Abstract
Denial of service (DOS) attack is a serious threat in the cloud which causes unavailability of cloud services to genuine users. Firewalls alone are not able to detect DOS attack because of the dynamic nature of the attack and masked identity. This paper proposes a cloud-based DOS attack detection model (CDOSD) which is setup through key feature selection using a new binary version of Artificial bee colony optimization (BABCO) and decision tree (DT) classifier. The DT classifier is utilized because it has superior learning speed than other classification algorithms and BABCO is used for feature selection from the dataset. The real-time DOS attack tools are used to perform the attacks on cloud host. It has been observed that the CDOSD detects DOS attack on cloud host with high accuracy and a very low false positive rate. The features of the dataset are significantly reduced by BABCO which provides a low dimension of computation space for training and classification. The proposed scheme is also compared with the other existing models and found superior in performance. The proposed methodology may help the cloud service providers to design more secure cloud environment.
Graphical Abstract
Similar content being viewed by others
References
Shea, R., & Liu, J. (2013). Performance of virtual machines under networked denial of service attacks: Experiments and analysis. IEEE Systems Journal, 7(2), 335–345. https://doi.org/10.1109/JSYST.2012.2221998.
Somani, G., Gaur, M. S., Sanghi, D., & Conti, M. (2016). DDoS attacks in cloud computing: Collateral damage to non-targets. Computer Networks, 109, 157–171. https://doi.org/10.1016/j.comnet.2016.03.022.
Deshmukh, R. V., & Devadkar, K. K. (2015). Understanding DDoS attack and its effect in cloud environment. In Procedia computer science (Vol. 49, pp. 202–210). https://doi.org/10.1016/j.procs.2015.04.245.
Xiao, L., Wei, W., Yang, W., Shen, Y., & Wu, X. (2017). A protocol-free detection against cloud oriented reflection DoS attacks. Soft Computing, 21(13), 3713–3721. https://doi.org/10.1007/s00500-015-2025-6.
Darwish, M., Ouda, A., & Capretz, L. F. (2015). A cloud-based secure authentication (CSA) protocol suite for defense against denial of service (DoS) attacks. Journal of Information Security and Applications, 20, 90–98. https://doi.org/10.1016/j.jisa.2014.12.001.
Darwish, M., & Ouda, A. (2017). An enhanced cloud-based secure authentication (ECSA) protocol suite for prevention of denial-of-service (DoS) attacks. International Journal on Future Revolution in Computer Science & Communication Engineering, 3(11), 485–496.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks. IEEE Communications Surveys and Tutorials, 15(4), 2046–2069. https://doi.org/10.1109/SURV.2013.031413.00127.
Carlin, A., Hammoudeh, M., & Aldabbas, O. (2015). Defence for distributed denial of service attacks in cloud computing. In Procedia computer science (Vol. 73, pp. 490–497). https://doi.org/10.1016/j.procs.2015.12.037.
Balobaid, A., Alawad, W., & Aljasim, H. (2016). A study on the impacts of DoS and DDoS attacks on cloud and mitigation techniques. In International conference on computing, analytics and security trends, CAST 2016 (pp. 416–421). https://doi.org/10.1109/cast.2016.7915005.
Bahaweres, R. B., Sharif, J., & Alaydrus, M. (2016). Building a private cloud computing and the analysis against DoS (denial of service) attacks: Case study at SMKN 6 Jakarta. In Proceedings of 2016 4th international conference on cyber and IT service management, CITSM 2016. https://doi.org/10.1109/citsm.2016.7577583.
Vidal, J. M., Orozco, A. L. S., & Villalba, L. J. G. (2018). Adaptive artificial immune networks for mitigating DoS flooding attacks. Swarm and Evolutionary Computation, 38, 94–108. https://doi.org/10.1016/j.swevo.2017.07.002.
Osanaiye, O., Choo, K. K. R., & Dlodlo, M. (2016). Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework. Journal of Network and Computer Applications, 67, 147–165. https://doi.org/10.1016/j.jnca.2016.01.001.
Mishra, P., Pilli, E. S., Varadharajan, V., & Tupakula, U. (2017). Out-VM monitoring for malicious network packet detection in cloud. In ISEA Asia security and privacy conference 2017, ISEASP 2017(pp. 1–10). https://doi.org/10.1109/iseasp.2017.7976995.
Gupta, S., Kumar, P., & Abraham, A. (2013). A profile based network intrusion detection and prevention system for securing cloud environment. International Journal of Distributed Sensor Networks. https://doi.org/10.1155/2013/364575.
Kshirsagar, D., Rathod, A., & Wathore, S. (2016). Performance analysis of DoS LAND attack detection. Perspectives in Science, 8, 4–6. https://doi.org/10.1016/j.pisc.2016.06.074.
Pradeepthi, K. V., & Kannan, A. (2015). Cloud attack detection with intelligent rules. KSII Transactions on Internet and Information Systems, 9(10), 4204–4222. https://doi.org/10.3837/tiis.2015.10.025.
Varalakshmi, P., & Selvi, S. T. (2013). Thwarting DDoS attacks in grid using information divergence. Future Generation Computer Systems, 29(1), 429–441. https://doi.org/10.1016/j.future.2011.10.012.
Schiezaro, M., & Pedrini, H. (2013). Data feature selection based on Artificial bee colony algorithm. EURASIP Journal on Image and Video Processing, 2013(1), 47. https://doi.org/10.1186/1687-5281-2013-47.
Karaboga, D. (2005). An idea based on honey bee swarm for numerical optimization. Technical Report TR06, Erciyes University, Engineering Faculty, Computer Engineering Department.
Karaboga, D., & Akay, B. (2009). A comparative study of Artificial bee colony algorithm. Applied Mathematics and Computation, 214(1), 108–132. https://doi.org/10.1016/j.amc.2009.03.090.
Modi, C., Patel, D., Borisanya, B., Patel, A., & Rajarajan, M. (2012). A novel framework for intrusion detection in cloud. In Proceedings of the fifth international conference on security of information and networks (pp. 67–74). https://doi.org/10.1145/2388576.2388585.
Mining, W. I. D. (2006). Data mining: Concepts and techniques. Burlington: Morgan Kaufinann.
Akashdeep, Manzoor, I., & Kumar, N. (2017). A feature reduced intrusion detection system using ANN classifier. Expert Systems with Applications, 88, 249–257. https://doi.org/10.1016/j.eswa.2017.07.005.
Kabir, M. R., Onik, A. R., & Samad, T. (2017). A network intrusion detection framework based on Bayesian network using wrapper approach. International Journal of Computer Applications, 166(4), 13–17. https://doi.org/10.5120/ijca2017913992.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Seth, J.K., Chandra, S. An Effective DOS Attack Detection Model in Cloud Using Artificial Bee Colony Optimization. 3D Res 9, 44 (2018). https://doi.org/10.1007/s13319-018-0195-6
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13319-018-0195-6