Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

The Use of Anomaly Detection for the Detection of Different Types of DDoS Attacks in Cloud Environment

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

Abstract

In most scenarios, distributed denial of service (DDoS) attacks can be categorized into three distinct groups: (1) attacks targeting and consuming bandwidth, (2) attacks targeting selected applications and (3) attacks targeting connection-layer exhaustion. This study discusses in depth our proposal of a unique, inclusive model that has the ability to precisely detect and categorize DDoS attacks with the help of comparing normal traffic and resource usage against the traffic and resource utilization reported during potential attack situations. Since the features from all three attack categories are dependent upon each other, we based the metrics of our detection model on data collected from all three types during each attack. Additionally, we utilized the cumulative sum algorithm for the sake of change detection in traffic and resource usage patterns.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Abbreviations

TSP:

Time spent on a web page

IOWi:

Network I/O in the web server virtual machine (incoming) (K bit/s)

IOWo:

Network I/O in the web server virtual machine (outgoing) (K bit/s)

IODi:

Network I/O in the database server virtual machine (incoming) (K bit/s)

IODo:

Network I/O in the database server virtual machine (outgoing) (K bit/s)

CPUW:

Percentage of CPU usage in the web server virtual machine

CPUD:

Percentage of CPU usage in the database server virtual machine

MemW:

Percentage of memory usage in the web server virtual machine

NBWph:

Network bandwidth usage in the web server per hours (MB)

NBWpd:

Network bandwidth usage in the web server per day (MB)

NBWpw:

Network bandwidth usage in the web server per week (GB)

NBWpm:

Network bandwidth usage in the web server per month (GB)

R(SYN):

The ration of SYN packets in TCP packets

R(ACK):

The ration of ACK packets in TCP packets

R(SYN + ACK):

The ration of SYN and ACK packets in TCP packets

NPi:

Number of packets (incoming) per second

NPo:

Number of packets (outgoing) per second

NHOP:

Number of half opened connections

References

  1. Mell P, Grance T (2011) The NIST definition of cloud computing. National Institute of Science and Technology, Special Publication 800:145

    Google Scholar 

  2. Furht B, Escalante A (2010) Handbook of cloud computing, vol 3. Springer

  3. Geelan J (2008) Twenty-one experts define cloud computing. Virtualization, Containers Expo Journal, Electronic Magazine. Available at http://virtualization.sys-con.com/node/612375

  4. Rahul M, Haque MJ, Muntjir M (2012) Impact of cloud computing on IT industry: a review & analysis 1

  5. VivinSandar S, Shenai S (2012) Economic denial of sustainability (EDoS) in cloud services using http and xml based DDoS attacks. Int J Comput Appl 41(20)

  6. Deshmukh RV, Devadkar KK (2015) Understanding DDoS attack & its effect in cloud environment. Procedia Comput Sci 49:202–210

    Article  Google Scholar 

  7. Jaafar GA, Abdullah SM, Ismail S (2019) Review of recent detection methods for HTTP DDoS attack. J Comput Netw Commun 2019:10

    Google Scholar 

  8. Medeira P, Grover J, Khorjiya M (2019) A survey on detecting application layer DDoS using big data technologies. J Emerg Technol Innov Res (JETIR), Available at SSRN https://ssrn.com/abstract=3385523

  9. Bogdanoski M, Suminoski T, Risteski A (2013) Analysis of the SYN flood DoS attack. Int J Comput Netw Inf Secur (IJCNIS) 5(8):1–11

    Google Scholar 

  10. Abbasi H et al (2019) Machine learning-based EDoS attack detection technique using execution trace analysis. J Hardw Syst Secur 3(2):164–176

    Article  Google Scholar 

  11. De Oca VM et al (2010) A cusum change-point detection algorithm for non-stationary sequences with application to data network surveillance. J Syst Softw 83(7):1288–1297

  12. Taylor WA (2000) Change-point analysis: a powerful new tool for detecting changes

  13. Abbasi H (2015) Detecting specific types of DDoS attacks in cloud environment by using anomaly detection. École Polytechnique de Montréal

  14. Yang L et al (2012) Defense of DDoS attack for cloud computing. In: 2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE)

  15. Chonka A et al (2011) Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks. J Netw Comput Appl 34(4):1097–1107

    Article  Google Scholar 

  16. Wang J, Yang X, Long K (2010) A new relative entropy based app-DDoS detection method. In: The IEEE Symposium on Computers and Communications

  17. Li A, Gu L, Xu K (2010) Fast anomaly detection for large data centers. In: 2010 IEEE Global Telecommunications Conference GLOBECOM 2010

  18. Anand A et al (2012) Resource usage monitoring for KVM based virtual machines. In: 2012 18th International Conference on Advanced Computing and Communications (ADCOM)

  19. Shea R, Liu J (2012) Understanding the impact of denial of service attacks on virtual machines. In: Proceedings of the 2012 IEEE 20th International Workshop on Quality of Service, IEEE Press: Coimbra, Portugal, p 1–9

  20. Sqalli MH, Al-Haidari F, Salah K (2011) EDoS-Shield - a two-steps mitigation technique against EDoS attacks in cloud computing. In: 2011 Fourth IEEE International Conference on Utility and Cloud Computing

  21. Kumar MN et al (2012) Mitigating economic denial of sustainability (EDoS) in cloud computing using in-cloud scrubber service. In: 2012 Fourth International Conference on Computational Intelligence and Communication Networks

  22. Alosaimi W, Al-Begain K (2013) An Enhanced economical denial of sustainability mitigation system for the cloud. In: 2013 Seventh International Conference on Next Generation Mobile Apps, Services and Technologies

  23. Masood M et al (2013) EDoS Armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In: INMIC

  24. Baig ZA, Binbeshr F (2013) Controlled virtual resource access to mitigate economic denial of sustainability (EDoS) attacks against cloud infrastructures. In: 2013 International Conference on Cloud Computing and Big Data

  25. Al-Haidari F, Sqalli MH, Salah K (2012) Enhanced EDoS-Shield for mitigating EDoS attacks originating from spoofed IP addresses. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

  26. Koduru A, Neelakantam T, SMSB (2013) Detection of economic denial of sustainability using time spent on a web page in cloud. In: 2013 IEEE International Conference on Cloud Computing in Emerging Markets (CCEM)

  27. Choi J et al (2014) A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Comput 18(9):1697–1703

    Article  Google Scholar 

  28. Nguyen TT, Armitage GJ (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutorials 10(1–4):56–76

    Article  Google Scholar 

  29. Hawkins DM, Qifan Wu (2014) The CUSUM and the EWMA head-to-head. Qual Eng 26(2):215–222

    Article  Google Scholar 

  30. Singh A, Juneja D (2010) Agent based preventive measure for UDP flood attack in DDoS attacks. Int J Eng Sci Technol 2

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Software Engineering, Ecole Polytechnique, Montreal, Canada

    Hossein Abbasi, Naser Ezzati-Jivan, Martine Bellaiche, Chamseddine Talhi & Michel R. Dagenais

Authors
  1. Hossein Abbasi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Naser Ezzati-Jivan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martine Bellaiche
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chamseddine Talhi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michel R. Dagenais
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hossein Abbasi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Abbasi, H., Ezzati-Jivan, N., Bellaiche, M. et al. The Use of Anomaly Detection for the Detection of Different Types of DDoS Attacks in Cloud Environment. J Hardw Syst Secur 5, 208–222 (2021). https://doi.org/10.1007/s41635-021-00119-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-021-00119-z

Keywords

Search

Navigation