Distributed denial of service attack detection in cloud computing using hybrid extreme learning machine

One of the major security challenges in cloud computing is distributed denial of service (DDoS) attacks. In these attacks, multiple nodes are used to attack the cloud by sending huge traffic. This results in the unavailability of cloud services to legitimate users. In this research paper, a hybrid machine learning-based technique has been proposed to detect these attacks. The proposed technique is implemented by combining the extreme learning machine (ELM) model and the blackhole optimization algorithm. Various experiments have been performed with the help of four benchmark datasets namely, NSL KDD, ISCX IDS 2012, CICIDS2017, and CICDDoS2019, to evaluate the performance of our proposed technique. It achieves an accuracy of 99.23%, 92.19%, 99.50%, 99.80% with NSL KDD, ISCX IDS 2012, CICIDS2017, and CICDDoS2019, respectively. The performance comparison with other techniques based on ELM, artificial neural network (ANN) trained with blackhole optimization, backpropagation ANN, and other state-of-the-art techniques is also performed.

PDF

___

[1] Armbrust M, Fox A, Griffith R, Joseph AD, Katz R et al. A view of cloud computing. Communications of the ACM 2010; 53 (4): 50-8. doi: 10.1145/1721654.1721672
[2] Lau F, Rubin SH, Smith MH, Trajkovic L. Distributed denial of service attacks. In: IEEE 2000 International Conference on Systems, Man and Cybernetics; Nashville, TN, USA; 2000. pp. 2275-2280.
[3] Huang GB, Zhu QY, Siew CK. Extreme learning machine: a new learning scheme of feedforward neural networks. Neural networks 2004; 2: 985-990. doi: 10.1109/IJCNN.2004.1380068
[4] Deng C, Huang G, Xu J, Tang J. Extreme learning machines: new trends and applications. Science China Information Sciences 2015; 58(2): 1-16. doi: 10.1007/s11432-014-5269-3
[5] Hatamlou A. Black hole: A new heuristic optimization approach for data clustering. Information sciences 2013; 222: 175-184. doi: 10.1016/j.ins.2012.08.023
[6] Kumar J, Singh AK. Dynamic resource scaling in cloud using neural network and black hole algorithm. In: IEEE 2016 Fifth International Conference on Eco-friendly Computing and Communication Systems (ICECCS); Bhopal, India; 2016. pp. 63-67.
[7] Kushwah GS, Ali ST. Detecting DDoS attacks in cloud computing using ANN and black hole optimization. In: IEEE 2017 2nd International Conference on Telecommunication and Networks (TEL-NET); Noida, India; 2017. pp. 1-5.
[8] Hatamlou A. Solving travelling salesman problem using black hole algorithm. Soft Computing 2018; 22(24): 8167- 8175. doi: 10.1007/s00500-017-2760-y
[9] Agrawal N, Tapaswi S. Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: Stateof-the-Art and Research Challenges. IEEE Communications Surveys & Tutorials 2019; 21(4): 3769-3795. doi: 10.1109/COMST.2019.2934468
[10] Kushwah GS, Ranga V. Distributed Denial of Service Attacks and Defense in Cloud Computing. In: Singh S, Sharma RM (editor). Handbook of Research on the IoT, Cloud Computing, and Wireless Network Optimization. IGI Global, 2019, pp. 41-59.
[11] Tavallaee M, Bagheri E, Lu W, Ghorbani AA. A detailed analysis of the KDD CUP 99 data set. In: IEEE 2009 Symposium on Computational Intelligence for Security and Defense Applications; Ottawa, ON, Canada; 2009. pp. 1-6.
