Combining Particle Swarm Optimization and Entropy to Detect DDoS Attacks in the Cloud Computing

Document Type : Original Article

Authors

1 Department of Computer Engineering, University of Rahjuyan Danesh Borazjan, Bushehr, Iran

2 Department of Computer Engineering, Liyan Institute of Education, Bushehr, Iran

3 Department of Computer Engineering, Bushehr Branch, Islamic Azad University, Bushehr, Iran

4 Department of Computer Engineering, Mahshahr Branch, Islamic Azad University, Mahshahr, Iran

Abstract

Cloud computing is an emerging technology that is widely used to provide computing, data storage services and other remote resources over the Internet.Availability of cloud services is one of the most important concerns of cloud service providers. While cloud services are mainly transmitted over the Internet, they are prone to various attacks that may lead to the leakage of sensitive information. Distributed Denial of Service (DDoS) attack is known as one of the most important security threats to the cloud computing environment. This attack is an explicit attempt by an attacker to block or deny access to shared services or resources in a cloud environment. This paper discusses a hybrid approach to dealing with DDoS attack in the cloud computing environment. This method highlights the importance of effective feature-based selection methods and classification models. Here, an entropy-based approach and particle swarm optimization to counter these attacks in a cloud computing environment is presented. Categorizing high-dimensional data usually requires selecting the attribute as a pre-processing step to reduce the size. However, selecting effective features is a challenging task, which in this paper uses particle swarm optimization. Here, the proposed classification model is developed based on the use of a balanced binary search tree and dictionary data structure. The simulation is based on the NSL-KDD and CICDDoS2019 datasets, which prove the superiority of the proposed method with an average detection accuracy of 99.84% over the AGA, E-SVM and AE-DNN algorithms.

