Abstract
Server farms used in web hosting and commercial applications connect multiple servers. Edge computing being a realm of cloud technology is orchestrated with server farms to enhance network efficiency. Edge computing increases the availability of cloud resources and Internet services. The higher availability of services and their ease of access deeply affect the user’s requesting behavior. The anomalous requesting behavior is creating malicious traffic, and enormous amount of such traffics at server farm denies the services to the legitimate users. Categorizing the incoming traffic into malicious and non-malicious traffic at server farm is the foremost criteria to eliminate the attacks, which in turn improves the QoS of the server farm. In the light of preventing the biased usage of the server farm, this paper proposes a SVM classifier based on requesting statistics. The proposed classifier discovers the attacks that deny services to legitimate users in two levels, based on the user’s request behavior. The pattern of arrival, its statistical characteristics and security misbehaviors are investigated at both levels. An incremental learning algorithm is proposed to enhance the learning plasticity of the proposed classifier. The experimental results illustrate that the performance of the proposed two-level classifier with respect to classification accuracy is competently improved with incremental learning.
Similar content being viewed by others
References
Shahzadi S, Iqbal M, Dagiuklas T, Qayyum Z (2017) Multi-access edge computing: open issues, challenges and future perspectives. J Cloud Comput Adv Syst Appl. https://doi.org/10.1186/s13677-017-0097-9
Taleb T, Samdanis K, Mada B, Flinck H, Dutta S, Sabella D (2017) On multi-access edge computing: a survey of the emerging 5G network edge architecture & orchestration. IEEE Commun Surv Tutor 19(3):1657–1681
Jayasinghe M, Tari Z, Zeephongsekul P, Zomaya AY (2011) Task assignment in multiple server farms using preemptive migration and flow control. J Parallel Distrib Comput 71(12):1608–1621
Kuzmanovic A, Knightly EW (2003) Low- rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In: Conference on applications, technologies, architectures, and protocols for computer communications, pp 75–86. https://doi.org/10.1145/863955.863966
Finsterbusch M, Richter C, Rocha E, Muller JA, Hanssgen K (2014) A survey of payload-based traffic classification approaches. IEEE Commun Surv Tutor 16(2):1135–1156
Tongaonkar A, Torres R, Iliofotou M, Keralapura R, Nucci A (2015) Towards self adaptive network traffic classification. Comput Commun 56(1):35–46
Zhang J, Chen X, Xiang Y, Zhou W, Jie W (2015) Robust network traffic classification. IEEE/ACM Trans Netw 23(4):1257–1270
Peng L, Yang B, Chen Y (2015) Effective packet number for early stage internet traffic identification. Neurocomputing 156:252–267
Huang CL, Dun JF (2008) A distributed PSO–SVM hybrid system with feature selection and parameter optimization. Appl Soft Comput 8(4):1381–1391
Carlin A, Hammoudeh M, Aldabbas O (2015) Defence for distributed denial of service attacks in cloud computing. Procedia Comput Sci 73:490–497
Tiwari D, Mallick B (2016) SVM and Naïve Bayes network traffic classification using correlation information. Int J Comput Appl 147(3):1–5
Wang W, Zeng X, Ye X, Sheng Y, Zhu M (2017) Malware traffic classification using convolutional neural networks for representation learning. In: International conference on information networking lCOIN
Lim H, Yamaguchi Y, Shimada H, Takakura H (2015) Malware classification method based on sequence of traffic flow. In: International conference on information systems security and privacy (ICISSP)
Boger M, Liu T, Ratliff J, Nick W, Yuan X, Esterline A (2016) Network traffic classification for security analysis. SoutheastCon. https://doi.org/10.1109/SECON.2016.7506668
