Skip to main content
SpringerLink
Log in

DEFAD: ensemble classifier for DDOS enabled flood attack defense in distributed network environment

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Technological advancements in the information systems and networks are the outcome of potential developments resulting in the networking and communications. The role of Critical Infrastructure is playing a vital role in imparting the condition of effective information systems management. However, with some of the negative developments like DDoS attacks that impact the operations of network application systems, there are adverse set of issues encountered. With the rising number of DDoS attacks phenomenon, researchers have focused on developing contemporary solutions that can support in thwarting such attacks. From the review of such models in the literature review, it is imperative that two distinct dimensions like the detection and mitigation accuracy levels has scope for improvement and profoundly majority of such models were tested on the static datasets which are not pragmatic. Considering such equations, the model proposed in this manuscript focused on a contemporary range of solution that can be high on accuracy rate and also is tested over the dynamic dataset to understand the efficacy of the system. Using the ensemble classifiers comprising drift detection features, at service request stream level, the proposed solution if implemented can lead to better levels of detection. Experimental study of the model carried out using the service request stream that is synthesized is tested based on statistical metrics like accuracy, prediction value and true negative rates. Significance of the model is imperative in terms of results generated and its comparative analysis to the other bench-mark models in the segment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Palmieri, F., Ricciardi, S., Fiore, U., Ficco, M., Castiglione, A.: Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures. J. Supercomput. 5(71), 1620–1641 (2015)

    Article  Google Scholar 

  2. Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016)

    Article  Google Scholar 

  3. Najafabadi, M.M., Khoshgoftaar, T.M., Napolitano, A., Wheelus, C.: RUDY attack: detection at the network level and its important features. In: FLAIRS Conference, 30 March 2016, pp. 288–293

  4. Prasad, K.M., Reddy, A.R., Rao, K.V.: BIFAD: bio-inspired anomaly based HTTP-flood attack detection. Wirel. Pers. Commun. 97(1), 281–308 (2017)

    Article  Google Scholar 

  5. Vivin Sandar, S., Shenai, S.: Economic denial of sustainability (EDOS) in cloud services using http and xml based DDOS attacks. Int. J. Comput. Appl. 41(20), 11–16 (2012)

    Google Scholar 

  6. Iglesias, F., Zseby, T.: Analysis of network traffic features for anomaly detection. Mach. Learn. 1, 101 (2015)

    MathSciNet  Google Scholar 

  7. Claise, B., Trammell, B., Aitken, P.: Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. Request for Comments 7011 (2013)

  8. Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of slow DoS attacks to web applications. In: Recent Trends in Computer Networks and Distributed Systems Security, pp. 195–204 (2012)

    Google Scholar 

  9. Akamai: Akamai’s [State of the Internet]/Security Q1/2016 Report. http://www.akamai.com/StateofTheInternet (2016)

  10. Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)

    Google Scholar 

  11. Loukas, G., Öke, G.: Protection against denial of service attacks: a survey. Comput. J. 53(7), 1020–1037 (2009)

    Article  Google Scholar 

  12. Palagiri, C.: Network-Based Intrusion Detection Using Neural Networks, pp. 12180–13590. Department of Computer Science Rensselaer Polytechnic Institute Troy, New York (2002)

    Google Scholar 

  13. Apale, S., Kamble, R., Ghodekar, M., Nemade, H., Waghmode, R.: Defense mechanism for DDoS attack through machine learning. Int. J. Res. Eng. Technol. 3(10), 291–294 (2014)

    Article  Google Scholar 

  14. Vijayasarathy, R., Raghavan, S.V., Ravindran, B.: A system approach to network modeling for DDoS detection using a Naive Bayesian classifier. In: Third International Conference on Communication Systems and Networks (COMSNETS), 4 January 2011, pp. 1–10. IEEE, Los Alamitos (2011)

  15. Lu, K., Wu, D., Fan, J., Todorovic, S., Nucci, A.: Robust and efficient detection of DDoS attacks for large-scale internet. Comput. Netw. 51(18), 5036–5056 (2007)

    Article  Google Scholar 

  16. Pan, W., Li, W.: A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: International Symposium on Parallel and Distributed Processing and Applications, pp. 564–575 (2005)

    Chapter  Google Scholar 

  17. Norouzian, M.R., Merati, S.: Classifying attacks in a network intrusion detection system based on artificial neural networks. In: 2011 13th International Conference on Advanced Communication Technology (ICACT), 13 February 2011, pp. 868–873. IEEE, Los Alamitos (2011)

  18. Haddadi, F., Khanchi, S., Shetabi, M., Derhami, V.: Intrusion detection and attack classification using feed-forward neural network. In: Proceedings of the 2010 Second International Conference on Computer and Network Technology, 23 April 2010, pp. 262–266. IEEE Computer Society, Washington DC (2010)

  19. Jorgenson, J., Manikopoulos, C., Li, J., Zhang, Z.: A hierarchical anomaly network intrusion detection system using neural network classification. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, June 2001

  20. Karimazad, R., Faraahi, A.: An anomaly-based method for DDoS attacks detection using RBF neural networks. In: Proceedings of the International Conference on Network and Electronics Engineering, vol. 11, pp. 44–48, 16 September 2011

  21. Jawale, M.D., Bhusari, V.: Technique to detect and classify attacks in NIDS using ANN. Int. J. Emerg. Res. Manag. Technol. 3(10), 75–81 (2014)

    Google Scholar 

  22. Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)