Keywords


Agrawal, N. and Tapaswi, S. (2017), Published. "A lightweight approach to detect the low/high rate IP spoofed cloud DDoS attacks".  2017 IEEE 7th International Symposium on Cloud and Service Computing (SC2), 2017. IEEE, 118-123.
Agrawal, N., Tapaswi, S. J. I. C. S. and Tutorials (2019), "Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges", Vol. 21, No. 4, pp. 3769-3795.
Agrawal, N., Tapaswi, S. J. J. O. N. and Management, S. (2021), "An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment", Vol. 29, No. 2, pp. 1-28.
Bamakan, S. M. H., Wang, H., Yingjie, T. and Shi, Y. J. N. (2016), "An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization", Vol. 199, No., pp. 90-102.
Bawa, P. S., Rehman, S. U. and Manickam, S. J. I. J. a. C. S. A. (2017), "Enhanced mechanism to detect and mitigate economic denial of sustainability (EDoS) attack in cloud computing environments", Vol. 8, No. 9, pp. 51-58.
Bhardwaj, A., Mangat, V., Vig, R., Halder, S. and Conti, M. J. C. S. R. (2021), "Distributed denial of service attacks in cloud: State-of-the-art of scientific and commercial solutions", Vol. 39, No., pp. 100332.
Bhardwaj, A., Mangat, V. and Vig, R. J. I. A. (2020), "Hyperband Tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud", Vol. 8, No., pp. 181916-181929.
El-Sofany, H. F. J. I. J. O. I. E. and Systems (2020), "A New Cybersecurity Approach for Protecting Cloud Services against DDoS Attacks", Vol. 13, No. 2, pp. 205-215.
Ghalehgolabi, M., Rezaeipanah, A. J. I. J. O. C. a. T. and Research (2017), "Intrusion detection system using genetic algorithm and data mining techniques based on the reduction", Vol. 6, No. 11, pp. 461-466.
Ingre, B. and Yadav, A. (2015), Published. "Performance analysis of NSL-KDD dataset using ANN".  2015 international conference on signal processing and communication engineering systems, 2015. IEEE, 92-96.
Kanakarajan, N. K. and Muniasamy, K. (2016), Published. "Improving the accuracy of intrusion detection using gar-forest with feature selection".  Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015, 2016. Springer, 539-547.
Kholidy, H. a. J. F. G. C. S. (2021), "Detecting impersonation attacks in cloud computing environments using a centric user profiling approach", Vol. 117, No., pp. 299-320.
Osanaiye, O., Choo, K.-K. R., Dlodlo, M. J. J. O. N. and Applications, C. (2016), "Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework", Vol. 67, No., pp. 147-165.
Praseed, A., Thilagam, P. S. J. I. C. S. and Tutorials (2018), "DDoS attacks at the application layer: Challenges and research perspectives for safeguarding web applications", Vol. 21, No. 1, pp. 661-685.
Rastegari, S., Hingston, P. and Lam, C.-P. J. a. S. C. (2015), "Evolving statistical rulesets for network intrusion detection", Vol. 33, No., pp. 348-359.
Rezaeipanah, A., Mojarad, M. and Sechin Matoori, S. J. J. O. B. D. S. R. (2021), "Intrusion Detection in Computer Networks Through Combining Particle Swarm Optimization and Decision Tree Algorithms", Vol. 1, No. 1, pp. 14-22.
Saied, A., Overill, R. E. and Radzik, T. J. N. (2016), "Detection of known and unknown DDoS attacks using Artificial Neural Networks", Vol. 172, No., pp. 385-393.
Saisindhutheja, R. and Shyam, G. K. J. a. S. C. (2021), "An efficient metaheuristic algorithm based feature selection and recurrent neural network for DoS attack detection in cloud computing environment", Vol. 100, No., pp. 106997.
Shah, S. Q. A., Khan, F. Z. and Ahmad, M. J. C. N. (2021), "The impact and mitigation of ICMP based economic denial of sustainability attack in cloud computing environment using software defined network", Vol. 187, No., pp. 107825.
Shameli-Sendi, A., Pourzandi, M., Fekih-Ahmed, M., Cheriet, M. J. J. O. N. and Applications, C. (2015), "Taxonomy of distributed denial of service mitigation approaches for cloud computing", Vol. 58, No., pp. 165-179.
Sharafaldin, I., Lashkari, A. H., Hakak, S. and Ghorbani, A. A. (2019), Published. "Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy".  2019 International Carnahan Conference on Security Technology (ICCST), 2019. IEEE, 1-8.
Sharma, A., Agrawal, C., Singh, A. and Kumar, K. (2020), Real-time DDoS detection based on entropy using Hadoop framework. Computing in Engineering and Technology. Springer.
Shidaganti, G. I., Inamdar, A. S., Rai, S. V., Rajeev, A. M. J. I. J. O. C. A. and Computing (2020), "Scef: a model for prevention of ddos attacks from the cloud", Vol. 10, No. 3, pp. 67-80.
Somani, G., Gaur, M. S., Sanghi, D., Conti, M. and Buyya, R. J. C. C. (2017a), "DDoS attacks in cloud computing: Issues, taxonomy, and future directions", Vol. 107, No., pp. 30-48.
Somani, G., Gaur, M. S., Sanghi, D., Conti, M., Rajarajan, M. and Buyya, R. J. I. C. C. (2017b), "Combating DDoS attacks in the cloud: requirements, trends, and future directions", Vol. 4, No. 1, pp. 22-32.
Subashini, S., Kavitha, V. J. J. O. N. and Applications, C. (2011), "A survey on security issues in service delivery models of cloud computing", Vol. 34, No. 1, pp. 1-11.
Tavallaee, M., Bagheri, E., Lu, W. and Ghorbani, A. A. (2009), Published. "A detailed analysis of the KDD CUP 99 data set".  2009 IEEE symposium on computational intelligence for security and defense applications, 2009. Ieee, 1-6.
Yang, C. J. C. C. (2019), "Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment", Vol. 22, No. 4, pp. 8309-8317.
Zargar, S. T., Joshi, J., Tipper, D. J. I. C. S. and Tutorials (2013), "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks", Vol. 15, No. 4, pp. 2046-2069.
Volume 1, Issue 1
October 2021
Pages 33-43
  • Receive Date: 30 March 2021
  • Revise Date: 12 May 2021
  • Accept Date: 08 July 2021
  • First Publish Date: 08 July 2021