Skip to main content
Springer Nature Link
Log in

Machine Learning-Based EDoS Attack Detection Technique Using Execution Trace Analysis

  • Published:
Journal of Hardware and Systems Security Aims and scope Submit manuscript

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

One of the most important benefits of using cloud computing is the benefit of on-demand services. Accordingly, the method of payment in the cloud environment is pay per use. This feature results in a new kind of DDOS attack called Economic Denial of Sustainability (EDoS), in which the customer pays extra to the cloud provider as a result of the attack. Similar to other DDoS attacks, EDoS attacks are divided into different types, such as (1) bandwidth-consuming attacks, (2) attacks that target specific applications, and 3) connection-layer exhaustion attacks. In this work, we propose a novel framework to detect different types of EDoS attacks by designing a profile that learns from and classifies the normal and abnormal behaviors. In this framework, the extra demanding resources are only allocated to VMs that are detected to be in a normal situation and therefore prevent the cloud environment from attack and resource misuse propagation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. https://code.google.com/p/httpflooder/wiki/Usage

  2. http://www8.hp.com/us/en/software-solutions/loadrunner-loadtesting/index.html

References

  1. Geelan J (2009) Twenty-One Experts define cloud computing. Virtualization Journal

  2. Bogdanoski MS, Risteski TA Analysis of the SYN Flood DoS Attack. Computer Network and Information Security 2013(MECS)

  3. VivinSandar S, Shenai S (2012) Economic denial of sustainability (EDos) in cloud services using HTTP and XML based DDos attacks. International Journal of Computer Applications

  4. Mell P, Grance T (2011) The NIST definition of cloud computing. National Institute of Standards and Technology

  5. Furht B, Escalante A (2010) Handbook of Cloud Computing. Springer, Berlin. 634

    Book  MATH  Google Scholar 

  6. Hsin-Yi T, et al. (2012) Threat as a service?: virtualization’s impact on cloud security. IT Professional 14 (1):32–37

    Article  Google Scholar 

  7. Shea R, Jiangchuan L (2012) Understanding the impact of denial of service attacks on virtual machines. In: 2012 IEEE 20th international workshop on quality of service (IWQos)

  8. Sqalli MH, Al-Haidari F, Salah K (2011) EDOs-shield - a two-steps mitigation technique against EDos attacks in cloud computing. In: 2011 Fourth IEEE international conference on utility and cloud computing (UCC)

  9. Naresh Kumar M et al (2012) Mitigating economic denial of sustainability (EDoS) in cloud computing using in-cloud scrubber service. In: 2012 Fourth international conference on computational intelligence and communication networks (CICN)

  10. Alosaimi W, Al-Begain K (2013) An enhanced economical denial of sustainability mitigation system for the cloud. In: 2013 Seventh international conference on next generation mobile apps services and technologies (NGMAST)

  11. Masood M, et al. (2013) EDOs armor: a cost effective economic denial of sustainability attack mitigation framework for e-commerce applications in cloud environments. In: Multi topic conference (INMIC) 2013 16th International

  12. Baig ZA, Binbeshr F (2013) Controlled virtual resource access to mitigate economic denial of sustainability (EDos) attacks against cloud infrastructures. In: 2013 international conference on cloud computing and big data (CloudCom-Asia)

  13. Al-Haidari F, Sqalli MH, Salah K (2012) Enhanced EDoS-Shield for mitigating EDoS attacks originating from spoofed IP addresses. In: 2012 IEEE 11th international conference on trust, security and privacy in computing and communications (TrustCom)

  14. Koduru A, Neelakantam T, Bhanu SMS (2013) Detection of eco-nomic denial of sustainability using time spent on a web pagein cloud. In: 2013 IEEE international conference on cloudcomputing in emerging markets (CCEM), pp 1–4

  15. NSFOCUS, Bandwidth Consumption DDoS Attacks and Mitigation Methods. 2013: NSFOCUS

  16. http://en.wikipedia.org/wiki/Moving_average_Exponential_moving_average. 14 Oct 2014

  17. Desnoyers M, Dagenais M (2008) LTTNg: tracing across execution layers, from the hypervisor to user-space. In: Proceedings of the Ottawa linux symposium

  18. Defending Networks with Incomplete Information: A Machine Learning Approach. 2013, BlackHat Briefings

  19. Subbulakshmi T et al (2011) Detection of DDos attacks using enhanced support vector machines with real time generated dataset. In: 2011 Third international conference on advanced computing (ICoAC)

  20. Joshi B, Vijayan AS, Joshi BK (2012) Securing cloud computing environment against DDos attacks. In: 2012 international conference on computer communication and informatics (ICCCI)

  21. Nguyen TTT, Armitage G (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutorials 10(4):56–76

    Article  Google Scholar 

  22. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177 (18):3799–3821

    Article  Google Scholar 

  23. Holmes G, Donkin A, Witten IH (1994) WEKA: a machine learning workbench. In: 1994 Proceedings of the 1994 Second Australian and New Zealand conference on intelligent information systems

  24. Choi J, Choi C, Ko B, Kim P (2014) A method of DDos attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Comput 18:1697–1703. https://code.google.com/p/httpflooder/wiki/Usage

    Article  Google Scholar 

  25. Ezzati-Jivan N, Dagenais MR (2015) Cube data model for multilevel statistics computation of live execution traces. Concurrency Computat Pract Exper 27:1069–1091. https://doi.org/10.1002/cpe.3272

    Article  Google Scholar 

  26. Bogdanoski M, Suminoski T, Risteski A (2013) Analy-sis of the syn flood dos attack. International Journal of Computer Networkand Information Security (IJCNIS) 5(8):1–11

    Google Scholar 

  27. Ceponis D, Goranin N (2018) Towards a robust method of datasetgeneration of malicious activity on a windows-based operating system foranomaly-based hids training

  28. Geetha K, Sreenath N (2014) Syn flooding attackidentification and analysis. In: 2014 International conference on information communication and embedded systems (ICICES), IEEE, pp 1–7

  29. Verge A, Ezzati-Jivan N, Dagenais MR (2017) Hardware-assisted software event tracing. Concurrency Computat: Pract Exper 29:e4069. https://doi.org/10.1002/cpe.4069

    Article  Google Scholar 

  30. Nigam V, Jain S, Burse K (2014) Profile based scheme against ddosattack in wsn. In: 2014 Fourth international conference on communication systems and network technologies, pp 112–116

  31. Ezzati-Jivan N, Dagenais M (2017) Multi-scale navigation of large trace data, a survey. Concurrency Computat: Pract Exper 29:e4068

    Article  Google Scholar 

  32. Venkata Ramana V, Shilpa Choudary P, Dhone MB (2011) Analysis and study of application layer distributed denial of service attacks for popular websites. International Journal of Computer Science and Telecommunications, vol 2

  33. Shea R, Liu J (2013) Performance of virtual machines under networked de-nial of service attacks: experiments and analysis. IEEE Syst J 7(2):335–345

    Article  Google Scholar 

  34. Ye C, Zheng K (2011) Detection of application layer distributeddenial of service. In: 2011 International conference on computer science and network technology (ICCSNT), vol 1. IEEE, pp 310–314

Download references

Author information

Authors and Affiliations

  1. Ecole Polytechnique Montreal, Montreal, Canada

    Hossein Abbasi, Naser Ezzati-Jivan, Martine Bellaiche & Michel R. Dagenais

  2. École de Technologie Supérieure, Montreal, Canada

    Chamseddine Talhi

Authors
  1. Hossein Abbasi
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Naser Ezzati-Jivan
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Martine Bellaiche
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Chamseddine Talhi
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Michel R. Dagenais
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Hossein Abbasi.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Abbasi, H., Ezzati-Jivan, N., Bellaiche, M. et al. Machine Learning-Based EDoS Attack Detection Technique Using Execution Trace Analysis. J Hardw Syst Secur 3, 164–176 (2019). https://doi.org/10.1007/s41635-018-0061-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-018-0061-2

Keywords