    Article  Google Scholar 

  23. Huang, Z., Liu, S., et al.: Insight of the protection for data security under selective opening attacks. Inf. Sci. 12, 223–241 (2017)

    Article  Google Scholar 

  24. Alomari, E., Gupta, B.B., Karuppayah, S.: Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. Int. J. Comput. Appl. 49(7), 24–32 (2012)

    Google Scholar 

  25. Chen, X., Huang, X., Li, J., Ma, J., Lou, W., Wong, D.S.: New algorithms for secure outsourcing of large-scale systems of linear equations. IEEE Trans. Inf. Forensics Security 10(1), 38 (2015)

    Google Scholar 

  26. Barford, P., Plonka, D.: Characteristics of network traffic flow anomalies. In: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, 1 November 2001, pp. 69–73. ACM, New York (2001)

  27. Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: 2015 IEEE 4th International Conference on Cloud Networking (CloudNet), 5 October 2015, pp. 248–254. IEEE, Los Alamitos (2015)

  28. Seufert, S., O’Brien, D.: Machine learning for automatic defence against distributed denial of service attacks. In: IEEE International Conference on Communications, 2007 (ICC’07), 24 June 2007, pp. 1217–1222. IEEE, Los Alamitos (2007)

  29. Berral, J.L., Poggi, N., Alonso, J., Gavalda, R., Torres, J., Parashar, M.: Adaptive distributed mechanism against flooding network attacks based on machine learning. In: Proceedings of the 1st ACM workshop on Workshop on AISec 27 October 2008, pp. 43–50. ACM, New York (2008)

  30. Huang, G.B., Zhou, H., Ding, X., Zhang, R.: Extreme learning machine for regression and multiclass classification. IEEE Trans. Syst. Man Cybernet. Part B (Cybernetics) 42(2), 513–529 (2012)

    Article  Google Scholar 

  31. Srimuang, W., Intarasothonchun, S.: Classification model of network intrusion using Weighted Extreme Learning Machine. In: 2015 12th International Joint Conference on Computer Science and Software Engineering (JCSSE), 22 July 2015, pp. 190–194. IEEE, Los Alamitos (2015)

  32. Fossaceca, J.M., Mazzuchi, T.A., Sarkani, S.: MARK-ELM: application of a novel Multiple Kernel Learning framework for improving the robustness of Network Intrusion Detection. Expert Syst. Appl. 42(8), 4062–4080 (2015)

    Article  Google Scholar 

  33. Kumar, P.A., Selvakumar, S.: Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Comput. Commun. 36(3), 303–319 (2013)

    Article  Google Scholar 

  34. Ghasemi, A., Zahediasl, S.: Normality tests for statistical analysis: a guide for non-statisticians. Int. J. Endocrinol. Metab. 10(2), 486 (2012)

    Article  Google Scholar 

  35. Jech, T.: Set Theory. Springer, Berlin (2013)

    MATH  Google Scholar 

  36. Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. 2(12), 1848–1853 (2013)

    Google Scholar 

  37. KDD data set, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (1999)

  38. The CAIDA: “DDoS Attack 2007”. Dataset Paul Hick, Emile Aben, kc claffy, Josh Polterock. http://www.caida.org/data/passive/ddos-20070804dataset.xml (2007)

  39. CAIDA UCSD Network telescope: “Three days of conficker”—November 2008, Paul Hick, Emile Aben, Dan Andersen, kc claffy. www.caida.org/data/passive/telescope-3days-conficker_dataset.xml (2008)

  40. Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: 2010 IEEE Symposium on Security and Privacy (SP), 16 May 2010, pp. 305–316. IEEE, Los Alamitos (2010)

  41. Behal, S., Kumar, K.: Characterization and comparison of DDoS attack tools and traffic generators: a review. Int. J. Netw. Security 19(3), 383–393 (2017)

    Google Scholar 

  42. Kiran, S., Mohapatra, A., Swamy, R.: Experiences in performance testing of web applications with Unified Authentication platform using Jmeter. In: 2015 International Symposium on Technology Management and Emerging Technologies (ISTMET), 25 August 2015, pp. 74–78. IEEE, Los Alamitos (2015)

  43. Badve, O.P., Gupta, B.B.: Taxonomy of recent DDoS attack prevention, detection, and response schemes in cloud environment. In: Proceedings of the International Conference on Recent Cognizance in Wireless Communication & Image Processing 2016, pp. 683–693. Springer, New Delhi

    Chapter  Google Scholar 

  44. Jia, B., Huang, X., Liu, R., Ma, Y.: A DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning. J. Electr. Comput. Eng. 2017(2), 1–9 (2017)

    Google Scholar 

  45. Powers, D.M.: Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation. J. Mach. Learn. Technol. 2(1), 37–63 (2011)

    MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CSE, JNTUH, Hyderabad, Telangana, India

    K. Munivara Prasad

  2. Sri Venkateswara University College of Engineering, Sri Venkateswara University, Tirupati, Andhra Pradesh, India

    A. Rama Mohan Reddy

  3. Department of CSE, GNITS, Shaikpet, Hyderabad, Telangana, India

    K. Venugopal Rao

Authors
  1. K. Munivara Prasad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Rama Mohan Reddy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. K. Venugopal Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Munivara Prasad.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Prasad, K.M., Reddy, A.R.M. & Rao, K.V. DEFAD: ensemble classifier for DDOS enabled flood attack defense in distributed network environment. Cluster Comput 21, 1765–1783 (2018). https://doi.org/10.1007/s10586-018-2808-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-018-2808-5

Keywords

Search

Navigation