Elejla OE, Anbar M, Belaton B, Alijla BO (2018) Flow-based ids for icmpv6-based ddos attacks detection. Arab J Sci Eng 43(12):7757–7775
Prasad K, Munivara A Rama, Mohan Reddy K, Rao V (2018) Ensemble classifiers with drift detection (ECDD) in traffic flow streams to detect DDOS attacks. Wirel Pers Commun 99(4):1639–1659
Singh K, Singh P, Kumar K (2018) User behaviour analytics-based classification of application layer http-get flood attacks. J Netw Comput Appl 112:97–114
Singh UK, Joshi C, Kanellopoulos D (2019) A framework for zero-day vulnerabilities detection and prioritization. J Inf Secur Appl 46:164–172
Perakovic D, Perisa M, Cvitic I, Husnjak S (2017) Model for detection and classification of ddos traffic based on artificial neural network. Telfor J 9(1):26
Vidal JM, Orozco ALS, Villalba LJG (2017) Alert correlation framework for malware detection by anomaly-based packet payload analysis. J Netw Comput Appl 97:11–22
Idhammad M, Afdel K, Belouch M (2018) Semi-supervised machine learning approach for ddos detection. Appl Intell 48(10):3193–3208
Behal S, Kumar K, Sachdeva M (2018) D-face: an anomaly based distributed approach for early detection of DDOS attacks and flash events. J Netw Comput Appl 111:49–63
Wang C, Yao H, Liu Z (2019) An efficient ddos detection based on su-genetic feature selection. Clust Comput 22(1):2505–2515
Zareapoor M, Pourya Shamsolmoali M, Alam A (2018) Advance ddos detection and mitigation technique for securing cloud. Int J Comput Sci Eng 16(3):303–310
Wang C, Miu TT, Luo X, Wang J (2018) Skyshield: a sketch-based defense system against application layer ddos attacks. IEEE Trans Inf Forensics Secur 13(3):559–573
Jazi HH, Gonzalez H, Stakhanova N, Ghorbani AA (2017) Detecting http-based application layer dos attacks on web servers in the presence of sampling. Comput Netw 121:25–36
Calvert K (2019) Impact of class distribution on the detection of slow HTTP DoS attacks using Big Data. J Big Data 6(1):67
Huang C, Han J, Zhang X, Liu J (2019) Automatic identification of Honeypot server using machine learning techniques. Secur Commun Netw. https://doi.org/10.1155/2019/2627608
Skala K, Davidovic D, Afgan E, Sovic I, Sojat Z (2015) Scalable distributed computing hierarchy: cloud, fog and dew computing. Open J Cloud Comput (OJCC) 2(1):16–24
Li P, Dong L, Xiao H, Xu M (2015) A cloud image detection method based on SVM vector machine. Neurocomputing 169:34–42
Viswanadham N, Narahari Y (2009) Performance modeling of automated manufacturing systems. PHI, New Delhi
SumaiyaThaseen I, Aswani Kumar C (2016) Intrusion detection model using fusion of Chi square feature selection and multi class SVM. J King Saud Univ Comput Inf Sci. https://doi.org/10.1016/j.jksuci.2015.12.004
Dai W, Yang Q, Xue GR, Yu Y (2007) Boosting for transfer learning. In: International conference on machine learning ICML’07, pp 193–200
Hulley G, Marwala T (2007) Evolving classifiers: methods for incremental learning. In: CoRR 2007. https://arxiv.org/ftp/arXiv:0709.3965v2[cs.LG]
Combs G. Ethereal. http://www.wireshark.org. Accessed 15 Aug 2007
García S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of Botnet detection methods. J Comput Secur 45:100–123. https://doi.org/10.1016/j.cose.2014.05.011
MAWI Working Group Traffic Archive. http://mawi.wide.ad.jp/mawi/
Nguyen TT, Armitage G (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutor 10(4):56–76
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that there is no conflict of interest related to this work.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Punitha, V., Mala, C. Traffic classification in server farm using supervised learning techniques. Neural Comput & Applic 33, 1279–1296 (2021). https://doi.org/10.1007/s00521-020-05030-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-020-05030-2