A Framework for Detecting Distributed Denial of Services Attack in Cloud Enviorment using Machine Learning Techniques

Manish Kumar Rajak1*, Dr. Ravindra Tiwari2

1 Research Scholar, LNCT University, Bhopal, Madhya Pradesh, India

Email - reeteshrai16@gmail.com

2 LNCT University, Bhopal, Madhya Pradesh, India

Abstract - Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm.

Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Keywords - DDoS, Network Intrusion Detection System Ensemble machine learning system for intrusion detection.

INTRODUCTION

DDoS targets the IS network by accessing the device Capacity processing or flooding of the network width of the targeted enterprise. Currently, DDoS attacks were used on websites designed for commercial purposes Turns into online business. Various forms of DDoS are used to counter DDoSattacks[1]

They are deployed and developed for the protection techniques available. Defense DDoS Mechanisms are defined from[2], and the various challenges are also relevant in Safety. Vast numbers of unsecured computers are interconnected over the Internet, so Computers or machines with the new automated injection tools are implemented Attacking Zombies. The Number of distributed attacking systems is vast, and they are Deployed with source address spoofing, the malicious attack can be challenging to detect and Machine attackers (originators). Remarkably, it is difficult to identify and trackback the Assault flow. Legitimate traffic and traffic assaults are synonymous, denials found Attacks before it occurs, and it severely hampers the identification of malicious flows. To distinguish between non-attack traffic and DDoS attack traffic, particularly flash Crowd flow, different statistical methods are in use at the moment[3].

The attackers and the defenders still fight each other another device to hack and defend, respectively. Attacks seek to exploit device vulnerabilities. On the Top another end, the defenders are trying to protect the mechanism against this Exploitation, and suggest a remedy. Dispatched denial of service (DDoS) was one of the most potent attacks during which The accused attempts to build a program, a service or a resource Of its legal users inaccessible. The system is in DDoS In a distributed way, penetrated. Both are used by attackers Both conventional and modern approaches to DDoS achievement.

A Software or Device for Intrusion Detection (IDS) which is widely used to inspect and track the target The operation of the machine and the alarming raised as soon as it detects some Malicious conduct. It can be put in or out of the Network perimeter in support of system security Original architecture. Wherever it is located, the IDS' primary target is to detect all attack forms like DDoS. Meanwhile, Attackers adapt tactics and methods to the attacks. Coping with Upon the latest strategies of the attackers and rising the Accuracy of identification, defenders introduce new defence Building new IDS techniques, approaches and methods[1] that can Detecting malicious behaviour. We build our IDS in this paper using Machine Learning, Which was probably the critical force behind many Recent Artificial Intelligence successes. It was used in a Wide application set including computer vision, natural The comprehension of languages, robotics, software engineering, etc. Previous use of the safety field, machine learning in Creation of IDSs[2, 3]. In fact, however, the majority of these Approaches based on a standard paradigm for learning intrusions. However, that is because of the varied nature of the interventions. A single model, generalizing to all forms, can be challenging to understand. For example, you can model specific types of intrusions using an Easy linear model (e.g., regression logistics) while others may be Require more complex nonlinear models ( e.g. vector support) Kernel machines). So our key idea is to practice Several models which can classify and then integrate intrusions Such to create a single structure. The advantages of mastering the Ensemble that is, combining several The classifications were well studied to form a more efficient classifier In the world of Machine learning. [4] Dietterich et al.

1.1 Distributed Service Attack denial (DDoS)

Distributed Denial-of-Service (DDoS) is designed to shut down a service or network, rendering it inaccessible to permitted users. The DDoS assault denies legitimacy Users, such as employees, bank customers and devices they expect, in both cases. DDoS attacks are mostly aimed at high profile web servers As government and business agencies, as well as media, trade and finance organizations. Though The loss or theft of vital information or other assets shall not lead to such attacks Mitigation will save much time and money on a victim. Additionally, DDoS is also used Breaking out other network attacks[4]. DDoS attacks are generated in two ways:

Indirect flooding and overt flooding. Attackers in Application Layer Usually spoof IP addresses of the packet source indirect flooding attacks, such as Attacks at layer or network layer and DDoS, and send them directly to the victim[5]. It is intentional to hack computer systems, and networks are a cyber-attack. Electronics Attacks use malicious code to alter computer code, principles or data by adding malicious results that can lead to cybercrimes and compromise data like theft Identity & Information [6].

