An efficient DDoS TCP flood Attack detection and prevention system in a cloud environment

Sahi, Aqeel and Lai, David and Li, Yan and Diykh, Mohammed (2017) An efficient DDoS TCP flood Attack detection and prevention system in a cloud environment. IEEE Access, 5. pp. 6036-6048.


Abstract

Although the number of cloud projects has dramatically increased over the last few years,
ensuring the availability and security of project data, services, and resources is still a crucial and challenging
research issue. Distributed denial of service (DDoS) attacks are the second most prevalent cybercrime attacks
after information theft. DDoS TCP �ood attacks can exhaust the cloud's resources, consume most of its
bandwidth, and damage an entire cloud project within a short period of time. The timely detection and
prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. In this paper,
we present a new classi�er system for detecting and preventing DDoS TCP �ood attacks (CS_DDoS) in
public clouds. The proposed CS_DDoS system offers a solution to securing stored records by classifying
the incoming packets and making a decision based on the classi�cation results. During the detection phase,
the CS_DDOS identi�es and determines whether a packet is normal or originates from an attacker. During
the prevention phase, packets, which are classi�ed as malicious, will be denied to access the cloud service and
the source IP will be blacklisted. The performance of the CS_DDoS system is compared using the different
classi�ers of the least squares support vector machine (LS-SVM), naïve Bayes, K-nearest, and multilayer
perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classi�er is
adopted. It can detect DDoS TCP �ood attacks with about 97% accuracy and with a Kappa coef�cient of
0.89 when under attack from a single source, and 94% accuracy with a Kappa coef�cient of 0.9 when under
attack from multiple attackers. Finally, the results are discussed in terms of accuracy and time complexity,
and validated using a K-fold cross-validation model.


Statistics for USQ ePrint 32642
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Faculty/School / Institute/Centre: Historic - Faculty of Health, Engineering and Sciences - School of Agricultural, Computational and Environmental Sciences (1 Jul 2013 - 5 Sep 2019)
Faculty/School / Institute/Centre: Historic - Faculty of Health, Engineering and Sciences - School of Agricultural, Computational and Environmental Sciences (1 Jul 2013 - 5 Sep 2019)
Date Deposited: 12 Sep 2017 03:05
Last Modified: 12 Mar 2019 05:34
Uncontrolled Keywords: Classi�cation, cloud computing, DDoS attacks, LS-SVM.
Fields of Research (2008): 08 Information and Computing Sciences > 0805 Distributed Computing > 080503 Networking and Communications
Identification Number or DOI: https://doi.org/10.1109/ACCESS.2017.2688460
URI: http://eprints.usq.edu.au/id/eprint/32642

Actions (login required)

View Item Archive Repository Staff Only