CHAPTER 5 CONCLUSION

5.2 Future Work

As part of the future work of this thesis, we will employ more types of possible DDoS attacks in our dataset. We are planning to implement the proposed detection system for real-time attack traffic detection to mitigate the security challenges in cloud.

75

Moreover, a mitigation engine is planned which would complete our system and can provide a holistic approach towards detecting and mitigating a DDoS attack. The existing system would work as it is and detect DDoS attack but upon detection of an attack, the entire traffic would be re-routed to another application on an external server. This application would receive all the packets and try to mitigate the attack by keeping the target server up at all times without the disruption of service for legitimate users. This can be done by dropping all the packets which have been categorized as attack packets and forwarding only the normal packets to the target server. This may cause some delays on the server side to serve the request but can defeat the attacker by keeping the server up and running.

76

REFERENCES

[1] Deshmukh, R. V., and Devadkar, K. K., “Understanding DDoS Attack & its Effect in Cloud Environment,” in Procedia Computer Science, vol 49, no. 1, pp. 202-210, 2015.

[2] Whitman, H. M. M., “Principles of Information Security, Course Technology,” 4th edition, 2011.

[3] Matta, V., Mauro, M. D., and Longo, M., "DDoS attacks with randomized traffic innovation: botnet identification challenges and strategies," IEEE Transactions on Information Forensics and Security, vol. 2017, no. 8, pp. 1844-1859, 2017.

[4] Knecht, T., 5 Biggest DDoS Attacks of the Past Decade, [Online]. Available:

https://www.abusix.com/blog/5-biggest-ddos-attacks-of-the-past-decade

[5] Felter, B., 5 of the Most Famous Recent DDoS Attacks [Online]. Available:

https://www.vxchnge.com/blog/recent-ddos-attacks-on-companies

[6] Gupta, A., Distributed Denial of Service Attack Detection Using a Machine Learning Approach, M.Sc. Engg. Thesis, Department of Computer Science, University of Calgary, 2018.

[7] Mahjabin, T., and Xiao, Y., “Mitigation Process for DNS Flood Attacks,” in the Proceedings of 16^th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 1-2, 2019.

[8] Geelan, J., (2009) Twenty-One Experts Define Cloud Computing. Virtualization Journal.

[9] Bogdanoski, M.S., T. Risteski, A., Analysis of the SYN Flood DoS Attack. Computer Network and Information Security 2013(MECS).

[10] Mell, P., and Grance, T., “The NIST Definition of Cloud Computing 2011,” National Institute of Standards and Technology.

[11] Furht, B., and Escalante, A., “Handbook of Cloud Computing.” in Springer, p. 634, 2010.

77

[12] Kaspersky Labs, Global IT security risks survey 2014 – distributed denial of service (DDoS) attacks, 2014, [Online]. Available: http://media.kaspersky.com/en/B2B- International-2014-Survey-DDoS-Summary-Report.pdf

[13] Nelson, P., Cybercriminals moving into cloud big time, report says, 2015, 2014, [Online]. Available: http://www.networkworld.com/article/2900125/malware- cybercrime/criminals-/moving-into-cloud-big-time-says-report.html

[14] Seals, T., Q1 2015 DDoS Attack Spike, Targeting Cloud [Online]. Available:

https://www.infosecurity-magazine.com/news/q1-2015-ddos-attacks-spike

[15] SPAM fighter News, Survey - with DDoS attacks companies lose around Euro 100k/Hr, 2015, [Online]. Available: http://www.spamfighter.com/News-19554- Survey-WithDDoS-/Attacks-Companies-Lose-around-100kHr.htm

[16] Cohen, R., Cloud attack: economic denial of sustainability (EDoS), 2009, [Online].

Available: http: //www.elasticvapor.com/2009/01/cloud-attack-economic-denial- of.html

[17)] Somani, G., Gaur, M. S., Sanghi, D., Conti, M., and Buyya, R., “DDoS attacks in cloud computing: Issues, taxonomy, and future directions,” in Computer Communications, vol. 107, pp. 30-48, Jul, 2017.

[18] Stillwell, M., Schanzenbach, D., Vivien, F., and Casanova, H., “Resource allocation algorithms for virtualized service hosting platforms,” in Journal of Parallel and Distributed Computing, vol. 70, no. 9, pp. 962–974, 2010.

[19] Idziorek , J., and Tannian, M., “Exploiting cloud utility models for profit and ruin,” in the Proceedings of 4th IEEE International Conference on Cloud Computing, pp. 33–

40, 2011.

