An Adaptive Threshold-Based Attribute Selection to Classify Requests Under DDoS Attack in Cloud-Based Systems

  • Priyanka VermaEmail author
  • Shashikala Tapaswi
  • W. Wilfred Godfrey
Research Article - Computer Engineering and Computer Science


Cloud-based services are increasing day by day for various purposes due to its perpetuity and diverse dexterity. However, offensive network traffic such as distributed denial of service (DDoS) plays a significant role in threatening the cloud-based services. Therefore, defense for such attacks is required to save the cloud resources. Most of the attribute selection approaches for request classification are based on static threshold statistics. These statistics are the default values used to reduce the dimensionality of data. However, these default statistics do not work well with varying network conditions and for different intensities of DDoS attack. Therefore, an adaptive statistic is required to deal with different network and incoming traffic conditions. This paper also gives an comprehensive analysis of TCP, UDP and ICMP protocol-based DDoS attack and its effects on the cloud network. Based on the analysis and above issues, this paper presents an adaptive hybrid approach for attribute selection and classification of incoming traffic. The proposed approach consists of three subsystems such as (1) preprocessing subsystem, (2) adaptive attribute selection subsystem and (3) detection and prevention subsystem. The work utilizes NSL-KDD dataset which helps in the evaluation of the proposed approach. It is concluded that the combination of Mean Absolute Deviation technique with Random Forest classifier (MAD-RF) outperforms the other combinations. Therefore, MAD-RF is selected for further analysis. MAD-RF is also capable of dealing with TCP, UDP and ICMP protocol-based DDoS attack. The result shows that MAD-RF outperforms dimensionality reduction, traditional attribute selection methods and state-of-the-art approaches.


