Skip to main content
SpringerLink
Log in

A Spark-Based DDoS Attack Detection Model in Cloud Services

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10060))

Abstract

As more and more cloud services are exposed to DDoS attacks, DDoS attack detection has become a new challenging task because large packet traces captured on fast links could not be easily handled on a single server with limited computing and memory resources. In this paper, we propose a Spark based analysis model to identify abnormal packets and compute statistics for the detection model on the number of abnormal packets. The novelties of the model are that: (1) by harnessing HBase, an efficient bloom filter based mapping mechanism of TCP2HC/UDP2HC are implemented; (2) with the characteristics of IP spoofing and temporal correlation of the transport layer connection state, an extensible set of rules and a reliable Spark streaming based check mechanism for abnormal packets are designed; (3) by using statistic features such as the growth of abnormal packets and the growth of anomalous TCP/UDP flow, non-parameter CUSUM algorithm is used to detect DDoS attack efficiently. The model can detect attacks in the early stage, which is beneficial to mitigate attack by converting a check rule to the filtering rule. Experiments show no matter how large the scale of attack traffic and what kind of DDoS attack behavior, the detection model can soon detect DDoS attack accurately.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sumter, R.L.Q.: Cloud Computing: Security Risk Classification. ACMSE, Oxford (2010)

    Book  Google Scholar 

  2. Jansen, W., et al.: Cloud hooks: security and privacy issues in cloud computing. In: 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2011)

    Google Scholar 

  3. Osanaiye, O., Choo, K.K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud. J. Netw. Comput. Appl. 67(C), 147–165 (2016)

    Article  Google Scholar 

  4. Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. bxt031 (2014)

    Google Scholar 

  5. Patel, K.: Security survey for cloud computing: threats & existing IDS/IPS techniques. In: 24th International Conference on Control, Communication and Computer Technology, pp. 88–92. IEEE (2013)

    Google Scholar 

  6. Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutorials 15(4), 2046–2069 (2013)

    Article  Google Scholar 

  7. Gupta, S., Kumar, P., Abraham, A.: A profile based network intrusion detection and prevention system for securing cloud environment. Int. J. Distrib. Sens. Netw. 2013 (2013)

    Google Scholar 

  8. Yi, F., Yu, S., Zhou, W., Hai, J., Bonti, A.: Source-based filtering scheme against DDoS attacks. Int. J. Database Theory Appl. 1(1), 9–20 (2011)

    Google Scholar 

  9. Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. In: Neural Computing & Applications, pp. 1–28 (2016)

    Google Scholar 

  10. Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for DDoS attack defense in cloud environment. Future Gener. Comput. Syst. 29(7), 1838–1850 (2013)

    Article  Google Scholar 

  11. Gulshan, S., Kavita, S., Swarnlata, R.: A technical overview dos and DDoS attack. In: Proceeding of International Conference in Computing 2010, pp. 274–282 (2010)

    Google Scholar 

  12. Somani, G., Gaur, M.S., Sanghi, D., Conti, M.: DDoS attacks in cloud computing: collateral damage to non-targets. Comput. Netw. (2016)

    Google Scholar 

  13. Bogdanoski, M., Suminoski, T., Risteski, A.: Analysis of the SYN flood DoS attack. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 5(8), 1–11 (2013)

    Google Scholar 

  14. Bhandari, N.H.: Survey on DDoS attacks and its detection & defence approaches. Int. J. Sci. Mod. Eng. (IJISME) 1(3), 2319–6386 (2013)

    Google Scholar 

  15. Tao, Y., Yu, S.: DDoS attack detection at local area networks using information theoretical metrics. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 233–240 (2013)

    Google Scholar 

  16. François, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. (TON) 20(6), 1828–1841 (2012)

    Article  Google Scholar 

  17. Chouhan, V., Peddoju, S.K.: Packet monitoring approach to prevent DDoS attack in cloud computing. Int. J. Comput. Sci. Electr. Eng. (IJCSEE) 2315–4209 (2013)

    Google Scholar 

  18. Wang, F., Wang, H., Wang, X., Su, J.: A new multistage approach to detect subtle DDoS attacks. Math. Comput. Model. 55(1), 198–213 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  19. Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn. Lett. Early Access 1–7 (2015)

    Google Scholar 

  20. Choi, J., Chang, C., Yim, K., Kim, J., Kim, P.: Intelligent reconfigurable method of cloud computing resources for multimedia data delivery. Informatica 24(3), 381–394 (2013)

    Google Scholar 

  21. Zaharia, M., Das, T., Li, H., Hunter, T., Shenker, S., Stoica, I.: Discretized streams: fault-tolerant streaming computation at scale. In: Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, pp. 423–438 (2013)

    Google Scholar 

  22. Chen, W., Wang, J.: Building a cloud computing analysis system for intrusion detection system. In: CloudSlam (2009)

    Google Scholar 

  23. Lee, Y., Lee, Y.: Detecting DDoS attacks with hadoop. In: ACM Conext Student Workshop, pp. 1–2 (2011)

    Google Scholar 

  24. Conner, J.: Customizing input file formats for image processing in hadoop. In: Arizona State University Technical report (2009)

    Google Scholar 

  25. Lee, Y., Lee, Y.: Toward scalable internet traffic measurement and analysis with hadoop. ACM SIGCOMM Comput. Commun. Rev. 43(1), 5–13 (2013)

    Article  Google Scholar 

  26. Rettig, L., Khayati, M., Cudre-Mauroux, P., Piorkowski, M.: Online anomaly detection over big data streams. In: IEEE International Conference on Big Data, pp. 1113–1122 (2015)

    Google Scholar 

  27. Zheng, Y., Shroff, N.B., Sinha, P.: A new analytical technique for designing provably efficient MapReduce schedulers. Proc. IEEE INFOCOM 12(11), 1600–1608 (2013)

    Google Scholar 

  28. Wang, W., Zhu, K., Lei, Y.: Map task scheduling in MapReduce with data locality: throughput and heavy-traffic optimality. In: Proceedings - IEEE INFOCOM, pp. 1609–1617 (2013)

    Google Scholar 

  29. Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, pp. 252–262. ACM (2002)

    Google Scholar 

Download references

Acknowledgments

This work is partially supported by the Planned Science and Technology Project of Hunan Province, China (NO. 2015JC3044), the National Natural Science Foundation of China (NO. 61272147), and the National Science Fund for Young Scholars (NO. 61309009).

Author information

Authors and Affiliations

  1. School of Information Science and Engineering, Central South University, Changsha, 410083, China

    Jian Zhang, Yawei Zhang, Pin Liu & Jianbiao He

Authors
  1. Jian Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yawei Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianbiao He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pin Liu .

Editor information

Editors and Affiliations

  1. Huawei International, Singapore, Singapore

    Feng Bao

  2. University of Surrey, Guilford, Surrey, United Kingdom

    Liqun Chen

  3. Singapore Management University, Singapore, Singapore

    Robert H. Deng

  4. Guangzhou University, Guangzhou, Guangdong, China

    Guojun Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Zhang, J., Zhang, Y., Liu, P., He, J. (2016). A Spark-Based DDoS Attack Detection Model in Cloud Services. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49151-6_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49150-9

  • Online ISBN: 978-3-319-49151-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation