Cargando…

SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks

Distributed denial of service (DDoS) is an immense threat for Internet based-applications and their resources. It immediately floods the victim system by transmitting a large number of network packets, and due to this, the victim system resources become unavailable for legitimate users. Therefore, t...

Descripción completa

Detalles Bibliográficos
Autores principales: Patil, Nilesh Vishwasrao, Krishna, C. Rama, Kumar, Krishan
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Springer US 2022
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8761536/
https://www.ncbi.nlm.nih.gov/pubmed/35068996
http://dx.doi.org/10.1007/s10586-022-03538-x
_version_ 1784633549366755328
author Patil, Nilesh Vishwasrao
Krishna, C. Rama
Kumar, Krishan
author_facet Patil, Nilesh Vishwasrao
Krishna, C. Rama
Kumar, Krishan
author_sort Patil, Nilesh Vishwasrao
collection PubMed
description Distributed denial of service (DDoS) is an immense threat for Internet based-applications and their resources. It immediately floods the victim system by transmitting a large number of network packets, and due to this, the victim system resources become unavailable for legitimate users. Therefore, this attack is claimed to be a dangerous attack for Internet-based applications and their resources. Several security approaches have been proposed in the literature to protect Internet-based applications from this type of threat. However, the frequency and strength of DDoS attacks are increasing day-by-day. Further, most of the traditional and distributed processing frameworks-based DDoS attack detection systems analyzed network flows in offline batch processing. Hence, they failed to classify network flows in real-time. This paper proposes a novel Spark Streaming and Kafka-based distributed classification system, named by SSK-DDoS, for classifying different types of DDoS attacks and legitimate network flows. This classification approach is implemented using a distributed Spark MLlib machine learning algorithms on a Hadoop cluster and deployed on the Spark streaming platform to classify streams in real-time. The incoming streams consume by Kafka’s topic to perform preprocessing tasks such as extracting and formulating features for classifying them into seven groups: Benign, DDoS-DNS, DDoS-LDAP, DDoS-MSSQL, DDoS-NetBIOS, DDoS-UDP, and DDoS-SYN. Further, the SSK-DDoS classification system stores formulated features with their predicted class into the HDFS that will help to retrain the distributed classification approach using a new set of samples. The proposed SSK-DDoS classification system has been validated using the recent CICDDoS2019 dataset. The results show that the proposed SSK-DDoS efficiently classified network flows into seven classes and stored formulated features with the predicted value of each incoming network flow into HDFS.
format Online
Article
Text
id pubmed-8761536
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher Springer US
record_format MEDLINE/PubMed
spelling pubmed-87615362022-01-18 SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks Patil, Nilesh Vishwasrao Krishna, C. Rama Kumar, Krishan Cluster Comput Article Distributed denial of service (DDoS) is an immense threat for Internet based-applications and their resources. It immediately floods the victim system by transmitting a large number of network packets, and due to this, the victim system resources become unavailable for legitimate users. Therefore, this attack is claimed to be a dangerous attack for Internet-based applications and their resources. Several security approaches have been proposed in the literature to protect Internet-based applications from this type of threat. However, the frequency and strength of DDoS attacks are increasing day-by-day. Further, most of the traditional and distributed processing frameworks-based DDoS attack detection systems analyzed network flows in offline batch processing. Hence, they failed to classify network flows in real-time. This paper proposes a novel Spark Streaming and Kafka-based distributed classification system, named by SSK-DDoS, for classifying different types of DDoS attacks and legitimate network flows. This classification approach is implemented using a distributed Spark MLlib machine learning algorithms on a Hadoop cluster and deployed on the Spark streaming platform to classify streams in real-time. The incoming streams consume by Kafka’s topic to perform preprocessing tasks such as extracting and formulating features for classifying them into seven groups: Benign, DDoS-DNS, DDoS-LDAP, DDoS-MSSQL, DDoS-NetBIOS, DDoS-UDP, and DDoS-SYN. Further, the SSK-DDoS classification system stores formulated features with their predicted class into the HDFS that will help to retrain the distributed classification approach using a new set of samples. The proposed SSK-DDoS classification system has been validated using the recent CICDDoS2019 dataset. The results show that the proposed SSK-DDoS efficiently classified network flows into seven classes and stored formulated features with the predicted value of each incoming network flow into HDFS. Springer US 2022-01-17 2022 /pmc/articles/PMC8761536/ /pubmed/35068996 http://dx.doi.org/10.1007/s10586-022-03538-x Text en © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic.
spellingShingle Article
Patil, Nilesh Vishwasrao
Krishna, C. Rama
Kumar, Krishan
SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks
title SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks
title_full SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks
title_fullStr SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks
title_full_unstemmed SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks
title_short SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks
title_sort ssk-ddos: distributed stream processing framework based classification system for ddos attacks
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8761536/
https://www.ncbi.nlm.nih.gov/pubmed/35068996
http://dx.doi.org/10.1007/s10586-022-03538-x
work_keys_str_mv AT patilnileshvishwasrao sskddosdistributedstreamprocessingframeworkbasedclassificationsystemforddosattacks
AT krishnacrama sskddosdistributedstreamprocessingframeworkbasedclassificationsystemforddosattacks
AT kumarkrishan sskddosdistributedstreamprocessingframeworkbasedclassificationsystemforddosattacks