Availability Cloud computing DDoS Classifiers Threshold techniques 


  1. 1.
    Zissis, D.; Lekkas, D.: Addressing cloud computing security issues. Future Gener. Comput. Syst. 28(3), 583–592 (2012)CrossRefGoogle Scholar
  2. 2.
    Riad, K.; Hamza, R.; Yan, H.: Sensitive and energetic IoT access control for managing cloud electronic health records. IEEE Access 7, 86384–86393 (2019)CrossRefGoogle Scholar
  3. 3.
    Aldossary, S.; Allen, W.: Data security, privacy, availability and integrity in cloud computing: issues and current solutions. Int. J. Adv. Comput. Sci. Appl. 7(4), 485–498 (2016)Google Scholar
  4. 4.
    Deshmukh, R.V.; Devadkar, K.K.: Understanding DDoS attack and its effect in cloud environment. Procedia Comput. Sci. 49, 202–210 (2015)CrossRefGoogle Scholar
  5. 5.
    Hamza, R.; Yan, Z.; Muhammad, K.; Bellavista, P.; Titouna, F.: A privacy-preserving cryptosystem for IoT E-healthcare. Inf. Sci. (2019). CrossRefGoogle Scholar
  6. 6.
    Peng, T.; Leckie, C.; Ramamohana Rao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. (CSUR) 39(1), 3 (2007)CrossRefGoogle Scholar
  7. 7.
    Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M.; Rajarajan, M.; Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4, 22–32 (2017). CrossRefGoogle Scholar
  8. 8.
    Somani, G.; Gaur, M.S.; Sanghi, D.; Conti, M.; Buyya, R.: DDoS attacks in cloud computing: issues, taxonomy, and future directions. Comput. Commun. 107, 30–48 (2017)CrossRefGoogle Scholar
  9. 9.
    Chaudhary, D.; Bhushan, K.; Gupta, B.B.: Survey on DDoS attacks and defense mechanisms in cloud and fog computing. Int. J. E-Serv. Mob. Appl. (IJESMA) 10(3), 61–83 (2018)CrossRefGoogle Scholar
  10. 10.
    Gupta, B.B.; Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)CrossRefGoogle Scholar
  11. 11.
    Koc, L.; Mazzuchi, T.A.; Sarkani, S.: A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier. Expert Syst. Appl. 39(18), 13492–13500 (2012)CrossRefGoogle Scholar
  12. 12.
    Wang, W.; Gombault, S.: Efficient detection of DDoS attacks with important attributes. In: Third International Conference on Risks and Security of Internet and Systems, 2008. CRiSIS’08, pp. 61–67. IEEE (2008)Google Scholar
  13. 13.
    De la Hoz, E.; De La Hoz, E.; Ortiz, A.; Ortega, J.; Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015)CrossRefGoogle Scholar
  14. 14.
    Yang, C.: Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Cluster Comput. (2018). CrossRefGoogle Scholar
  15. 15.
    Hajimirzaei, B.; Navimipour, N.J.: Intrusion detection for cloud computing using neural networks and artificial bee colony optimization algorithm. ICT Express. ISSN 2405–9595 (2018). CrossRefGoogle Scholar
  16. 16.
    Thaseen, I.S.; Kumar, C.A.: Intrusion detection model using fusion of chi-square feature selection and multi class SVM. J. King Saud Univ. Comput. Inf. Sci. 29(4), 462–472 (2017)CrossRefGoogle Scholar
  17. 17.
    Mazini, M.; Shirazi, B.; Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. Comput. Inf. Sci 31(4), 541–553 (2019)Google Scholar
  18. 18.
    Sreeram, I.; Vuppala, V.P.K.: HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl. Comput. Inform. 15(1), 59–66 (2019)CrossRefGoogle Scholar
  19. 19.
    Manavi, M.T.: Defense mechanisms against Distributed Denial of Service attacks: a survey. Comput. Electr. Eng. 72, 26–38 (2018)CrossRefGoogle Scholar
  20. 20.
    Kaur, P.; Kumar, M.; Bhari, A.: A review of detection approaches for distributed Denial of service attacks. Syst. Sci. Control Eng. 5(1), 301–320 (2017)CrossRefGoogle Scholar
  21. 21.
    Inayat, Z.; Gani, A.; Anuar, N.B.; Anwar, S.; Khan, M.K.: Cloud-based intrusion detection response system: open research issues, solutions. Arab. J. Sci. Eng. 42(2), 399–423 (2017)CrossRefGoogle Scholar
  22. 22.
    Yusof, A.R.A.; Udzir, N.I.; Selamat, A.; Hamdan, H.; Abdullah, M.T.: Adaptive feature selection for Denial of services (DoS) attack. In: 2017 IEEE Conference on Application, Information Network Security (AINS), pp. 81–84 (2017)Google Scholar
  23. 23.
    Balkanli, E.; Zincir-Heywood, A.N.; Heywood, M.I.: Feature selection for robust backscatter DDoS detection. In: 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), pp. 611–618. IEEE (2015)Google Scholar
  24. 24.
    Zi, L.; Yearwood, J.; Wu, X.W.: Adaptive clustering with feature ranking for DDoS attacks detection. In: 2010 Fourth International Conference on Network System Security, pp. 281–286. IEEE (2010)Google Scholar