1.2 Teardrop Attack

This attack allows a healthy period and breakdown of successive Internet Protocol areas (IP) the packets to cover the attacked have each other; however, during the process, the packages have Attacked attempts to replicate frames in networks fail. The program of goals gets confused. At this point, and [7] collapses.

1.3 Smurf Attack

This assault includes the use of IP spoofing and ICMP to immerse as a target for activity communication. This attack method uses ICMP echo parameters which are based on Sent IP addresses. Those ICMP demands begin with the spoofed address "victim" [7]. [18].

1.4 Ping of Death Attack

This type of attack uses IP packets to pick up an IP size target frame Maximum of 65,535 bytes. IP parcels are not allowed under this measure, so The intruder parts a portion of the IP. If the goal frame assembles the packet again, it will Meet waves of buffers and other crashes[7].

1.5 Land Attack

A specially crafted TCP SYN message is constructed in a LAND attack to modify the Source Internet address and path to be similar to destination and network address. This is configured to connect to a victim's device for access. Software compromised Receives such a message and effectively returns the packet to be reprocessed to the destination address in an endless loop. The machine CPU is also used for Continuously lock vulnerable devices, causing or even crashing a lock-up[8].

1.6 SYN Flood Attack

The computer of the attacker floods the target system to process low for various requirements, not responding to the targeted system[7].

1.7 Algorithms of Machine Learning

Machine learning algorithms create a mathematical model based on sample information, recognized as "training data," to detect or make decisions by means of complex method programming and deliver better results—algorithms in Machine Learning Used in a diverse range of applications. Types of machine learning algorithms vary in an Implementation, input and output, kind of function or problem, data type. They try to surmount it.

The majority of companies that benefit from internet trading do not understand the Real costs related to rising numbers of DDOS attacks that continue Bring down Worldwide websites. This can be just a few minutes' downtimes Costly when millions of dollars in business transactions are closed because of a hacker Bomb Strike. And the effective detection of machine learning algorithms is used. This shrinks Server downtime and increases server performance.

1.7.1 Supervised Learning

Data includes the necessary information and the relevant output data in the supervised Algorithm Learning. It contains a collection of training events. An algorithm is said to be That makes its yields or forecasts more accurate over time has learnt to bring. This assignment is out[9].

1.7.2 Unsupervised Learning

A collection of data containing only fine data structure, and like clustering data points. Therefore, the algorithms learn from training data which were not named or Listed [10].

1.7.3 Reinforcement Learning

Reinforcement Learning is about how technology experts have been able to In an environment, take action to refine a few ideas for a full reward. Due to its simplification, the subject is studied in several other disciplines, such as swarm Multi-agent systems, intelligence, information hypothesis, investigation operations, Simulation-based optimization, game theory, genetic calculations, measurements, and The Theory of Control[11].

2. LITERATURE REVIEW

The Detection System for Network Intrusion (NIDS) detects the Abnormal Target System activity due to an intrusion Assault [7]. Intrusion based on a signature and based on phenomena Two primary branches of NIDS are identification. Garcia-Teodoro et cetera. [8]referred to the various forms of Intrusion based on anomalies Detection, and threats to them.

To stop looking into the vastness of a human analyst Data quantities to identify anomalous sequences of Connections to the Network, Sinclair et al.[9] produced an application which Enhanced domain knowledge through machine learning techniques (Genetic algorithms and decision tree) defining guidelines for Expert-system intrusion detection.

Ashraf et al.[10] used the techniques of machine learning for identification In software specified network DDoS attacks. [11] Suresh et al. Comparison of various kinds of machine learning algorithms to find Better Accuracy when detecting DDoS attack. NIDS developing with machine learning, Investigators have applied machine learning to the Ensemble. As indicated The two styles of groups used earlier are homogeneous and Heterogeneous yes. For detecting bagging[12,13] and boosting Intrusion into the network where the data is marked with Ensemble

For common classification forms. Yet stacking and hybridization [14] Model, heterogeneous classifier ensemble, are used for training Modeling. Aburomman et al.[5] gave a detailed survey of the NIDS based on the group, including homogeneous, heterogeneous, And hybrid methods, combining those with various types of methods Databases. Multiple kinds of classification can be used for Ensemble Of a number of family classifications, namely: Artificial Neural Network (ANN), Vector Machine System (SVM) with Variations Multilayer Perceptron (MLP), Naïve Bayes ( NB), Kernels, Multivariate Splines for Adaptive Regression (MARS), K Nearest Neighbor (KNN) [12, 14, 15, 16, 17], K, J48, JRip, PAC, etc.

