Abstract
As more and more cloud services are exposed to DDoS attacks, DDoS attack detection has become a new challenging task because large packet traces captured on fast links could not be easily handled on a single server with limited computing and memory resources. In this paper, we propose a Spark based analysis model to identify abnormal packets and compute statistics for the detection model on the number of abnormal packets. The novelties of the model are that: (1) by harnessing HBase, an efficient bloom filter based mapping mechanism of TCP2HC/UDP2HC are implemented; (2) with the characteristics of IP spoofing and temporal correlation of the transport layer connection state, an extensible set of rules and a reliable Spark streaming based check mechanism for abnormal packets are designed; (3) by using statistic features such as the growth of abnormal packets and the growth of anomalous TCP/UDP flow, non-parameter CUSUM algorithm is used to detect DDoS attack efficiently. The model can detect attacks in the early stage, which is beneficial to mitigate attack by converting a check rule to the filtering rule. Experiments show no matter how large the scale of attack traffic and what kind of DDoS attack behavior, the detection model can soon detect DDoS attack accurately.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sumter, R.L.Q.: Cloud Computing: Security Risk Classification. ACMSE, Oxford (2010)
Jansen, W., et al.: Cloud hooks: security and privacy issues in cloud computing. In: 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2011)
Osanaiye, O., Choo, K.K.R., Dlodlo, M.: Distributed denial of service (DDoS) resilience in cloud. J. Netw. Comput. Appl. 67(C), 147–165 (2016)
Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. bxt031 (2014)
Patel, K.: Security survey for cloud computing: threats & existing IDS/IPS techniques. In: 24th International Conference on Control, Communication and Computer Technology, pp. 88–92. IEEE (2013)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutorials 15(4), 2046–2069 (2013)
Gupta, S., Kumar, P., Abraham, A.: A profile based network intrusion detection and prevention system for securing cloud environment. Int. J. Distrib. Sens. Netw. 2013 (2013)
Yi, F., Yu, S., Zhou, W., Hai, J., Bonti, A.: Source-based filtering scheme against DDoS attacks. Int. J. Database Theory Appl. 1(1), 9–20 (2011)
Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. In: Neural Computing & Applications, pp. 1–28 (2016)
Dou, W., Chen, Q., Chen, J.: A confidence-based filtering method for DDoS attack defense in cloud environment. Future Gener. Comput. Syst. 29(7), 1838–1850 (2013)
Gulshan, S., Kavita, S., Swarnlata, R.: A technical overview dos and DDoS attack. In: Proceeding of International Conference in Computing 2010, pp. 274–282 (2010)
Somani, G., Gaur, M.S., Sanghi, D., Conti, M.: DDoS attacks in cloud computing: collateral damage to non-targets. Comput. Netw. (2016)
Bogdanoski, M., Suminoski, T., Risteski, A.: Analysis of the SYN flood DoS attack. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 5(8), 1–11 (2013)
Bhandari, N.H.: Survey on DDoS attacks and its detection & defence approaches. Int. J. Sci. Mod. Eng. (IJISME) 1(3), 2319–6386 (2013)
Tao, Y., Yu, S.: DDoS attack detection at local area networks using information theoretical metrics. In: 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 233–240 (2013)
François, J., Aib, I., Boutaba, R.: Firecol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. (TON) 20(6), 1828–1841 (2012)
Chouhan, V., Peddoju, S.K.: Packet monitoring approach to prevent DDoS attack in cloud computing. Int. J. Comput. Sci. Electr. Eng. (IJCSEE) 2315–4209 (2013)
Wang, F., Wang, H., Wang, X., Su, J.: A new multistage approach to detect subtle DDoS attacks. Math. Comput. Model. 55(1), 198–213 (2012)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn. Lett. Early Access 1–7 (2015)
Choi, J., Chang, C., Yim, K., Kim, J., Kim, P.: Intelligent reconfigurable method of cloud computing resources for multimedia data delivery. Informatica 24(3), 381–394 (2013)
Zaharia, M., Das, T., Li, H., Hunter, T., Shenker, S., Stoica, I.: Discretized streams: fault-tolerant streaming computation at scale. In: Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles, pp. 423–438 (2013)
Chen, W., Wang, J.: Building a cloud computing analysis system for intrusion detection system. In: CloudSlam (2009)
Lee, Y., Lee, Y.: Detecting DDoS attacks with hadoop. In: ACM Conext Student Workshop, pp. 1–2 (2011)
Conner, J.: Customizing input file formats for image processing in hadoop. In: Arizona State University Technical report (2009)
Lee, Y., Lee, Y.: Toward scalable internet traffic measurement and analysis with hadoop. ACM SIGCOMM Comput. Commun. Rev. 43(1), 5–13 (2013)
Rettig, L., Khayati, M., Cudre-Mauroux, P., Piorkowski, M.: Online anomaly detection over big data streams. In: IEEE International Conference on Big Data, pp. 1113–1122 (2015)
Zheng, Y., Shroff, N.B., Sinha, P.: A new analytical technique for designing provably efficient MapReduce schedulers. Proc. IEEE INFOCOM 12(11), 1600–1608 (2013)
Wang, W., Zhu, K., Lei, Y.: Map task scheduling in MapReduce with data locality: throughput and heavy-traffic optimality. In: Proceedings - IEEE INFOCOM, pp. 1609–1617 (2013)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, pp. 252–262. ACM (2002)
Acknowledgments
This work is partially supported by the Planned Science and Technology Project of Hunan Province, China (NO. 2015JC3044), the National Natural Science Foundation of China (NO. 61272147), and the National Science Fund for Young Scholars (NO. 61309009).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Zhang, J., Zhang, Y., Liu, P., He, J. (2016). A Spark-Based DDoS Attack Detection Model in Cloud Services. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-49151-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49150-9
Online ISBN: 978-3-319-49151-6
eBook Packages: Computer ScienceComputer Science (R0)