  25. 25.
    Osanaiye, O.; Cai, H.; Choo, K.K.R.; Dehghantanha, A.; Xu, Z.; Dlodlo, M.: Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016(1), 130 (2016)CrossRefGoogle Scholar
  26. 26.
    Cao, J.; Yu, B.; Dong, F.; Zhu, X.; Xu, S.: Entropy-based Denial-of-service attack detection in cloud data center. Concurr. Comput. Pract. Exp. 27(18), 5623–5639 (2015)CrossRefGoogle Scholar
  27. 27.
    Özçelik, İ.; Brooks, R.R.: Deceiving entropy based DoS detection. Comput. Secur. 48, 234–245 (2015)CrossRefGoogle Scholar
  28. 28.
    Jian-Qi, Z.; Feng, F.; Ke-Xin, Y.; Yan-Heng, L.: Dynamic entropy based DoS attack detection method. Comput. Electr. Eng. 39(7), 2243–2251 (2013)CrossRefGoogle Scholar
  29. 29.
    Jun, J.H.; Ahn, C.W.; Kim, S.H.: DDoS attack detection by using packet sampling flow features. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 711–712 (2014)Google Scholar
  30. 30.
    Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: An empirical evaluation of information metrics for low-rate high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)CrossRefGoogle Scholar
  31. 31.
    Bhuyan, M.H.; Bhattacharyya, D.K.; Kalita, J.K.: E-LDAT: a lightweight system for DDoS flooding attack detection IP traceback using extended entropy metric. Secur. Commun. Netw. 9(16), 3251–3270 (2016)CrossRefGoogle Scholar
  32. 32.
    Lee, K.; Kim, J.; Kwon, K.H.; Han, Y.; Kim, S.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34(3), 1659–1665 (2008)CrossRefGoogle Scholar
  33. 33.
    Özçelik, İ.; Brooks, R.R.: Cusum-entropy: an efficient method for DDoS attack detection. In: 2016 4th International Istanbul Smart Grid Congress Fair (ICSG), pp. 1–5. IEEE (2016)Google Scholar
  34. 34.
    Patrikakis, C.; Masikos, M.; Zouraraki, O.: Distributed Denial of service attacks. Internet Protoc. J. 7(4), 13–35 (2004)Google Scholar
  35. 35.
    Gil, T.M.; Poletto, M.: MULTOPS: a data-structure for bandwidth attack detection. In: USENIX Security Symposium, pp. 23–38 (2001)Google Scholar
  36. 36.
    Zunnurhain, K.; Vrbsky, S.V.; Hasan, R.: FAPA: flooding attack protection architecture in a cloud system. Int. J. Cloud Comput. 3(4), 379–401 (2014)CrossRefGoogle Scholar
  37. 37.
    Mirkovic, J.; Reiher, P.: D-WARD: a source-end defense against flooding Denial-of-service attacks. IEEE Trans. Dependable Secure Comput. 2(3), 216–232 (2005)CrossRefGoogle Scholar
  38. 38.
    Rahmani, H.; Sahli, N.; Kamoun, F.: DDoS flooding attack detection scheme based on F-divergence. Comput. Commun. 35(11), 1380–1391 (2012)CrossRefGoogle Scholar
  39. 39.
    Han, J.; Pei, J.; Kamber, M.: Data Mining: Concepts Techniques. Elsevier, New York (2011)zbMATHGoogle Scholar
  40. 40.
    Shannon, C.: A mathematical theory of communication. ACM SIGMOBILE Mob. Comput. Commun. Rev. 5, 3–55 (2001)CrossRefGoogle Scholar
  41. 41.
    Sree, T.R.; Bhanu, S.M.S.: Detection of HTTP flooding attacks in cloud using dynamic entropy method. Arab. J. Sci. Eng. 43(12), 6995–7014 (2018)CrossRefGoogle Scholar
  42. 42.
    Beloglazov, A.; Abawajy, J.; Buyya, R.: Energy-aware resource allocation heuristics for efficient management of data centers for cloud computing. Future Gener. Comput. Syst. 28(5), 755–768 (2012)CrossRefGoogle Scholar
  43. 43.
    Senthilkumaran, N.; Vaithegi, S.: Image segmentation by using thresholding techniques for medical images. Comput. Sci. Eng. Int. J. 6(1), 1–13 (2016)Google Scholar
  44. 44.
    Zou, X.; Cao, J.; Guo, Q.; Wen, T.: A novel network security algorithm based on improved support vector machine from smart city perspective. Comput. Electr. Eng. 65, 67–78 (2018)CrossRefGoogle Scholar
  45. 45.
    Joshi, A.; Monnier, C.; Betke, M.; Sclaroff, S.: Comparing rom forest approaches to segmenting classifying gestures. Image Vis. Comput. 58, 86–95 (2017)CrossRefGoogle Scholar
  46. 46.
    Xu, Y.; Zhu, Q.; Fan, Z.; Qiu, M.; Chen, Y.; Liu, H.: Coarse to fine K nearest neighbor classifier. Pattern Recognit. Lett. 34(9), 980–986 (2013)CrossRefGoogle Scholar
  47. 47.
    Hu, Y.C.: Pattern classification by multi-layer perceptron using fuzzy integral-based activation function. Appl. Soft Comput. 10(3), 813–819 (2010)MathSciNetCrossRefGoogle Scholar
  48. 48.
    Chu, J.; Lee, T.H.; Ullah, A.: Component-Wise AdaBoost Algorithms for High-Dimensional Binary Classification Class Probability Prediction. Handbook of Statistics, Elsevier (2018). Google Scholar
