Sage Journals: Discover world-class research

Abstract

A Distributed Denial of Service (DDoS) attack is the biggest threat to Internet-based applications and consumes victim service by sending a massive amount of attack traffic. In the literature, numerous approaches are available to protect the victim from the DDoS attacks. However, the attack incidents are increasing year by year. Further, several issues exist in the traditional framework based detection system such as itself becoming a victim, slow detection, no real-time response, etc. Therefore, the traditional framework based system is not capable of processing live traffic in the big data environment. This paper proposes a novel Spark streaming-based distributed and real-time DDoS detection system called S-DDoS. The proposed S-DDoS system employs the K-Means clustering algorithm to recognize the DDoS attack traffic in real-time. The proposed detection model designed on the Apache Hadoop framework using highly scalable H2O sparkling water. The detection model deployed on the Spark framework to classify live traffic flows. The results show that the proposed S-DDoS detection system efficiently detects the DDoS attack from network traffic flows with higher detection accuracy (98% ).

Keywords

Distributed denial of service (DDoS)K-means clustering algorithm big data entropy network security apache spark

Get full access to this article

View all access options for this article.

References

Sachdeva

and Kumar

, A traffic cluster entropy based approach to distinguish DDoS attacks from flash event using DETER testbed, ISRN Communications and Networking, 2014, 1–14.

Apache Spark, Link: https://spark.apache.org/, [Accessed: 04-April-2019].

Malohlava

, Mehta

and Iyengar

, Machine learning with sparkling water: H2o+ spark. H2O.ai Inc, 2016.

Lee

and Lee

, Detecting DDoS attacks with hadoop, Proceedings of The ACM CoNEXT Student Workshop, ACM, 2011.

Khattak

, Bano

, Hussain

and Anwar

, Dofur: DDoS forensics using mapreduce, in Frontiers of Information Technology (FIT), IEEE, 2011, 117–120.

Zhao

, Lo

D.C.-T.

and Qian

, A neural-network based DDoS detection system using hadoop and hbase, in High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 17th International Conference, IEEE, 2015, 1326–1331.

Dayama

, Bhandare

, Ganji

and Narayankar

, Secured network from distributed dos through hadoop, International Journal of Computer Applications118(2), 2015.

Hameed

and Ali

, Efficacy of live DDoS detection with hadoop, in Network Operations and Management Symposium (NOMS), IEEE, 2016, 488–494.

Hameed

and Ali

, Hadec: Hadoop-based live DDoS detection framework, EURASIP, Journal on Information Security2018(1), 2018.

10.

Chhabra

G.S.

, Singh

and Singh

, Hadoop-based analytic framework for cyber forensics, International Journal of Communication Systems, Wiley Online Library31(15), 2018.

11.

Patil

N.V.

, Krishna

C.R.

, Kumar

and Behal

, E-had: A distributed and collaborative detection framework for early detection of DDoS attacks, Journal of King Saud University Computer and Information Sciences, 2019.

12.

Basicevic

and Ocovaj

, Application of entropy formulas in detection of denial-of-service attacks, International Journal of Communication Systems, Wiley Online Library, 2019.

13.

Ahrenholz

, Comparison of core network emulation platforms, in 2010-Milcom 2010 Military Communications Conference, IEEE, 2010, 166–171

14.

Hoque

, Bhuyan

M.H.

, Baishya

R.C.

, Bhattacharyya

D.K.

and Kalita

J.K.

, Network attacks: Taxonomy, tools and systems, Journal of Network and Computer Applications40 (2014), 307–324.

15.

Behal

and Kumar

, Characterization and comparison of DDoS attack tools and traffic generators: A review, IJ Network Security19(3) (2017), 383–393.

16.

Wang

, Wang

and Su

, A new multistage approach to detect subtle DDoS attacks, Mathematical and Computer Modelling55(1) (2012), 198–213.

17.

A BONESi DDoS Botnet Simulator, Link: https://github.com/MarkusGo/bonesi, [Accessed: 06-April-2019].

18.

Bhandari

, Sangal

and Kumar

, Performance metrics for defense framework against distributed denial of service attacks, International Journal on Network Security5(2), 2014.

19.

Sachdeva

, Kumar

and Singh

, A comprehensive approach to discriminate DDoS attacks from flash events, Journal of Information Security and Applications26 (2016), 8–22.

20.

Han

, Bi

, Liu

and Jia

, A DDoS attack detection system based on spark framework, Computer Science and Information Systems14(3), 2017.

21.

Maheshwari

, Bhatia

and Kumar

, Faster detection and prediction of DDoS attacks using mapreduce and time series analysis, in Information Networking (ICOIN), IEEE, 2018, 556–561.

22.

Behal

, Kumar

and Sachdeva

, D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events, Journal of Network and Computer Applications111 (2018), 49–63.

23.

Behal , Sunny , and Kumar , Krishan , and Sachdeva , Monika , DFAC: A novel ϕ-divergence based distributed DDoS defense system, Journal of King Saud University-Computer and Information Sciences, 2018, 1–12.

24.

Simsek

and Senturk

, Fast and lightweight detection and filtering method for low-rate tcp targeted distributed denial of service (LDDoS) attacks, International Journal of Communication Systems31(18), 2018.

25.

Wang

, Miu

T.T.

, Luo

and Wang

, Skyshield: a sketch-based defense system against application layer DDoS attacks, IEEE Transactions on Information Forensics and Security13(3) (2018), 559–573.

26.

Bhuyan

M.H.

, Bhattacharyya

and Kalita

J.K.

, E-ldat: a lightweight system for DDoS flooding attack detection and ip traceback using extended entropy metric, Security and Communication Networks9(16) (2016), 3251–3270.

27.

Joldzic

, Djuric

and Vuletic

, A transparent and scalable anomaly-based dos detection method, Computer Networks104 (2016), 27–42.

28.

Brent

R.P.

and Zimmermann

, Modern computer arithmetic, Cambridge University Press, 18, 2010.

S-DDoS: Apache spark based real-time DDoS detection system

Abstract

Keywords

Get full access to this article

References