[20] Santanna, J. J., Rijswijk-Deij, R. V., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L. Z., Pras, A., “Bootersan analysis of DDoS-as-a-service attacks,” in IFIP/IEEE International Symposium on Integrated Network Management, pp. 243–

251, 2015.

[21] Beloglazov, A., and Buyya, R., “Optimal online deterministic algorithms and adaptive heuristics for energy and performance efficient dynamic consolidation of virtual

78

machines in cloud data centers,” in Concurrency and Computation Practice and Experience, vol. 24, no. 13, pp. 1397–1420, 2012.

[22] TagMan, Just one second delay in page-load can cause 7% loss in customer conversions, 2013, [Online]. Available: http://www.tagman.com/mdp- blog/2012/03/just-onesecond-delay-in-page-load-can-cause-7-loss-in-customer- conversions

[23] Somani, G., Gaur, M. S., Sanghi, D., Conti, M., “DDoS attacks in cloud computing:

collateral damage to non-targets,” in Computer Networks vol. 109, no. 2, pp. 157–171, Nov. 2016.

[24] Kortepeter, D., Destructive ddos attacks increasing at a rapid rate. Dec. 2017, [Online].

Available: http://techgenix.com/ddos-attacks-increasing

[25] Bellovin, S. M., “A look back at security problems in the tcp/ip protocol suite,”

in the Proceedings of 20th Annual Computer Security Applications Conference, pp 229–249, Dec 2004.

[26] Dunham, K., and Melnick, J., “Malicious Bots: An Inside Look into the Cyber-Criminal Underground of the Internet,” in Introduction to Bots, CRC Press, chapter 1, Aug. 2008.

[27] Tsai, H., Siebenhaar, M., Miede, A., Huang, Y., and Steinmetz, R., "Threat as a Service?: Virtualization's Impact on Cloud Security," in IT Professional, vol. 14, no.

1, pp. 32-37, Jan.-Feb. 2012.

[28] Wang, A., Mohaisen, A., Chang, W., & Chen, S. (2015, June). Delving into internet DDoS attacks by botnets: characterization and analysis. In Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on (pp. 379- 390).

[29] Caglayan, A., Toothaker, M., Drapeau, D., Burke, D., and Eaton, G., “Behavioral analysis of botnets for Threat Intelligence.” in Information Systems and E-Business Management, vol. 10, no. 4, pp. 491-519, 2012.

[30] Arbor Networks, “Worldwide Infrastructure Security Report” in DDoS Threat Landscape- APNIC Conference, 2016.

79

[31] Riverhead Networks, “DDoS Mitigation: Maintaining Business Continuity in the Face of Malicious Attacks,” Cisco, 2004.

[32] Praseed, A., and Thilagam, P. S., “DDoS Attacks at the Application Layer: Challenges and Research Perspectives for Safeguarding Web Applications,” in IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 661–685, Sep. 2018.

[33] Balobaid, A., Alawad, W., and Aljasim, H., "A study on the impacts of DoS and DDoS attacks on cloud and mitigation techniques." in International Conference on Computing, Analytics and Security Trends (CAST), pp. 416-421, 2016.

[34] Nam, S. Y., and Lee, T., “Memory-efficient IP filtering for countering DDoS attacks,”

in Proceedings of the 12th Asia-Pacific Network Operations and Management Conference on Management Enabling the Future Internet for Changing Business and New Computing Services, APNOMS’09, pp. 301–310, 2009.

[35] Buczak, A., and Guven, E., "A survey of data mining and machine learning methods for cyber security intrusion detection." in IEEE Communications Surveys & Tutorials, vol 18, no. 2, pp. 1153-1176, 2016.

[36] Salmen, F., Hernandes, P. G., Carvalho, L. F., and Proenca, M. L., “Using Firefly and Genetic Metaheuristics for Anomaly Detection based on Network Flows,” in the Proceedings of 11^th Advanced International Conference on Telecommunications (AICT), 2015.

[37] Bhuyan, M. H., Bhattacharyya, D. K., and Kalita, J. K., “Network anomaly detection:

methods, systems and tools,” in IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 303–336, 2014.

[38] Meng, W., Li, W., Su, C., Zhou, J., and Lu, R., “Enhancing trust management for wireless intrusion detection via traffic sampling in the era of big data,” in IEEE Access, vol. 6, pp. 7234–7243, 2017.