  49. 49.
    Trabelsi, A.; Elouedi, Z.; Lefevre, E.: Decision tree classifiers for evidential attribute values class labels. Fuzzy Sets Syst. (2018). CrossRefzbMATHGoogle Scholar
  50. 50.
  51. 51.
    Guo, C.; Ping, Y.; Liu, N.; Luo, S.S.: A two-level hybrid approach for intrusion detection. Neurocomputing 214, 391–400 (2016)CrossRefGoogle Scholar
  52. 52.
    Eesa, A.S.; Orman, Z.; Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42(5), 2670–2679 (2015)CrossRefGoogle Scholar
  53. 53.
    Raman, M.G.; Somu, N.; Kirthivasan, K.; Liscano, R.; Sriram, V.S.: An efficient intrusion detection system based on hypergraph: genetic algorithm for parameter optimization feature selection in support vector machine. Knowl. Based Syst. 134, 1–12 (2017)CrossRefGoogle Scholar
  54. 54.
    Kuang, F.; Xu, W.; Zhang, S.: A novel hybrid KPCA SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)CrossRefGoogle Scholar
  55. 55.
    Singh, R.; Kumar, H.; Singla, R.K.: An intrusion detection system using network traffic profiling online sequential extreme learning machine. Expert Syst. Appl. 42(22), 8609–8624 (2015)CrossRefGoogle Scholar
  56. 56.
    de la Hoz, E.; Ortiz, A.; Ortega, J.; de la Hoz, E.: Network anomaly classification by support vector classifiers ensemble non-linear projection techniques. In: International Conference on Hybrid Artificial Intelligence Systems, pp. 103–111. Springer, Berlin (2013)Google Scholar
  57. 57.
    Kayacik, H.G.; Zincir-Heywood, A.N.; Heywood, M.I.: A hierarchical SOM-based intrusion detection system. Eng. Appl. Artif. Intell. 20(4), 439–451 (2007)CrossRefGoogle Scholar
  58. 58.
    Raman, M.G.; Somu, N.; Kirthivasan, K.; Sriram, V.S.: A hypergraph arithmetic residue-based probabilistic neural network for classification in intrusion detection systems. Neural Netw. 92, 89–97 (2017)CrossRefGoogle Scholar
  59. 59.
    Bamakan, S.M.H.; Wang, H.; Yingjie, T.; Shi, Y.: An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199, 90–102 (2016)CrossRefGoogle Scholar
  60. 60.
    Aminanto, M.E.; Kim, H.; Kim, K.M.; Kim, K.: Another fuzzy anomaly detection system based on ant clustering algorithm. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 100(1), 176–183 (2017)CrossRefGoogle Scholar
  61. 61.
    Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)CrossRefGoogle Scholar
  62. 62.
    Pajouh, H.H.; Dastghaibyfard, G.; Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)CrossRefGoogle Scholar
  63. 63.
    Hamamoto, A.H.; Carvalho, L.F.; Sampaio, L.D.H.; Abrão, T.; Proença Jr., M.L.: Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst. Appl. 92, 390–402 (2018)CrossRefGoogle Scholar
  64. 64.
    Sharma, R.; Chaurasia, S.: An enhanced approach to fuzzy C-means clustering for anomaly detection. In: Proceedings of First International Conference on Smart System, Innovations and Computing, pp. 623–636. Springer, Singapore (2018)CrossRefGoogle Scholar
  65. 65.
    Borah, S.; Panigrahi, R.; Chakraborty, A.: An enhanced intrusion detection system based on clustering. In: Saeed, K., Chaki, N., Pati, B., Bakshi, S., Mohapatra, D. (eds.) Progress in Advanced Computing and Intelligent Engineering. Advances in Intelligent Systems and Computing, vol. 564. Springer, Singapore (2018)Google Scholar
  66. 66.
    Achbarou, O.; El Kiram, M.A.; Bourkoukou, O.; Elbouanani, S.: A new distributed intrusion detection system based on multi-agent system for cloud environment. Int. J. Commun. Netw. Inf. Secur. 10(3), 526 (2018)Google Scholar
  67. 67.
    Verma, P.; Anwar, S.; Khan, S.; Mane, S.B.: Network intrusion detection using clustering and gradient boosting. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7. IEEE (2018)Google Scholar
  68. 68.
    Ghosh, P.; Karmakar, A.; Sharma, J.; Phadikar, S.: CS-PSO based intrusion detection system in cloud environment. In: Emerging Technologies in Data Mining and Information Security, pp. 261–269. Springer, Singapore (2019)Google Scholar
  69. 69.
    Mohammadi, S.; Amiri, F.: An efficient hybrid self-learning intrusion detection system based on neural networks. Int. J. Comput. Intell. Appl. 18(01), 1950001 (2019)CrossRefGoogle Scholar

Copyright information

© King Fahd University of Petroleum & Minerals 2019

Authors and Affiliations

  1. 1.Atal Bihari Vajpayee - Indian Institute of Information Technology and ManagementGwaliorIndia

Personalised recommendations