IJCNIS Vol. 15, No. 4, 8 Aug. 2023
Cover page and Table of Contents: PDF (size: 658KB)
Full Text (PDF, 658KB), PP.61-71
Views: 0 Downloads: 0
Hyper Calls Analysis, Machine Learning, Support Vector Machine, Stochastic Gradient Descent
In the scenario of Distributed Denial of Service (DDoS) attacks are increasing in a significant manner, the attacks should be mitigated in the beginning itself to avoid its devastating consequences for any kind of business. DDoS attack can slow down or completely block online services of business like websites, email or anything that faces internet. The attacks are frequently originating from cloud virtual machines for anonymity and wide network bandwidth. Hyper-Calls Analysis(HCA) enables the tracing of command flow to detect any clues for the occurrence of malicious activity in the system. A DDoS attack detection approach proposed in this paper works in the hypervisor side to perform hyper calls based introspection with machine learning algorithms. The system evaluates system calls in hypervisor for the classification of malicious activities through Support Vector Machine and Stochastic Gradient Descent (SVM & SGD) Algorithms. The attack environment created using XOIC attacker tool and CPU death ping libraries. The system’s performance also evaluated on CICDDOS 2019 dataset. The experimental results reveal that more than 99.6% of accuracy in DDoS detection without degrading performance.
K. Umamaheswari, Nalini Subramanian, Manikandan Subramaniyan, "Distributed Denial of Service Attack Detection Using Hyper Calls Analysis in Cloud", International Journal of Computer Network and Information Security(IJCNIS), Vol.15, No.4, pp.61-71, 2023. DOI:10.5815/ijcnis.2023.04.06
[1] Aditya Singh, Thesis “System Call Analysis and Visualization”.
[2] ZechengHe,Ruby B. Lee, “Machine Learning Based DDoS Attack Detection From Source Side in Cloud”, in IEEE 4th International Conference on Cyber Security and Cloud Computing, 2017.
[3] National Vulnerability Database (NVD). CVE-2017- 8903. Available: https://nvd.nist.gov/vuln/detail/CVE-2017-8903, 2017
[4] Amir F. Mukeri, Dwarkoba P. Gaikwad, " Adversarial Machine Learning Attacks and Defenses in Network Intrusion Detection Systems", International Journal of Wireless and Microwave Technologies, Vol.12, No.1, pp. 12-21, 2022.
[5] Naila Samad Shaikh, Affan Yasin, Rubia Fatima, "Ontologies as Building Blocks of Cloud Security", International Journal of Information Technology and Computer Science, Vol.14, No.3, pp.52-61, 2022.
[6] Milenkoski, B. D. Payne, N. Antunes, M. Vieira, and S. Kounev, "Experience Report: An Analysis of Hypercall Handler Vulnerabilities," in IEEE 25th International Symposium on Software Reliability Engineering (ISSRE) 2014, 2014, pp. 100-111.
[7] S. Lee, G. Kim, and S. Kim, “Sequence-order-independent network profiling for detecting application layer DDoS attacks,” in EURASIP Journal on Wireless Communications and Networking, vol.2011, no.1, article no.50, 2011.
[8] Y.G.Dantas, V.Nigam, and I.E.Fonseca, “A Selective Defense for Application Layer DDoS Attacks,” in Proceedings of the 2014 IEEE Joint Intelligence and Security Informatics Conference (JISIC), pp.75–82,TheHague, Netherlands, September2014.
[9] J.Choi, C.Choi, B.Ko, and P.Kim,“A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment,” Soft Computing, vol. 18, no. 9, pp. 1697–1703,2014.
[10] Z.He, T.Zhang, and R.B.Lee, “Machine Learning Based DDoS Attack Detection from Source Side in Cloud,” in Proceedings of the 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pp. 114–120, New York, NY, USA,June 2017.
[11] I. Sreeram and V. P. Vuppala, “HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm,” Applied Computing and Informatics, 2017.
[12] I. Sofi, A. Mahajan, and V. Mansotra, “Machine learning techniques used for the detection and analysis of modern types of ddos attacks”, learning, vol.4, no.06,2017.
[13] Bharadwaja S, Sun W, Niamat M, Shen F, “Collabra: a xen hypervisor based collaborative intrusion detection system”, in 2011 eighth international conference on information technology: new generations (ITNG), IEEE, New York, 2011, pp 695–700.
[14] Maiero C, Miculan M, “Unobservable intrusion detection based on call traces in paravirtualized systems”, in 2011 proceedings of the international conference on security and cryptography (SECRYPT), IEEE, New York, 2011, pp 300–306.