[39] Singh, K., Singh, P., and Kumar, K., “Application layer HTTPGET flood DDoS attacks: research landscape and challenges,” in Computers & Security, vol. 65, pp.

344–372, 2017.

80

[40] Masdari, M., and Jalali, M., “A Survey and Taxonomy of DoS Attacks in Cloud Computing,” 2016, [Online]. Available: http://onlinelibrary.wiley.com/doi/

10.1002/sec.1539/epdf.

[41] Singh, R., Prasad, A., Moven, R., and Samra, H., “Denial of service attack in wireless data network: a survey. devices for integrated circuit,” in Proceedings of the 2017 Devices for Integrated Circuit (DevIC), pp. 23-24, Mar. 2017.

[42] Zuech, R., Khoshgoftaar, T. M., and Wald, R., “Intrusion detection and big heterogeneous data: a survey,” in Journal of Big Data, vol. 2, no. 1, 2015.

[43] Zargar, S. T., Joshi, J., and Tipper, D., “A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks,” in IEEE Communications Surveys and Tutorials, vol. 15, no. 4, pp. 2046–2069, 2013.

[44] Chang, R. K. C., “Defending against flooding-based distributed denial-of-service attacks: a tutorial,” in IEEE Communications Magazine, vol. 40, no. 10, pp. 42–51, 2002.

[45] Jazi, H. H., Gonzalez, H., Stakhanova, N., and Ghorbani, A. A., “Detecting HTTP- based application layer DoS attacks on web servers in the presence of sampling,” in Computer Networks, vol. 121, pp. 25–36, 2017.

[46] Behal, S., Kumar, K., and Sachdeva, M., “D-face: an anomaly based distributed approach for early detection of DDoS attacks and flash events,” in Journal of Network and Computer Applications, vol. 111, pp. 49–63, 2018.

[47] Simpson, S., Shirazi, S. N., Marnerides, A., Jouet, S., Pezaros, D., and Hutchison, D.,

“An inter-domain collaboration scheme to remedy DDoS attacks in computer networks,” in IEEE Transactions on Network and Service Management, vol. 15, no.

3, pp. 879–893, 2018.

[48] Wang, C., Miu, T. T. N., Luo, X., and Wang, J., “SkyShield: a sketch-based defense system against application layer DDoS attacks,” in IEEE Transactions on Information Forensics and Security, vol. 13, no. 3, pp. 559–573, 2018.

81

[49] Liu, Z., Cao, Y., Zhu, M., and Ge, W., “Umbrella: enabling ISPs to offer readily deployable and privacy-preserving DDoS prevention services,” in IEEE Transactions on Information Forensics and Security, vol. 14, no. 4, pp. 1098–1108, 2019.

[50] Khor, S. H., and Nakao, A., “sPoW: On-demand cloud-based EDDoS mitigation mechanism,” in 5^th Workshop on Hot Topics in System Dependability (HotDep), 2009.

[51] Green, J., Juen, J., Fatemieh, O., Shankesi, R., Jin, D., and Gunter, C. A.,

“Reconstructing Hash Reversal based Proof of Work Schemes,” in 4th USENIX conference on Large-scale exploits and emergent threats (LEET), p. 10, Mar. 2011.

[52] Chonka, A., Xiang, Y., Zhou, W., and Bonti, A., “Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks,” in Journal of Network and Computer Applications, vol. 34, pp. 1097-1107, 2011.

[53] Belenky, A., and Ansari, N., “On deterministic packet marking,” in Computer Networks, vol. 51, pp. 2677-2700, 2007.

[54] Joshi, B., Vijayan, A. S., and Joshi, B. K., “Securing cloud computing environment against DDoS attacks,” in IEEE International Conference on Computer Communication and Informatics (ICCCI), January, 2012, pp. 1-5, 2012.

[55] Horikawa, S. I., Furuhashi, T., and Uchikawa, Y., “On fuzzy modeling using fuzzy neural networks with the back-propagation algorithm,” in IEEE transactions on Neural Networks, vol. 3, pp. 801-806.

[56] Popovic, K., and Hocenski, Z., “Cloud computing security issues and challenges,” in 33rd International Convention MIPRO, IEEE Xplore Press, Opatija, pp: 344-349, May, 2010.

[57] Sqalli, M. H., Al-Haidari, F., and Salah, K., “EDoS-shield-a two-steps mitigation technique against EDoS attacks in cloud computing”, in 4^th IEEE International Conference on Utility and Cloud Computing (UCC), 2011.