[12] Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. computers & security 2012; 31(3): 357-374. doi: 10.1016/j.cose.2011.12.012
[13] Rakha MA. On the Moore–Penrose generalized inverse matrix. Applied Mathematics and Computation 2004; 158(1): 185-200. doi: 10.1016/j.amc.2003.09.004
[14] ELM Origin (2004). ELM Origin [online]. Website https://elmorigin.wixsite.com/originofelm [accessed 01 March 2020]
[15] Wang LP, Wan CR. Comments on ”The extreme learning machine”. IEEE Transactions on Neural Networks 2008; 19(8): 1494-1495. doi: 10.1109/TNN.2008.2002273
[16] Huang GB. Reply to “comments on “the extreme learning machine””. IEEE Transactions on Neural Networks 2008; 19(8): 1495-1496. doi: 10.1109/TNN.2008.2002275
[17] Huang GB. What are extreme learning machines? Filling the gap between Frank Rosenblatt’s dream and John von Neumann’s puzzle. Cognitive Computation 2015; 7(3): 263-278. doi: 10.1007/s12559-015-9333-0
[18] Roschke S, Cheng F, Meinel C. An extensible and virtualization-compatible IDS management architecture. In: IEEE 2009 Fifth International Conference on Information Assurance and Security; Xi’an, China; 2009. pp. 130-134.
[19] Lo CC, Huang CC, Ku J. A cooperative intrusion detection system framework for cloud computing networks. In: IEEE 2010 39th International Conference on Parallel Processing Workshops; San Diego, CA, USA; 2010. pp. 280-284.
[20] Bakshi A, Dujodwala YB. Securing cloud from ddos attacks using intrusion detection system in the virtual machine. In: IEEE 2010 Second International Conference on Communication Software and Networks; Singapore; 2010. pp. 260-264.
[21] Modi CN, Patel DR, Patel A, Rajarajan M. Integrating signature apriori based network intrusion detection system (NIDS) in cloud computing. Procedia Technology 2012; 6: 905-912. doi: 10.1016/j.protcy.2012.10.110
[22] De LHE, Ortiz A, Ortega J, Prieto B. PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 2015; 164: 71-81. doi: 10.1016/j.neucom.2014.09.083
[23] Sabar NR, Yi X, Song A. A bi-objective hyper-heuristic support vector machines for big data cyber-security. IEEE Access 2018; 6: 10421-10431. doi: 10.1109/ACCESS.2018.2801792
[24] Idhammad M, Afdel K, Belouch M. Semi-supervised machine learning approach for DDoS detection. Applied Intelligence 2018; 48(10): 3193-3208. doi: 10.1007/s10489-018-1141-2
[25] Ji SY, Jeong BK, Choi S, Jeong DH. A multi-level intrusion detection method for abnormal network behaviors. Journal of Network and Computer Applications 2016; 62: 9-17. doi: 10.1016/j.jnca.2015.12.004
[26] Ashfaq RAR, Wang XZ, Huang JZ, Abbas H, He YL. Fuzziness based semi-supervised learning approach for intrusion detection system. Information Sciences 2017; 378: 484-497. doi: 10.1016/j.ins.2016.04.019
[27] Yin C, Zhu Y, Fei J, He X. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 2017; 5:21954-21961. doi: 10.1109/ACCESS.2017.2762418
[28] Vinayakumar R, Alazab M, Soman KP, Poornachandran P, Al-Nemrat A et al. Deep learning approach for the intelligent intrusion detection system. IEEE Access 2019; 7: 41525-41550. doi: 10.1109/ACCESS.2019.2895334
[29] Yang Y, Zheng K, Wu C, Niu X, Yang Y. Building an effective intrusion detection system using the modified density peak clustering algorithm and deep belief networks. Applied Sciences 2019; 9(2): 238. doi: 10.3390/app9020238
[30] Javaid A, Niyaz Q, Sun W, Alam M. A deep learning approach for network intrusion detection system. In: 2016 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS); New York City, United States; 2016. pp. 21-26.