[15] Wu J, Ding L, Wu Y, Min-Allah N, Khan SU, Wang Y, “C2detector: a covert channel detection framework in cloud computing”, Secur Commun Netw 7(3), 2014, pp 544–557.
[16] Le CHH, “Protecting xen hypercalls”, PhD thesis, Universiti of British Columbia, Vancouver, 2009.
[17] Wang F, Chen P, Mao B, Xie L, “Randhyp: preventing attacks via xen hypercall interface”, in Information security and privacy research, Springer, Berlin, 2012, pp 138–149.
[18] Chonka, Y. Xiang, W. Zhou, and A. Bonti, "Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks”, Journal of Network and Computer Applications, vol. 34, 2011, pp. 1097-1107.
[19] J. Bacon, D. Eyers, T. F. J. M. Pasquier, J. Singh, I. Papagiannis, and P. Pietzuch, "Information Flow Control for Secure Cloud Computing", in IEEE Transactions on Network and Service Management, vol. 11, 2014, pp. 76-89.
[20] K. Hashizume, D. Rosado, E. Fernández-Medina, and E. Fernandez, "An analysis of security issues for cloud computing”, Journal of Internet Services and Applications, vol. 4, 2013/02/27, 2013, pp. 1-13.
[21] Z. Wang, X. Jiang, W. Cui, and P. Ning, "Countering kernel rootkits with lightweight hook protection", in Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, 2009.
[22] Chen, T. Garfinkel, E. C. Lewis, P. Subrahmanyam, C. A. Waldspurger, D. Boneh, et al., "Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems", ACM SIGARCH Computer Architecture News, vol. 36, 2008, pp. 2-13.
[23] F. Zhang, J. Chen, H. Chen, and B. Zang, "CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization", in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, Cascais, Portugal, 2011.
[24] P. Colp, M. Nanavati, J. Zhu, W. Aiello, G. Coker, T. Deegan, et al., "Breaking up is hard to do: security and functionality in a commodity hypervisor", in Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, Cascais, Portugal, 2011.
[25] C. Hoang, "Protecting Xen Hypercalls: Intrusion Detection/Prevention in a Virtualized Environment", MSc, Computer Science, University of British Columbia, 2009.
[26] W. Jingzheng, D. Liping, L. Yuqi, N. Min-Allah, and Y. Wang, "XenPump: A New Method to Mitigate Timing Channel in Cloud Computing," in IEEE 5th International Conference on Cloud Computing (CLOUD) 2012, pp. 678-685.
[27] C. Yu, L. X. Li, K. Wang, and W. T. Yu, "Protecting the Security and Privacy of the Virtual Machine through Privilege Separation," Applied Mechanics and Materials, vol. 347-350, pp. 2488-2494, August 2013.
[28] C. Li, A. Raghunathan, and N. K. Jha, "Secure Virtual Machine Execution under an Untrusted Management OS," in IEEE 3rd International Conference on Cloud Computing, 2010, pp. 172-179.
[29] Milenkoski, B. D. Payne, N. Antunes, M. Vieira, and S. Kounev, "HInjector: Injecting Hypercall Attacks for Evaluating VMI-based Intrusion Detection Systems," in Annual Computer Security Applications Conference (ACSAC), 2013.
[30] Isaac Kofi Nti, Owusu Nyarko-Boateng, Justice Aning, "Performance of Machine Learning Algorithms with Different K Values in K-fold Cross-Validation", International Journal of Information Technology and Computer Science, Vol.13, No.6, pp.61-71, 2021.
[31] Pushpam Kumar Sinha, “Modifying one of the Machine Learning Algorithms kNN to Make it Independent of the Parameter k by Re-defining Neighbor” I. J. Mathematical Sciences and Computing, vol.4, pp.12-25, August 2020.
[32] Samuel Ndichu, Sylvester McOyowo, Henry Okoyo, Cyrus Wekesa, "A Remote Access Security Model based on Vulnerability Management", International Journal of Information Technology and Computer Science, Vol.12, No.5, pp.38-51, 2020.
[33] Tong Zhang, “Solving Large Scale Linear Predition Problems Using Stohasti Gradient Descent Algorithms”, in ICML 2004: Proceedings of the Twenty-First International Conference on Machine Learning. Omnipress, 919-926, 2004.
[34] Sharafaldin, I.; Lashkari, A.H.; Hakak, S.; Ghorbani, A.A., “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy” in Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 1–3 October 2019; pp. 1–8.