[58] Gao, Y., Feng, Y., Kawamoto, J., Sakurai, K., “A machine learning based approach for detecting DRDoS attacks and its performance evaluation,” in 11th Asia Joint Conference on Information Security (AsiaJCIS), pp. 80–86, 2016.

82

[59] Singh, N. A., Singh, K. J., De, T., “Distributed denial of service attack detection using Naive Bayes classifier through info gain feature selection,” in International Conference on Informatics and Analytics, p. 54, 2016.

[60] Azab, A., Alazab, M., Aiash, M., “Machine learning based botnet identification traffic,” in Trustcom/BigDataSE/I SPA, IEEE, pp. 1788–1794, 2016.

[61] Yusof, A. R., Udzir, N. I., Selamat, A., Hamdan, H., Abdullah, M. T., “Adaptive feature selection for denial of services (DoS) attack,” in IEEE Conference on Application, Information and Network Security (AINS), pp. 81–84, 2017.

[62] Singh, K. J., De, T., “Efficient classification of DDoS attacks using an ensemble feature selection algorithm,” in Journal of Intelligent System, Dec. 2017.

[63] Khan, S., Gani, A., Wahab, A. W. A., Singh, P. K., “Feature selection of Denial-of- Service attacks using entropy and granular computing,” in Arabian Journal for Science and Engineering (AJSE), vol. 43, no. 2, pp. 499–508, 2018.

[64] Alejandre, F. V., Corts, N. C., Anaya, E. A., “Feature selection to detect botnets using machine learning algorithms.” in International Conference on Electronics, Communications and Computers (CONIELECOMP), pp. 1–7, 2017.

[65] Al-Hawawreh, M. S., “SYN flood attack detection in cloud environment based on TCP/IP header statistical features,” in the Proceedings of 8^th International Conference on Information Technology (ICIT), pp. 236–243, 2017.

[66] Li, J., Liu, Y., Gu, L., “DDoS attack detection based on neural network,” in the Proceedings of 2^nd International Symposium on Aware Computing (ISAC), pp. 196–

199, 2010.

[67] Agrawal, P. K., Gupta, B. B., Jain, S., Pattanshetti, M. K., “Estimating Strength of a DDoS Attack in Real Time Using ANN Based Scheme, Computer Networks and Intelligent Computing,” in Communications in Computer and Information Science, Springer, vol. 157, pp. 301–310, 2011.

[68] Gupta, B. B., Joshi, R. C., Misra, M., Jain, A., Juyal, S., Prabhakar, R., Singh, A. K.,

“Predicting Number of Zombies in a DDoS Attack Using ANN Based Scheme,” in Information Technology and Mobile Communication, Springer, pp. 117–122, 2011.

83

[69] Bansal, A., Mahapatra, S., “A comparative analysis of machine learning techniques for botnet detection,” in 10th International Conference on Security of Information and Networks, pp. 91–98, 2017.

[70] Lu, L., Feng, Y., Sakurai, K., “C&C session detection using random forest,” in the Proceedings of 11th International Conference on Ubiquitous Information Management and Communication, p. 34, 2017

[71] Zekri, M., Kafhali, S. E., Aboutabit, N., and Saadi, Y., “DDoS attack detection using machine learning techniques in cloud computing environments,” in the Proceedings of 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), pp. 1-7, Feb. 2018.

[72] Yuan, X., Li, C., Li, X., “DeepDefense: identifying DDoS attack via deep learning,”

in International Conference on Smart Computing (SMARTCOMP), pp. 1–8, 2017.

[73] Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B., Almseidin, M., “Detecting distributed denial of service attacks using data mining techniques,” in International Journal of Advanced Computer Science and Applications (IJACSA), vol. 7, no. 1, pp.

436–445, Jan. 2016.

[74] Pei, J., Chen, Y., and Ji, W., “A DDoS Attack Detection Method Based on Machine Learning,” Journal of Physics: Conference Series, vol. 1237, Jun. 2019.

[75] Yadav, S., and Selvakumar, S., “Detection of Application Layer DDoS Attack by Modeling User Behavior Using Logistic Regression,” in 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Dec. 2015.

[76] Chen, J., Yang, Y., Hu, K., Zheng, H., and Wang, Z. “DAD-MCNN: DDoS Attack Detection via Multichannel CNN,” in Proc. 11th International Conference on Machine Learning and Computing (ICMLC), pp. 484-488, Feb. 2019.