Besides selecting the different classifiers for an ensemble, Reducing dataset features[18, 19] can give a better solution Output in Attack detection. Both for detecting a DDoS attack Heterogeneous [5, 15, 18, 20] and uniform methods of Ensemble was used. We are motivated in this paper to create a new ensemble (a new combination of classification from Various grouping families) and maintaining the minimum Number of data features (functions affecting DDoS attack) that Lastly, it produces lower false positives and higher detections Precise versus current tests.

Osanaiye[14] Detailed experimental analysis using the benchmark was conducted Intrusion detection list, NSL-KDD and Decision tree classification. The Number of features is that from 41 to 13 and has a high classification accuracy and detection rate compared to the remaining techniques. The results EMFFS Is determined by combining the output for each filter function. A threshold is set By majority vote, determined. NSL-KDD data collection, performance evaluation, shows J48 Classifier and feature selection methods proposed, EMFFS method for 13 functions Contains greater efficiency compared with other forms of filtering.

Malathi[15] NSL-KDD dataset provides an excellent analysis of the various detections of intrusion Machine learning techniques (Tree-J48 decision, Random forest, Naive Bayes decision, and SVM. The data collected with and without feature reduction, and it is evident that Random Forest displays the test with high precision compared to all other algorithms. Scandal Forest speeds up the preparation in intrusion detection and testing methods which are very useful Required for high-speed network applications, and even provide maximum accuracy Study.

Kaddoum[16] Machine learning methods are used to reduce the false alarm frequency Used for precision values. Every learning algorithm has the limitations of any principles. Different classifiers are used to classify and anomalies attack Detection (Random Forest, Voting Ensemble in decision trees using K-NN, Boosting and Bagging). Overall Accuracy for the classification of attacks and binary classification Are 84.25% and 85.81% respectively. Innovation dataset anomaly detection is the NSLKDD, and multiple learners are combined to create ensemble learners and this Increases identification accuracy. The experimental findings demonstrate the practicality of The proposed NSL-KDD dataset IDS relative to the other state-of-the-art data set[16].

Shamshirband[17] Detailed decision-taking to halt these attacks and DDoS gets less computational complexity. Using Fuzzy Q-Learning (FQL) Wireless network values overcome from DDoS attacks in the network, And target nodes identify patterns for a particular offence and make inappropriate calculations Werte. Werte. The FQL is trained and tested on two CAIDA and NSL-KDD datasets. That's it. Allows the proposed IDS FQL that has a higher accuracy detection level while Compared with Fuzzy Logic Controller and Q-learning Algorithm. The system succeeds Low cost of 65.76 per cent 88.77 per cent and higher precision of detection. Function in the CAIDA dataset measured according to the Fuzzy logic controller and Q-learning. Databases Comparison for Fuzzy logic controller algorithms and Q-learning algorithms.

Zekri[18] Typically, the intruder uses innocent tainted machines as Zombies as a DDoS attack to pass loads of packets from the zombies known to a Server which uses unknown bugs or known bugs. It occupies a substantial part of the network Bandwidth and a lot of ServerServer time-consuming. It has built a DDoS detection system For DDoS attack prevention, based on a C.4.5 algorithm. The algorithm yields a Tandem decision tree with automated signature identification techniques, for DDoS Flooding attacks successful identification of attacks by signatures.

Nathiya[19] Decision tree (J48) to forecast unnecessary data and irrelevant data Algorithms, Naive Bayes, and vector support (SVM) algorithms are used. It Reduces the false alarm rate for all of those listed algorithms. Use WEKA method A statistical study and a short time of measurement for implementation Good result. The decision tree for simulation outcomes is almost 2 per cent of SVM, 14 per cent of Naive Bayesian, better than the TP-rate. The decision-making tree is about 1 per cent higher than the SVM FP average, 11 per cent lower than the Bayesian provincial average. The level of precision of the decision tree is better than almost 2% of SVM, 20% of naive Bayesian. The execution time of SVM is, therefore, higher than any other. The principal conclusion is that Decision tree efficiency is higher than that of other SVMs and the Naive Bayesians.

