Browsing by Author "Choo, Kim-Kwang Raymond"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Open Access
    DDoS defence for service availability in cloud computing
    (2016) Osanaiye, Opeyemi Ayokunle; Dlodlo, Mqhele E; Choo, Kim-Kwang Raymond
    Cloud computing presents a convenient way of accessing services, resources and applications over the Internet by shifting the focus of industries and organizations from the deployment and day-to-day running of their IT facilities, to provide an on-demand, self-service, and pay-as-you-go business model. Despite its increased popularity, ensuring security and availability of data, resources and services remains an ongoing research challenge. Distributed Denial of Service (DDoS) attacks are not a new threat but they remain a major security challenge in achieving a secure and guaranteed service and resources in cloud computing. Mitigating DDoS attack in cloud computing presents a new dimension to the solutions proffered in traditional computing, therefore, this work proposes DDoS defence solutions that identify and classify packet traffic as either legitimate or malicious, based on its attributes. This thesis has three objectives. Firstly, it investigates a major attribute of DDoS attack, the spoofing of source IP address that hides its identity to disallow easy traceback or deceive the cloud provider to enjoy certain services accrued to a trusted host. Secondly, due to the increased number and sophistication of DDoS attacks against cloud services and the magnitude of traffic that needs to be processed, the analysis of feature selection methods and classification techniques was carried out. Feature selection has been identified as a pre-processing phase in cloud DDoS attack defence that could potentially increase the classification accuracy and reduce the computational complexity, by identifying important features from the original dataset, during supervised learning. Finally, this thesis studies the packet inter-arrival time (IAT) feature of traffic traces, in order to determine the presence of an attack using a change-point detection. The DDoS attack pattern is detected by leveraging on the fact that most DDoS attacks are automated, thus exhibiting similar patterns. The main contributions are as follows: (i) This thesis proposes an IP spoofing detection technique that uses a passive and active host-based operating system (OS) fingerprinting to detect the true source of a packet during a spoofed DDoS attack; (ii) this thesis proposes an ensemble-based multi-filter feature selection (EMFFS) method that combines the output of four filter methods to achieve an optimum selection, and a decision-tree classifier to detect DDoS attacks; and (iii) this thesis proposes a change-point monitoring algorithm to detect DDoS flooding attacks against cloud services, by examining the packet IAT. A DDoS attack pattern is distinguished from normal traffic by using cumulative sum algorithm (CUSUM). The results obtained show a high detection rate and classification accuracy, when compared with other classification techniques in the literature.
  • Thumbnail Image
    Item
    Open Access
    Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing
    (2016) Osanaiye, Opeyemi; Cai, Haibin; Choo, Kim-Kwang Raymond; Dehghantanha, Ali; Xu, Zheng; Dlodlo, Mqhele
    Abstract Widespread adoption of cloud computing has increased the attractiveness of such services to cybercriminals. Distributed denial of service (DDoS) attacks targeting the cloud’s bandwidth, services and resources to render the cloud unavailable to both cloud providers, and users are a common form of attacks. In recent times, feature selection has been identified as a pre-processing phase in cloud DDoS attack defence which can potentially increase classification accuracy and reduce computational complexity by identifying important features from the original dataset during supervised learning. In this work, we propose an ensemble-based multi-filter feature selection method that combines the output of four filter methods to achieve an optimum selection. We then perform an extensive experimental evaluation of our proposed method using intrusion detection benchmark dataset, NSL-KDD and decision tree classifier. The findings show that our proposed method can effectively reduce the number of features from 41 to 13 and has a high detection rate and classification accuracy when compared to other classification techniques.