An efficient DDoS TCP flood Attack detection and prevention system in a cloud environment

Sahi, Aqeel and Lai, David and Li, Yan and Diykh, Mohammed (2017) An efficient DDoS TCP flood Attack detection and prevention system in a cloud environment. IEEE Access, 5. pp. 6036-6048.

Abstract

Although the number of cloud projects has dramatically increased over the last few years,
ensuring the availability and security of project data, services, and resources is still a crucial and challenging
research issue. Distributed denial of service (DDoS) attacks are the second most prevalent cybercrime attacks
after information theft. DDoS TCP �ood attacks can exhaust the cloud's resources, consume most of its
bandwidth, and damage an entire cloud project within a short period of time. The timely detection and
prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. In this paper,
we present a new classi�er system for detecting and preventing DDoS TCP �ood attacks (CS_DDoS) in
public clouds. The proposed CS_DDoS system offers a solution to securing stored records by classifying
the incoming packets and making a decision based on the classi�cation results. During the detection phase,
the CS_DDOS identi�es and determines whether a packet is normal or originates from an attacker. During
the prevention phase, packets, which are classi�ed as malicious, will be denied to access the cloud service and
the source IP will be blacklisted. The performance of the CS_DDoS system is compared using the different
classi�ers of the least squares support vector machine (LS-SVM), naïve Bayes, K-nearest, and multilayer
perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classi�er is
adopted. It can detect DDoS TCP �ood attacks with about 97% accuracy and with a Kappa coef�cient of
0.89 when under attack from a single source, and 94% accuracy with a Kappa coef�cient of 0.9 when under
attack from multiple attackers. Finally, the results are discussed in terms of accuracy and time complexity,
and validated using a K-fold cross-validation model.


Statistics for USQ ePrint 32642
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Additional Information: Permanent restricted access to Published version, in accordance with the copyright policy of the publisher.
Faculty / Department / School: Current - Faculty of Health, Engineering and Sciences - School of Agricultural, Computational and Environmental Sciences
Date Deposited: 12 Sep 2017 03:05
Last Modified: 12 Sep 2017 03:05
Uncontrolled Keywords: Classi�cation, cloud computing, DDoS attacks, LS-SVM.
Fields of Research : 08 Information and Computing Sciences > 0805 Distributed Computing > 080503 Networking and Communications
Identification Number or DOI: 10.1109/ACCESS.2017.2688460
URI: http://eprints.usq.edu.au/id/eprint/32642

Actions (login required)

View Item Archive Repository Staff Only