[77] Unal, A. S., and Hacibeyoglu, M., “Detection of DDOS Attacks in Network Traffic Using Deep Learning,” in International Conference on Advanced Technologies, Computer Engineering and Science (ICATCES), pp. 1-5, May. 2018.

84

[78] Khuphiran, P., Leelaprute, P., Uthayopas, P., Ichikawa, K., and Watanakeesuntorn, W., "Performance Comparison of Machine Learning Models for DDoS Attacks Detection," in the Proceedings of 22nd International Computer Science and Engineering Conference (ICSEC), pp. 1-4, Nov. 2018.

[79] Sanmorino, A., “A study for DDOS attack classification method,” 1st International Conference on Advance and Scientific Innovation (ICASI), May, 2019.

[80] Abbasi, H., Ezzati-Jivan, N., Bellaiche, M., Talhi, C., and Dagenais, M. R., “Machine Learning-Based EDoS Attack Detection Technique Using Execution Trace Analysis,”

Journal of Hardware and Systems Security, vol. 3, no. 2, pp. 164–176, Jun. 2019.

[81] Alpaydin, E., Introduction to Machine Learning, The MIT Press, 2009.

[82] Shah, P., Insights into Machine Learning, 2018. [Online]. Available:

https://opensourceforu.com/2018/01/insights-machine-learning/.

[83] Hassani, P., An Insight into 26 Big Data Analytic Techniques: Part 2, 2016. [Online].

Available: https://blogs.systweak.com/2016/11/an-insightinto-26-big-data-analytic- techniques-part-2/.

[84] Priyadharshini, "Machine Learning: What it is and Why it Matters," Mar. 2018.

[Online]. Available: https://www.simplilearn.com/what-is-machinelearning-and- why-it-matters-article.

[85] Loon, R. V., "Machine Learning Explained: Understanding Supervised, Unsupervised, and Reinforcement Learning," Jan. 2018. [Online]. Available:

https://www.datasciencecentral.com/profiles/blogs/machine-learningexplained- understanding-supervised-unsupervised.

[86] Karovic, V., Gregus, M., “Practical Implementation of Private Cloud Based on Open Source ownCloud for Small Teams - Case Study,” 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, Nov, 2015.

[87] Sanfilippo, S., "Information Gathering," Feb. 2014. [Online]. Available:

https://tools.kali.org/information-gathering/hping3.

[88] Wikipedia, [Online]. Available: https://en.wikipedia.org/wiki/Mausezahn.

85

[89] Github, [Online]. Available: https://github.com/JamesJGoodwin/wreckuests.

[90] Wagoner, A., “A Beginners Guide to tcpdump,” GSEC Practical v.1.4b, 2002.

[91] Ganapathy, S., Kulothungan, K., Muthurajkumar, S., Vijayalakshmi, M., Yogesh, P., and Kannan, A., “Intelligent feature selection and classification techniques for intrusion detection in networks: a survey,” EURASIP Journal on Wireless Communications and Networking, vol. 2013, no. 1, p. 271, 2013.

3[92] Pedregosa, F., Varoquaux, G., Gramfort, A. et al., “Scikit-learn: machine learning in python,” in Journal of Machine Learning Research, vol. 12, no. 85, pp. 2825–2830, 2012.

[93] Saeedi, K., Machine Learning for Ddos Detection in Packet Core Network for IoT, M.Sc. Engg. Thesis, Department of Computer Science, Electrical and Space Engineering, Lulea University of Technology, 2019

[94] Donges, N., Mar. 2018. [Online]. Available:

https://towardsdatascience.com/therandom-forest-algorithm-d457d499ffcd.

[95] Fawcett, T., "An introduction to ROC analysis", in Pattern Recognition Letters, vol.

27, no. 8, pp. 861-874, Jun. 2006.

[96] Bradley, A.P., “The use of the area under the ROC curve in the evaluation of machine learning algorithms,” in Pattern Recognition Letters, vol. 30, no. 7, pp. 1145–1159, 1997.

[97] Li, Q., Meng, L., Zhang, Y., Yan, J., “DDoS Attacks Detection Using Machine Learning Algorithms,” in Communications in Computer and Information Science, Springer, vol. 1009. 2019.

[98] Aamir, M., and Zaidi, S. M. A., “DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation,” in International Journal of Information Security, vol.18, pp. 761–785, Apr. 2019.