Array (Sep 2022)
Distributed denial of service attack detection in E-government cloud via data clustering
Abstract
One of the main essential security issues of cloud computing is the detection and prevention of network intrusions. The gaps in the network directly affect the security of the cloud as it is the foundation of it. Attacks in the cloud are launched either by compromised nodes of the network outside of the cloud or by virtual machines (VMs) within the cloud network. So, monitoring both external and internal traffic of the cloud network is of great importance. In this paper, a machine learning method performing accurate clustering of network data to detect DDoS attacks has been proposed. The method uses a feature selection technique to increase the efficiency of data clustering. To provide the feature selection the PCA algorithm has been used. For the dataset formed on selected features, the DBSCAN (density-based spatial clustering of applications with noise), Agglomerative Clustering, and k-means algorithms are applied. In the experiment, the clustering results of the methods using fewer features were higher on all metrics than the clustering results of the methods using all the features. Сompared to the standard algorithms, the PCA + DBSCAN, PCA + Agglomerative, and PCA + k-means algorithms obtained higher values on the Adjusted Rand Index metric and reached 0.8989, 0.9130, 0.9094 values, respectively. The effectiveness of the approach also was evaluated on the other clustering metrics and obtained high results. The proposed system can be installed in both internal and external cloud infrastructure. This allows, to detect attacks on the external cloud network, as well as on the internal physical network or in the virtual network between hypervisors.