Abstract
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks can largely damage the availability of the cloud services and can be effectively initiated by utilizing different tools, prompting financial harm or influencing the reputation. Consequently, there is a requirement for a more grounded and general approach to block these attacks. This paper proposes the use of artificial immune systems to alleviate DDoS attacks in cloud computing by identifying the most potential features of the attack. This methodology is capable of detecting threats and responding according to the behavior of the biological resistance mechanism in human beings. It is carried out by emulating the various immune reactions and the construction of the intrusion detection system. For the assessment, experiments with public domain datasets (KDD cup 99) were implemented. Based on broad theoretical and performance analysis, the proposed system is capable to identify the anomalous entries with high detection accuracy and low false alarm rate.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bojović PD, Bašičević I, Ocovaj S, Popović M (2019) A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method. Comput Electr Eng 73:84–96
Ab Razak MF, Anuar NB, Othman F, Firdaus A, Afifi F, Salleh R (2018) Bio-inspired for features optimization and malware detection. Arab J Sci Eng 43(12):6963–6979
Ficco M (2019) Could emerging fraudulent energy consumption attacks make the cloud infrastructure costs unsustainable? Inf Sci 476:474–490
Wu H (2017) Artificial immune systems based intrusion detection algorithm for cloud environment. Boletín Técnico 55(1):11–17
Liang H (2014) An improved intrusion detection based on neural network and fuzzy algorithm. J Netw 9(5):1274
Johnson Singh K, Thongam K, De T (2016) Entropy-based application layer DDoS attack detection using artificial neural networks. Entropy 18(10):350
Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393
Wei W, Chen F, Xia Y, Jin G (2013) A rank correlation-based detection against distributed reflection DoS attacks. IEEE Commun Lett 17(1):173–175
Agrawal N, Tapaswi S (2018) Low rate cloud DDoS attack defense method based on power spectral density analysis. Inf Process Lett 138:44–50
Bhushan K, Gupta BB (2018) Hypothesis test for low-rate DDoS attack detection in cloud computing environment. Procedia Comput Sci 132:947–955
Shin S, Lee S, Kim H, Kim S (2013) Advanced probabilistic approach for network intrusion forecasting and detection. Expert Syst Appl 40(1):315–322
Lee SM, Kim DS, Lee JH, Park JS (2012) Detection of DDoS attacks using optimized traffic matrix. Comput Math Appl 63(2):501–510
Kebande VR, Venter HS (2014) A cognitive approach for botnet detection using artificial immune system in the cloud. In: 2014 Third international conference on cyber security, cyber warfare and digital forensic (CyberSec), IEEE, pp 52–57
Zhou W, Jia W, Wen S, Xiang Y, Zhou W (2014) Detection and defense of application-layer DDoS attacks in backbone web traffic. Future Gener Comput Syst 38:36–46
Europol: The Internet Organised Crime Threat Assessment (iOCTA). https://www.europol.europa.eu
Zhu BB, Yan J, Bao G, Yang M, Xu N (2014) Captcha as graphical passwords—a new security primitive based on hard AI problems. IEEE Trans Inf Forensics Secur 9(6):891–904
Khanna S, Venkatesh SS, Fatemieh O, Khan F, Gunter CA (2012) Adaptive selective verification: an efficient adaptive countermeasure to thwart dos attacks. IEEE/ACM Trans Netw (TON) 20(3):715–728
Al-Duwairi B, Manimaran G (2004) A novel packet marking scheme for IP traceback. In: Null, IEEE, p 195
Gong C, Sarac K (2008) A more practical approach for single-packet IP traceback using packet logging and marking. IEEE Trans Parallel Distrib Syst 19(10):1310–1324
King RL, Russ SH, Lambert AB, Reese DS (2001) An artificial immune system model for intelligent agents. Future Gener Comput Syst 17(4):335–343
Mostardinha P, Faria BF, Zúquete A, de Abreu FV (2012) A negative selection approach to intrusion detection. In: International conference on artificial immune systems, Springer, Berlin, pp 178–190
Seresht NA, Azmi R (2014) MAIS-IDS: a distributed intrusion detection system using multi-agent AIS approach. Eng Appl Artif Intell 35:286–298
Azmi R, Pishgoo B (2013) SHADuDT: secure hypervisor-based anomaly detection using danger theory. Comput Secur 39:268–288
Chen B (2010) Agent-based artificial immune system approach for adaptive damage detection in monitoring networks. J Netw Comput Appl 33(6):633–645
Özçelik İ, Brooks RR (2015) Deceiving entropy based DoS detection. Comput Secur 48:234–245
Shannon CE (1948) A mathematical theory of communication. Bell Syst Tech J 27(3):379–423
Hyndman RJ, Koehler AB, Ord JK, Snyder RD (2005) Prediction intervals for exponential smoothing using two new classes of state space models. J Forecast 24(1):17–37
Robinson RR, Thomas C (2015) Ranking of machine learning algorithms based on the performance in classifying ddos attacks. In 2015 IEEE recent advances in intelligent computational systems (RAICS), IEEE, pp 185–190
Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Real-time multi-agent system for an adaptive intrusion detection system. Pattern Recognit Lett 85:56–64
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Prathyusha, D.J., Kannayaram, G. A cognitive mechanism for mitigating DDoS attacks using the artificial immune system in a cloud environment. Evol. Intel. 14, 607–618 (2021). https://doi.org/10.1007/s12065-019-00340-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12065-019-00340-4