Distributed denial of service attack detection in cloud computing environment using machine learning

Abstract

A distributed denial of service (DDoS) attack is a type of cyber-attack in which the perpetrator aims to deny the services on a network or server by inundating the traffic on the network or server by superfluous requests which renders it incapable to serve requests from legitimate users. For cloud computing, DDoS is one of the most frequent attacks that inflict serious damage, affect the performance and continue to be the predominant security challenge. This cyber threat continues to grow even with the development of new protection technologies. Researchers are constantly paying attention to DDoS attack detection to reach an impervious and guaranteed safe web based system and cloud computing. Various machine learning approaches have been used recently to detect DDoS attack. But over the past decade, research on DDoS attack detection has focused on a few classes of these attacks. Moreover, some research are based on outdated dataset which are quite different from the recent DDoS attack types. In this thesis a machine learning (ML) based DDoS attack detection system in cloud is presented. A new dataset is generated in the lab environment with most types of modern DDoS attack in cloud computing. The dataset contains more than 10 million instances with 28 features and 06 classes. This research incorporates five popular machine learning algorithms: Decision Tree, Random Forest, Logistic Regression, Naive Bayes and Stochastic Gradient Descent and feature selection is performed in two stages by using Recursive Feature Elimination with Cross Validation and calculating feature importance. The experimental results show that with Random Forest algorithm, the DDoS attack detection rate is very significant with high precision and recall. To validate the results, other machine learning techniques are compared with the obtained results as well as with some other recent research work and the experimental result shows better performance with high precision compared to several machine learning based state-of-the-art methods. The outcome of this research may be applied to prevent DDoS attacks in a cloud computing environment.