An Impact Analysis and Detection of HTTP Flooding Attack in Cloud Using Bio-Inspired Clustering Approach

An Impact Analysis and Detection of HTTP Flooding Attack in Cloud Using Bio-Inspired Clustering Approach

Priyanka Verma, Shashikala Tapaswi, W. Wilfred Godfrey
Copyright: © 2021 |Pages: 21
DOI: 10.4018/IJSIR.2021010103
OnDemand:
(Individual Articles)
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

The application layer HTTP flooding attack is the primary threat to web servers hosting web services in the cloud network. Due to varying network changes in the cloud, the traditional security methods are not sufficient to detect the attack. Therefore, a novel approach is proposed, which uses Teacher Learner Based Optimization (TLBO) for clustering to identify the attack requests. In this work, the logs of a web server under attack are collected and pre-processed. Further, Principal Component Analysis (PCA) is used to reduce the dimensionality of the pre-processed data. Thereafter the data is clustered using TLBO clustering, which will separate the application layer HTTP flooding attack in one cluster and rest of the requests in the other cluster. The results prove that the proposed approach performs better than other traditional and bio-inspired clustering techniques. The proposed approach also attains the peak detection rate and lowermost false alarm, which proves the efficacy of the proposed approach among another state of the art approaches.
Article Preview
Top

1. Introduction

Cloud technology relies on the paradigm of utility as computing. This technology has the potential to transfigure the IT industries. Providing software as a service in an attractive way, and also changed the old view of purchasing the complete hardware for companies by renting them (Armbrust et al., 2010). Nowadays, cloud technology has appeared as a platform for distributing resources at different levels of granularity. These resources can be shared and used by utilizing the concept of the pay-per-usage model (Al-Roomi et al., 2013). Infrastructure as a Service (IaaS) provides sharing the hardware resources, Platform as a Service (PaaS) share platform with the users, and Software as a Service (SaaS) allows the software to use without purchasing it. As the cloud provides all the services and resources online, the cloud is facing many severe security concerns. Security in the cloud environment comes out to be a significant challenge and has been a important concern for research and industry both. A large number of researchers are working in this direction to accomplish the need for security in the cloud domain.

Among all the security concerns, Distributed Denial of Service (DDoS) evolved as a significant menace to cloud computing. The DDoS attack majorly results in the enervation of resources and makes them unavailable to legitimate users. Thus, essential services may face downtime issues. The recent reports on DDoS attacks state that one out of each enterprise has become the victim of the DDoS attack. Every year there is an increase in average attack size (Arbor, 2018). There is a drastic change observed in the peak bandwidth of the DDoS attack as it was just 8 Gbps in 2000 and increased to 600 Gbps in 2017 (Yi et al., 2017). In the cloud, there exist many variants of DDoS attacks such as XML-based DDoS, HTTP flood attack, HTTP & XML DDoS (HX-DDoS) attack etc. XML based attack exhausts the resources and consumes all the CPU cycles through payload by the XML parser and eventually shutdown the webserver. HX-DDoS intentionally flood HTTP and XML based messages to extinguish the communication path of the cloud providers (Yang et al., 2012).

HTTP flooding is the application layer attack in which the resources and the services running in the cloud are being targeted. It is another variant of the DDoS attack. To launch this attack, the attacker hires many Virtual Machine (VM) instances to generate and redirect the HTTP GET/POST request to the web service (Sree et al., 2019). It exhausts the maximum resources and also leads to massive economic losses to the target company. Tools such as nmap, hping, pyflooder, etc. are able to produce attack requests. HTTP flood can be monitored by analyzing the throughput and bandwidth of the VM hosting the victim web service.

Therefore, to overcome such attacks, the system requires a diligent security concern mechanism along with different security tools. As per the literature, the defense for such attacks is classified as prevention, detection, and mitigation approaches (Ghosh et al., 2019). However, these approaches are not sufficient enough to secure the system against smart attack activities. The HTTP flooding attack is far more treacherous in the cloud because of its features (Latanicki et al., 2010). Adaptive threshold-based methods (Razmjooy et al., 2012) can also be used to reduce attack. Moreover, most of the existing security mechanism focuses on the external attack, although the attack from inside the cloud network is not considered effectively. Apart from these defense approaches, Intrusion Detection Systems (IDS) (Inayat et al., 2017) are also used for defense against DDoS attacks. However, these IDS systems may fail in two aspects; (i) The IDS systems generate a large number of low-preference alerts, and most of them belong to false positives, (ii) The IDS may also suffer from a large number of false negatives as well.

Complete Article List

Search this Journal:
Reset
Volume 15: 1 Issue (2024)
Volume 14: 3 Issues (2023)
Volume 13: 4 Issues (2022)
Volume 12: 4 Issues (2021)
Volume 11: 4 Issues (2020)
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing