Machine Learning Based DDoS Attack Detection from Source Side in Cloud

Zecheng He, Tianwei Zhang, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

150 Scopus citations

Abstract

Denial of service (DOS) attacks are a serious threat to network security. These attacks are often sourced from virtual machines in the cloud, rather than from the attacker's own machine, to achieve anonymity and higher network bandwidth. Past research focused on analyzing traffic on the destination (victim's) side with predefined thresholds. These approaches have significant disadvantages. They are only passive defenses after the attack, they cannot use the outbound statistical features of attacks, and it is hard to trace back to the attacker with these approaches. In this paper, we propose a DOS attack detection system on the source side in the cloud, based on machine learning techniques. This system leverages statistical information from both the cloud server's hypervisor and the virtual machines, to prevent network packages from being sent out to the outside network. We evaluate nine machine learning algorithms and carefully compare their performance. Our experimental results show that more than 99.7% of four kinds of DOS attacks are successfully detected. Our approach does not degrade performance and can be easily extended to broader DOS attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017
EditorsMeikang Qiu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages114-120
Number of pages7
ISBN (Electronic)9781509066438
DOIs
StatePublished - Jul 20 2017
Event4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017 - New York, United States
Duration: Jun 26 2017Jun 28 2017

Publication series

NameProceedings - 4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017

Other

Other4th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2017 and 3rd IEEE International Conference of Scalable and Smart Cloud, SSC 2017
Country/TerritoryUnited States
CityNew York
Period6/26/176/28/17

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture

Keywords

  • Cloud Computing
  • Cloud Provider
  • DDOS attack
  • Machine Learning
  • Virtual Machine Monitor

Fingerprint

Dive into the research topics of 'Machine Learning Based DDoS Attack Detection from Source Side in Cloud'. Together they form a unique fingerprint.

Cite this