Machine Learning-Based EDoS Attack Detection Technique Using Execution Trace Analysis

  • Hossein AbbasiEmail author
  • Naser Ezzati-Jivan
  • Martine Bellaiche
  • Chamseddine Talhi
  • Michel R. Dagenais


One of the most important benefits of using cloud computing is the benefit of on-demand services. Accordingly, the method of payment in the cloud environment is pay per use. This feature results in a new kind of DDOS attack called Economic Denial of Sustainability (EDoS), in which the customer pays extra to the cloud provider as a result of the attack. Similar to other DDoS attacks, EDoS attacks are divided into different types, such as (1) bandwidth-consuming attacks, (2) attacks that target specific applications, and 3) connection-layer exhaustion attacks. In this work, we propose a novel framework to detect different types of EDoS attacks by designing a profile that learns from and classifies the normal and abnormal behaviors. In this framework, the extra demanding resources are only allocated to VMs that are detected to be in a normal situation and therefore prevent the cloud environment from attack and resource misuse propagation.


DDoS attacks EDoS attacks Cloud computing Machine learning Detection 



  1. 1.
    Geelan J (2009) Twenty-One Experts define cloud computing. Virtualization JournalGoogle Scholar
  2. 2.
    Bogdanoski MS, Risteski TA Analysis of the SYN Flood DoS Attack. Computer Network and Information Security 2013(MECS)Google Scholar
  3. 3.
    VivinSandar S, Shenai S (2012) Economic denial of sustainability (EDos) in cloud services using HTTP and XML based DDos attacks. International Journal of Computer ApplicationsGoogle Scholar
  4. 4.
    Mell P, Grance T (2011) The NIST definition of cloud computing. National Institute of Standards and TechnologyGoogle Scholar
  5. 5.
    Furht B, Escalante A (2010) Handbook of Cloud Computing. Springer, Berlin. 634CrossRefGoogle Scholar
  6. 6.
    Hsin-Yi T, et al. (2012) Threat as a service?: virtualization’s impact on cloud security. IT Professional 14 (1):32–37CrossRefGoogle Scholar
  7. 7.
    Shea R, Jiangchuan L (2012) Understanding the impact of denial of service attacks on virtual machines. In: 2012 IEEE 20th international workshop on quality of service (IWQos)Google Scholar
  8. 8.
    Sqalli MH, Al-Haidari F, Salah K (2011) EDOs-shield - a two-steps mitigation technique against EDos attacks in cloud computing. In: 2011 Fourth IEEE international conference on utility and cloud computing (UCC)Google Scholar
  9. 9.
    Naresh Kumar M et al (2012) Mitigating economic denial of sustainability (EDoS) in cloud computing using in-cloud scrubber service. In: 2012 Fourth international conference on computational intelligence and communication networks (CICN)Google Scholar
  10. 10.
    Alosaimi W, Al-Begain K (2013) An enhanced economical denial of sustainability mitigation system for the cloud. In: 2013 Seventh international conference on next generation mobile apps services and technologies (NGMAST)Google Scholar
  11. 11.
    Masood M, et al. (2013) EDOs armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In: Multi topic conference (INMIC) 2013 16th InternationalGoogle Scholar
  12. 12.
    Baig ZA, Binbeshr F (2013) Controlled virtual resource access to mitigate economic denial of sustainability (EDos) attacks against cloud infrastructures. In: 2013 international conference on cloud computing and big data (CloudCom-Asia)Google Scholar
  13. 13.
    Al-Haidari F, Sqalli MH, Salah K (2012) Enhanced EDoS-Shield for mitigating EDoS attacks originating from spoofed IP addresses. In: 2012 IEEE 11th international conference on trust, security and privacy in computing and communications (TrustCom)Google Scholar
  14. 14.