3. CONCLUSION

The purpose of this study is to know the technology, in the NSL-KDD dataset and in the field of DDoS attacks.Through the work of top researchers, we find that different researchers have the various approaches were used to detect, classify and identify attacks. It is talked with Some of the efficient , high precision techniques. It does detect and compare Distributed denial of service attacks (DDoS) using the algorithms listed above. System for detecting a DDoS attack is translated into two "DDoS" classes and Standard. KNIME displayed the results of its execution which depend on the datasets. The algorithms are Naive Bayes, K-NN algorithms, Random Forests and a Decision tree. Compared with the other three algorithms, K-NN is found to provide better precision.

REFERENCES

1. Rao, N.S., Sekharaiah, K.C., Rao, A.A.: A survey of distributed denial-of-service (DDoS)defense techniques in ISP domains. In: Innovations in Computer Science and Engineering,p. 221–230. Springer, Singapore (2019)

2. Gupta, B.B., Joshi, R.C., Misra, M.: Distributed denial of service prevention techniques.rXiv preprint arXiv:1208.3557 (2012)

3. Rao, N.S., Sekharaiah, K.C., Rao, A.A.: A survey of discriminating distributed DoSattacksfrom flash crowds. In: International Conference on Smart Trends for InformationTechnology and Computer Communications, pp. 733–742. Springer, Singapore (2016)

4. https://phoenixnap.com/blog/cyber-security-attack-types874 I. Philo Prasanna and M. Suguna

5. Jing, X., Yan, Z., Jiang, X., Pedrycz, W.: Network traffic fusion and analysis against DDoSflooding attacks with a novel reversible sketch. Inf. Fusion 51, 100–113 (2019)

6. https://www.techopedia.com/definition/24748/cyberattack

7. https://medium.com/@aslam.ali9560/types-of-web-security-attack-496f4cee7212

8. https://www.imperva.com/learn/application-security/land-attacks/

9. https://en.wikipedia.org/wiki/Supervised_learning

10. https://machinelearningmastery.com/supervised-and-unsupervised-machine-learning-algorithms/

11. https://en.wikipedia.org/wiki/Reinforcement_learning

12. NSL-KDD—Datasets—Research—Canadian Institute for Cybersecurity—UNB (2017). http://www.unb.ca/cic/datasets/nsl.html

13. Dhanabal, L., Shantharajah, S.P.: A study on NSL-KDD dataset for intrusion detectionsystem based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 4(6),46–452 (2015)

14. Osanaiye, O., Cai, H., Choo, K.-K.R., Dehghantanha, A., Xu, Z., Dlodlo, M.: Ensemblebasedmulti-filter feature selection method for DDoS detection in cloud computing.EURASIP J. Wirel. Commun.Netw. 2016(1), 130 (2016)

15. Revathi, S., Malathi, A.: A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int. J. Eng. Res. Technol. (IJERT) 2(12), 1848–1853 (2013)

16. Illy, P., Kaddoum, G., Moreira, C.M., Kaur, K., Garg, S.: Securing fog-to-thingsenvironment using intrusion detection system based on ensemble learning. arXiv preprintarXiv:1901.10933 (2019)

17. Shamshirband, S., Anuar, N.B., Laiha, M., Kiah, M., Misra, S.: Anomaly detection usingfuzzy Q-learning algorithm. ActaPolytech. Hung. 11(8), 5–28 (2014)

18. Zekri, M., El Kafhali, S., Aboutabit, N., Saadi. Y.: DDoS attack detection using machinelearning techniques in cloud computing environments. In: 2017 3rd International Conferenceof Cloud Computing Technologies and Applications (CloudTech), pp. 1–7. IEEE (2017)

19. Nathiya, T., Suseendran, G.: An effective way of cloud intrusion detection system usingdecision tree, support vector machine and Naïve bayes algorithm. Int. J. Recent.Technol. Eng. (IJRTE) 7(4S2), 38–43 (2018)

20. Larose, D.T., Larose, C.D.: K-nearest neighbor algorithm. In: Discovering Knowledge inData: An Introduction to Data Mining, 2nd edn., pp. 149–164. Wiley (2014)