[31] Dash T. A study on intrusion detection using neural networks trained with evolutionary algorithms. Soft Computing 2017; 21(10): 2687-2700. doi: 10.1007/s00500-015-1967-z
[32] Kushwah GS, Ali ST. Distributed denial of service attacks detection in cloud computing using extreme learning machine. International Journal of Communication Networks and Distributed Systems 2019; 23(3): 328-351. doi: 10.1504/IJCNDS.2019.101915
[33] Dou W, Chen Q, Chen J. A confidence-based filtering method for DDoS attack defense in cloud environment. Future Generation Computer Systems 2013; 29(7): 1838-1850. doi: 10.1016/j.future.2012.12.011
[34] Negi P, Mishra A, Gupta BB. Enhanced CBF Packet Filtering Method to Detect DDoS Attack in Cloud Computing Environment. International Journal of Computer Science Issues (IJCSI) 2013; 10(2): 142-146.
[35] Aborujilah A, Musa S. Cloud-based DDoS HTTP attack detection using covariance matrix approach. Journal of Computer Networks and Communications 2017; doi: 10.1155/2017/7674594
[36] Karimpour J, Lotfi S, Siahmarzkooh AT. Intrusion detection in network flows based on an optimized clustering criterion. Turkish Journal of Electrical Engineering & Computer Sciences 2017; 25(3): 1963-1975. doi: 10.3906/elk1601-105
[37] Tripathi N, Hubballi N. Slow rate denial of service attacks against HTTP/2 and detection. Computers & security 2018; 72: 255-272. doi: 10.1016/j.cose.2017.09.009
[38] David J, Thomas C. Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Computers & Security 2019; 82: 284-295. doi: 10.1016/j.cose.2019.01.002
[39] Wang B, Zheng Y, Lou W, Hou YT. DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks 2015; 81: 308-319. doi: 10.1016/j.comnet.2015.02.026
[40] Joldzic O, Djuric Z, Vuletic P. A transparent and scalable anomaly-based DoS detection method. Computer Networks 2016; 104: 27-42. doi: 10.1016/j.comnet.2016.05.004
[41] Buragohain C, Medhi N. FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers. In: IEEE 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN); Noida, India; 2016. pp. 519-524.
[42] Hong K, Kim Y, Choi H, Park J. SDN-assisted slow HTTP DDoS attack defense method. IEEE Communications Letters 2017; 22(4): 688-691. doi: 10.1109/LCOMM.2017.2766636
[43] Tsai SC, Liu IH, Lu CT, Chang CH, Li JS. Defending cloud computing environment against the challenge of DDoS attacks based on software defined network. In: 2017 Advances in Intelligent Information Hiding and Multimedia Signal Processing; Kaohsiung, Taiwan; 2017. pp. 285-292.
[44] Kholidy HA, Baiardi F. CIDS: A framework for intrusion detection in cloud systems. In: IEEE 2012 Ninth International Conference on Information Technology-New Generations; Las Vegas, NV, USA; 2012. pp. 379-385.
[45] Modi CN, Patel DR, Patel A, Muttukrishnan R. Bayesian Classifier and Snort based network intrusion detection system in cloud computing. In: IEEE 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT’12); Coimbatore, India; 2012. pp. 1-7.
[46] Modi C, Patel D, Borisanya B, Patel A, Rajarajan M. A novel framework for intrusion detection in cloud. In: 2012 Fifth International conference on security of information and networks; Jaipur, India; 2012. pp. 67-74.
[47] Modi CN, Patel D. A novel hybrid-network intrusion detection system (H-NIDS) in cloud computing. In: IEEE 2013 Symposium on Computational Intelligence in Cyber Security (CICS); Singapore; 2013. pp. 23-30.
[48] Kim G, Lee S, Kim S. A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Systems with Applications 2014; 41(4): 1690-1700. doi: 10.1016/j.eswa.2013.08.066
[49] Sharafaldin I, Lashkari AH, Ghorbani AA. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: 2018 4th International Conference on Information Systems Security and Privacy (ICISSP); Funchal, Madeira, Portugal; 2018. pp. 108-116.
[50] Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA. Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. In: IEEE 2019 International Carnahan Conference on Security Technology (ICCST); Chennai, India; 2019. pp. 1-8.
[51] Kushwah GS, Ranga V. Voting extreme learning machine based distributed denial of service attack detection in cloud computing. Journal of Information Security and Applications 2020; 53: 102532. doi: 10.1016/j.jisa.2020.102532