    Koduru A, Neelakantam T, Bhanu SMS (2013) Detection of eco-nomic denial of sustainability using time spent on a web pagein cloud. In: 2013 IEEE international conference on cloudcomputing in emerging markets (CCEM), pp 1–4Google Scholar
  15. 15.
    NSFOCUS, Bandwidth Consumption DDoS Attacks and Mitigation Methods. 2013: NSFOCUSGoogle Scholar
  16. 16.
  17. 17.
    Desnoyers M, Dagenais M (2008) LTTNg: tracing across execution layers, from the hypervisor to user-space. In: Proceedings of the Ottawa linux symposiumGoogle Scholar
  18. 18.
    Defending Networks with Incomplete Information: A Machine Learning Approach. 2013, BlackHat BriefingsGoogle Scholar
  19. 19.
    Subbulakshmi T et al (2011) Detection of DDos attacks using enhanced support vector machines with real time generated dataset. In: 2011 Third international conference on advanced computing (ICoAC)Google Scholar
  20. 20.
    Joshi B, Vijayan AS, Joshi BK (2012) Securing cloud computing environment against DDos attacks. In: 2012 international conference on computer communication and informatics (ICCCI)Google Scholar
  21. 21.
    Nguyen TTT, Armitage G (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutorials 10(4):56–76CrossRefGoogle Scholar
  22. 22.
    Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177 (18):3799–3821CrossRefGoogle Scholar
  23. 23.
    Holmes G, Donkin A, Witten IH (1994) WEKA: a machine learning workbench. In: 1994 Proceedings of the 1994 Second Australian and New Zealand conference on intelligent information systemsGoogle Scholar
  24. 24.
    Choi J, Choi C, Ko B, Kim P (2014) A method of DDos attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Comput 18:1697–1703. CrossRefGoogle Scholar
  25. 25.
    Ezzati-Jivan N, Dagenais MR (2015) Cube data model for multilevel statistics computation of live execution traces. Concurrency Computat Pract Exper 27:1069–1091. CrossRefGoogle Scholar
  26. 26.
    Bogdanoski M, Suminoski T, Risteski A (2013) Analy-sis of the syn flood dos attack. International Journal of Computer Networkand Information Security (IJCNIS) 5(8):1–11Google Scholar
  27. 27.
    Ceponis D, Goranin N (2018) Towards a robust method of datasetgeneration of malicious activity on a windows-based operating system foranomaly-based hids trainingGoogle Scholar
  28. 28.
    Geetha K, Sreenath N (2014) Syn flooding attackidentification and analysis. In: 2014 International conference on information communication and embedded systems (ICICES), IEEE, pp 1–7Google Scholar
  29. 29.
    Verge A, Ezzati-Jivan N, Dagenais MR (2017) Hardware-assisted software event tracing. Concurrency Computat: Pract Exper 29:e4069. CrossRefGoogle Scholar
  30. 30.
    Nigam V, Jain S, Burse K (2014) Profile based scheme against ddosattack in wsn. In: 2014 Fourth international conference on communication systems and network technologies, pp 112–116Google Scholar
  31. 31.
    Ezzati-Jivan N, Dagenais M (2017) Multi-scale navigation of large trace data, a survey. Concurrency Computat: Pract Exper 29:e4068CrossRefGoogle Scholar
  32. 32.
    Venkata Ramana V, Shilpa Choudary P, Dhone MB (2011) Analysis and study of application layer distributed denial of service attacks for popular websites. International Journal of Computer Science and Telecommunications, vol 2Google Scholar
  33. 33.
    Shea R, Liu J (2013) Performance of virtual machines under networked de-nial of service attacks: experiments and analysis. IEEE Syst J 7(2):335–345CrossRefGoogle Scholar
  34. 34.
    Ye C, Zheng K (2011) Detection of application layer distributeddenial of service. In: 2011 International conference on computer science and network technology (ICCSNT), vol 1. IEEE, pp 310–314Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Ecole Polytechnique MontrealMontrealCanada
  2. 2.École de Technologie SupérieureMontrealCanada

Personalised recommendations