The Anomaly Based IDS Frameworks for Multilevel Dynamic DDoS Attack Detection in Cloud Environment

Abstract

Cloud computing offers benefits such as increased availability, scalability, and flexibility by relocating computing infrastructure to a network. Users access resources from any location at any time with a pay-as-you-use plan and internet access. Nowadays for dynamic allocation and utilization of cloud network resources efficiently, the cloud service providers newlineare relying on Software Defined Networking (SDN). Despite of many advantages of SDN, newlinecloud networks are still vulnerable to DDoS attacks, which target the SDN controller and newlineflow switches, potentially freezing the network. DDoS attacks aim to disrupt legitimate users access to services, drain network resources, and compromise system availability, leading to financial or reputational damage. Attackers use various multi-level attack patterns, targeting newlineservices or network nodes with substantial traffic volumes. A multi-level dynamic DDoS detection refers to the maximum number of features required to detect the attack. Early detection of such multi-level dynamic DDoS attacks in cloud environments remains challenging. Existing security mechanisms are inadequate to detect the dynamic DDoS attack patterns due to improper feature selection, traffic classification, and clustering, leading to an increase in false newlinepositive and negative rates, and the required resources and attack detection time. In this thesis,we have addressed the dynamic DDoS attack patterns by classifying them into low, medium,and high dynamic DDoS attack patterns. newlineWe have proposed the SDN-based framework RDAER to address low dynamic DDoS newlineattacks. This framework integrates Recursive Feature Elimination (RFE) for effective resource utilization, DBSCAN clustering for early detection of attacks, time series models to increase detection accuracy, and a rule-based event correlation to reduce the false alarm rate of the model. We have tested our RDAER on the CICDDoS 2019 dataset. Based on the results,our RDAER outperforms existing models well with good accuracy, fast detection time, and effective