Cargando…
SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks
Distributed denial of service (DDoS) is an immense threat for Internet based-applications and their resources. It immediately floods the victim system by transmitting a large number of network packets, and due to this, the victim system resources become unavailable for legitimate users. Therefore, t...
Autores principales: | , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
Springer US
2022
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8761536/ https://www.ncbi.nlm.nih.gov/pubmed/35068996 http://dx.doi.org/10.1007/s10586-022-03538-x |
_version_ | 1784633549366755328 |
---|---|
author | Patil, Nilesh Vishwasrao Krishna, C. Rama Kumar, Krishan |
author_facet | Patil, Nilesh Vishwasrao Krishna, C. Rama Kumar, Krishan |
author_sort | Patil, Nilesh Vishwasrao |
collection | PubMed |
description | Distributed denial of service (DDoS) is an immense threat for Internet based-applications and their resources. It immediately floods the victim system by transmitting a large number of network packets, and due to this, the victim system resources become unavailable for legitimate users. Therefore, this attack is claimed to be a dangerous attack for Internet-based applications and their resources. Several security approaches have been proposed in the literature to protect Internet-based applications from this type of threat. However, the frequency and strength of DDoS attacks are increasing day-by-day. Further, most of the traditional and distributed processing frameworks-based DDoS attack detection systems analyzed network flows in offline batch processing. Hence, they failed to classify network flows in real-time. This paper proposes a novel Spark Streaming and Kafka-based distributed classification system, named by SSK-DDoS, for classifying different types of DDoS attacks and legitimate network flows. This classification approach is implemented using a distributed Spark MLlib machine learning algorithms on a Hadoop cluster and deployed on the Spark streaming platform to classify streams in real-time. The incoming streams consume by Kafka’s topic to perform preprocessing tasks such as extracting and formulating features for classifying them into seven groups: Benign, DDoS-DNS, DDoS-LDAP, DDoS-MSSQL, DDoS-NetBIOS, DDoS-UDP, and DDoS-SYN. Further, the SSK-DDoS classification system stores formulated features with their predicted class into the HDFS that will help to retrain the distributed classification approach using a new set of samples. The proposed SSK-DDoS classification system has been validated using the recent CICDDoS2019 dataset. The results show that the proposed SSK-DDoS efficiently classified network flows into seven classes and stored formulated features with the predicted value of each incoming network flow into HDFS. |
format | Online Article Text |
id | pubmed-8761536 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2022 |
publisher | Springer US |
record_format | MEDLINE/PubMed |
spelling | pubmed-87615362022-01-18 SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks Patil, Nilesh Vishwasrao Krishna, C. Rama Kumar, Krishan Cluster Comput Article Distributed denial of service (DDoS) is an immense threat for Internet based-applications and their resources. It immediately floods the victim system by transmitting a large number of network packets, and due to this, the victim system resources become unavailable for legitimate users. Therefore, this attack is claimed to be a dangerous attack for Internet-based applications and their resources. Several security approaches have been proposed in the literature to protect Internet-based applications from this type of threat. However, the frequency and strength of DDoS attacks are increasing day-by-day. Further, most of the traditional and distributed processing frameworks-based DDoS attack detection systems analyzed network flows in offline batch processing. Hence, they failed to classify network flows in real-time. This paper proposes a novel Spark Streaming and Kafka-based distributed classification system, named by SSK-DDoS, for classifying different types of DDoS attacks and legitimate network flows. This classification approach is implemented using a distributed Spark MLlib machine learning algorithms on a Hadoop cluster and deployed on the Spark streaming platform to classify streams in real-time. The incoming streams consume by Kafka’s topic to perform preprocessing tasks such as extracting and formulating features for classifying them into seven groups: Benign, DDoS-DNS, DDoS-LDAP, DDoS-MSSQL, DDoS-NetBIOS, DDoS-UDP, and DDoS-SYN. Further, the SSK-DDoS classification system stores formulated features with their predicted class into the HDFS that will help to retrain the distributed classification approach using a new set of samples. The proposed SSK-DDoS classification system has been validated using the recent CICDDoS2019 dataset. The results show that the proposed SSK-DDoS efficiently classified network flows into seven classes and stored formulated features with the predicted value of each incoming network flow into HDFS. Springer US 2022-01-17 2022 /pmc/articles/PMC8761536/ /pubmed/35068996 http://dx.doi.org/10.1007/s10586-022-03538-x Text en © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
spellingShingle | Article Patil, Nilesh Vishwasrao Krishna, C. Rama Kumar, Krishan SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks |
title | SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks |
title_full | SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks |
title_fullStr | SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks |
title_full_unstemmed | SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks |
title_short | SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks |
title_sort | ssk-ddos: distributed stream processing framework based classification system for ddos attacks |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8761536/ https://www.ncbi.nlm.nih.gov/pubmed/35068996 http://dx.doi.org/10.1007/s10586-022-03538-x |
work_keys_str_mv | AT patilnileshvishwasrao sskddosdistributedstreamprocessingframeworkbasedclassificationsystemforddosattacks AT krishnacrama sskddosdistributedstreamprocessingframeworkbasedclassificationsystemforddosattacks AT kumarkrishan sskddosdistributedstreamprocessingframeworkbasedclassificationsystemforddosattacks |