techniques. The improvements suggested in this article lead to low reconstruction error, prevent exploding and vanishing gradients, and lead to smaller network which avoids overfitting. A comparative analysis of the proposed approach with ten state-of-the-art approaches using performance metrics-detection accuracy, precision, recall and F1-Score, has been conducted. Experiments have been performed on CICIDS2017 and NSL-KDD standard datasets for validation. Proposed approach outperforms existing approaches over the NSL-KDD dataset and yields competitive results over the CICIDS2017 dataset.

Special Issue on Recent Trends and Future of Fog and Edge Computing, Services and Enabling Technologies

Special Issue on Recent Trends and Future of Fog and Edge Computing, Services and Enabling Technologies

A trust‐based hypervisor framework for preventing DDoS attacks in cloud

SummaryDistributed Denial of Service (DDoS) attack is one of the major attacks that incur large financial loss in the cloud system. This motivated the research community to develop various detection techniques for controlling the effects of the DDoS attack. However, the existing techniques are not mature to satisfy the requirements of a cloud‐based attack detection system, as they manage the devious strategies that exploit the elastic and multi‐tenant properties of the cloud and ignore the resource constraints of the cloud system. This paper proposes a new solution that allows the hypervisor to establish trust‐based relationships towards the guest Virtual Machines (VMs). The Bayesian inference is applied to aggregate the objective and subjective trust sources. A trust‐based maximin game between DDoS attackers is designed. A hypervisor tries to maximize the attack minimization under a limited amount of resources. The game solution guides the hypervisor to determine the distribution of optimal detection load among VMs to improve the real‐time detection rate of DDoS attack. The Least Squares Support Vector Machine (LS‐SVM) classification is applied to classify the normal VMs and malicious VMs. The file is allocated to the VM based on the storage capacity of the VM. The experimental result shows that the proposed approach achieves high DDoS attack detection rate with minimum false positive and negative rate, when compared to the existing attack detection models.

Slow flooding attack detection in cloud using change point detection approach

Cloud computing is one of the high-demand services and prone to numerous types of attacks due to its Internet based backbone. Flooding based attack is one such type of attack over the cloud that exhausts the numerous resources and services of an individual or an enterprise by way of sending useless huge traffic. The nature of this traffic may be of slow or fast type. Flooding attacks are caused by way of sending massive volume of packets of TCP, UDP, ICMP traffic and HTTP Posts. The legitimate volume of traffic is suppressed and lost in traffic flooding traffics. Early detection of such attacks helps in minimization of the unauthorized utilization of resources on the target machine. Various inbuilt load balancing and scalability options to absorb flooding attacks are in use by cloud service providers up to ample extent still to maintain QoS at the same time by cloud service providers is a challenge. In this proposed technique. Change Point detection approach is proposed here to detect flooding DDOS attacks in cloud which are based on the continuous variant pattern of voluminous (flooding) traffic and is calculated by using various traffic data based metrics that are primary and computed in nature. Golden ration is used to compute the threshold and this threshold is further used along with the computed metric values of normal and malicious traffic for flooding attack detection. Traffic of websites is observed by using remote java script.

Profile and Back Off Based Distributed NIDS in Cloud

Cloud security is a major concern these days. Out of the various attacks over Cloud the one which is very specific and consistently launched is DDoS. Current state of art solutions for detection of DDoS attacks in Cloud consume a lot of computational resources in performing per packet attack signature detection. As and when Cloud scales this will result in more resources being utilized for providing DDoS attack detection in Cloud eventually decreasing the amount of resources from the effective pool that can be allocated to its clients. We have utilized the underlying fact that during DDoS, attack packets are sent at a very heavy rate and hence proposed a profiling and back off based detection strategy for detecting DDoS attacks in Cloud. The solution provides lowest resource requirements at the same detection speed. The proposed solution is validated using DARPA dataset and has been thoroughly tested in multiple set of experimentations at client VM's in Cloud. It has provided a 100 % accuracy in DDoS attack detection with almost 32 times savior of computational resources at near to same detection speed compared to traditional per packet based NIDS at a back off detection value of T = 32.

Detecting and Preventing DDoS Attacks in Cloud.

Cloud is becoming a dominant computing platform. Naturally, a question that arises is whether we can beat notorious DDoS attacks in a cloud environment. Researchers have demonstrated that the essential issue of DDoS attack and defence is resource competition between defenders and attackers. A cloud usually possesses profound resources, and has full control and dynamic allocation capability of its resources. Therefore, cloud offers us the potential to overcome DDoS attacks. However, individual cloud hosted servers are still vulnerable to DDoS attacks if they still run in the traditional way. In this paper, we propose a dynamic resource allocation strategy to counter DDoS attacks against individual cloud customers. When a DDoS attack occurs, we employ the idle resources of the cloud to clone sufficient intrusion prevention servers for the victim in order to quickly filter out attack packets and guarantee the quality of the service for benign users simultaneously. We establish a mathematical model to approximate the needs of our resource investment based on queueing theory. Through careful system analysis and real-world data set experiments, we conclude that we can defeat DDoS attacks in a cloud environment.

An Adaptive Approach to Mitigate Ddos Attacks in Cloud

Distributed denial of service (DDOS) attack constitutes one of the prominent cyber threats and among the hardest security problems in modern cyber world. This research work focuses on reviewing DDOS detection techniques and developing a numeric stable theoretical framework used for detecting various DDOS attacks in cloud. Main sections in the paper are devoted to review and analysis of algorithms used for detection of DDOS attacks. The framework theorized here deals with the variability calculation method in conjunction with sampling, searching methods to find a current state of a particular parameter under observation for detecting DDOS attacks. This way a solution is to build that measure the performance and conduct the monitoring framework to capture adversity related to DDOS attacks. The described algorithm intends to capture the current context value of the parameters that determine the reliability of the detection algorithm and the online pass algorithm helps to maintain the variability of those collected values thus maintaining numerical stability by doing robust statistical operations at endpoints of traffic in cloud based network.