Abstract
The overwhelming of the request flow beyond the target server capacity leads to the service denial to the legitimate users. Because of the server’s oversized potential, the act of flooding requests beyond the server capacity is carried by the malicious attackers from distributed environment called distributed denial-of-service attack. Hence, applying the knowledge gained from the findings of previous request distributions research works seems to be the suitable strategy to cease the DDOS attacks. This strategy indispensable limitation is skipping to detect the new patterns of request flooding dug by the attacker at the server from the previous knowledge on earlier attack distribution patterns. Therefore, this paper endeavors to contribute on how to handle the limitation by proposing a novel-trained ensemble classifier with new features which reflects in the traffic-flow properties, so that the traffic-flow tuple shows distribution diversity from each other which is considered and attached to individual classifier. With the application of KS test, the proposed model tries to find the distribution diversity among the traffic-flow tuples using the features set. Later, the similar policy is used to discover the distribution resemblance amid the renewed tuple as well as the tuples involved to the multiple classifiers in the ensemble classification model. The experiment worked out on the voluminous traffic flow with visible distribution variety.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bhuyan MH, Bhattacharyya DK, Kalita JK (2015) An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn Lett 51(C):1–7
Palmieri F, Ricciardi S, Fiore U, Ficco M, Castiglione A (2015) Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures. J Supercomput 71(5):1620–1641
Yan Q, Yu FR, Gong Q, Li J (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutorials 18(1):602–622
Najafabadi MM, Khoshgoftaar TM, Napolitano A, Wheelus C (2016) RUDY attack: detection at the network level and its important features. In: FLAIRS conference, 30 Mar 2016, pp 288–293
Prasad KM, Reddy AR, Rao KV (2017) BIFAD: bio-inspired anomaly-based HTTP-flood attack detection. Wirel Pers Commun 97(1):281–308
Vivin Sandar S, Shenai S (2012) Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks. Int J Comput Appl 41(20)
Alkasassbeh M, Al-Naymat G, Hassanat AB, Almseidin M (2016) Detecting distributed denial of service attacks using data mining techniques. Int J Adv Comput Sci Appl 7(1)
Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol (ESRSA Publications)
Ghasemi A, Zahediasl S (2012) Normality tests for statistical analysis: a guide for non-statisticians. Int J Endocrinol Metab 10(2):486
Bai Y, Kobayashi H (2003) Intrusion detection systems: technology and development. In: 17th international conference on advanced information networking and applications 2003. AINA 2003, 27 Mar 2003. IEEE, pp 710–715
KDDdataset (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
The CAIDA (2007) DDoS attack 2007, Dataset Paul Hick, Emile Aben, KC Claffy, Josh Polterock. Available from http://www.caida.org/data/passive/ddos20070804dataset.xml
CAIDA UCSD Network Telescope, Three days of conficker—Nov 2008, Paul Hick, Emile Aben, Dan Andersen, KC Claffy. Available from http://www.caida.org/data/passive/telescope-3days-conficker_dataset.xml
Behal S, Kumar K (2017) Characterization and comparison of DDoS attack tools and traffic generators: a review. IJ Netw Secur 19(3):383–393
Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on Security and privacy (SP), 16 May 2010. IEEE, pp 305–316
Badve OP, Gupta BB (2016) Taxonomy of recent DDoS attack prevention, detection, and response schemes in cloud environment. In: Proceedings of the international conference on recent cognizance in wireless communication & image processing 2016. Springer, New Delhi, pp 683–693
Kiran S, Mohapatra A, Swamy R (2015) Experiences in performance testing of web applications with unified authentication platform using Jmeter. In: 2015 international symposium on technology management and emerging technologies (ISTMET), 25 Aug 2015. IEEE, pp 74–78
Powers DM (2011) Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation
An TK, Kim MH (2010) A new diverse AdaBoost classifier. In: 2010 international conference on artificial intelligence and computational intelligence (AICI), 23 Oct 2010, vol 1. IEEE, pp 359–363
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Munivara Prasad, K., Samba Siva, V., Krishna Kishore, P., Sreenivasulu, M. (2019). DITFEC: Drift Identification in Traffic-Flow Streams for DDoS Attack Defense Through Ensemble Classifier. In: Peng, SL., Dey, N., Bundele, M. (eds) Computing and Network Sustainability. Lecture Notes in Networks and Systems, vol 75. Springer, Singapore. https://doi.org/10.1007/978-981-13-7150-9_32
Download citation
DOI: https://doi.org/10.1007/978-981-13-7150-9_32
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-7149-3
Online ISBN: 978-981-13-7150-9
eBook Packages: EngineeringEngineering (R0)