Visible to the public Machine Learning Based DDoS Attack Detection from Source Side in Cloud

TitleMachine Learning Based DDoS Attack Detection from Source Side in Cloud
Publication TypeConference Paper
Year of Publication2017
AuthorsHe, Z., Zhang, T., Lee, R. B.
Conference Name2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud)
ISBN Number978-1-5090-6644-5
Keywordscloud computing, cloud provider, cloud server hypervisor, composability, Computer crime, computer network security, DDoS Attack, DDoS attack detection, Denial of Service attacks, feature extraction, Human Behavior, learning (artificial intelligence), machine learning, machine learning algorithms, machine learning based DDoS attack detection, Metrics, network packages, Network security, network traffic, pubcrawl, Resiliency, Servers, statistical analysis, statistical information, telecommunication computing, virtual machine monitor, Virtual machine monitors, virtual machines, Virtual machining

Denial of service (DOS) attacks are a serious threat to network security. These attacks are often sourced from virtual machines in the cloud, rather than from the attacker's own machine, to achieve anonymity and higher network bandwidth. Past research focused on analyzing traffic on the destination (victim's) side with predefined thresholds. These approaches have significant disadvantages. They are only passive defenses after the attack, they cannot use the outbound statistical features of attacks, and it is hard to trace back to the attacker with these approaches. In this paper, we propose a DOS attack detection system on the source side in the cloud, based on machine learning techniques. This system leverages statistical information from both the cloud server's hypervisor and the virtual machines, to prevent network packages from being sent out to the outside network. We evaluate nine machine learning algorithms and carefully compare their performance. Our experimental results show that more than 99.7% of four kinds of DOS attacks are successfully detected. Our approach does not degrade performance and can be easily extended to broader DOS attacks.

Citation Keyhe_machine_2017