Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing

In recent years, the advent of cloud computing has transformed the field of computing and information technology. It has been enabling customers to rent virtual resources and take advantage of various on-demand services with the lowest costs. Despite the advantages of cloud computing, it faces sever...

Descripción completa

Detalles Bibliográficos
Autores principales: Bamasag, Omaimah, Alsaeedi, Alaa, Munshi, Asmaa, Alghazzawi, Daniyal, Alshehri, Suhair, Jamjoom, Arwa
Formato: Online Artículo Texto
Lenguaje:English
Publicado: PeerJ Inc. 2022
Materias:
Computer Networks and Communications
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9202629/
https://www.ncbi.nlm.nih.gov/pubmed/35721670
http://dx.doi.org/10.7717/peerj-cs.814
_version_ 1784728571124645888
author Bamasag, Omaimah
Alsaeedi, Alaa
Munshi, Asmaa
Alghazzawi, Daniyal
Alshehri, Suhair
Jamjoom, Arwa
author_facet Bamasag, Omaimah
Alsaeedi, Alaa
Munshi, Asmaa
Alghazzawi, Daniyal
Alshehri, Suhair
Jamjoom, Arwa
author_sort Bamasag, Omaimah
collection PubMed
description In recent years, the advent of cloud computing has transformed the field of computing and information technology. It has been enabling customers to rent virtual resources and take advantage of various on-demand services with the lowest costs. Despite the advantages of cloud computing, it faces several threats; an example is a distributed denial of service (DDoS) attack, which is considered among the most serious. This article presents real-time monitoring and detection of DDoS attacks on the cloud using a machine learning approach. Naïve Bayes, K-nearest neighbor, decision tree, and random forest machine learning classifiers have been selected to build a predictive model named “Real-Time DDoS flood Attack Monitoring and Detection RT-AMD.” The DDoS-2020 dataset was constructed with 70,020 records to evaluate RT-AMD’s accuracy. The DDoS-2020 contains three protocols for network/transport-level, which are TCP, DNS, and ICMP. This article evaluates the proposed model by comparing its accuracy with related works. Our model has shown improvement in the results and reached real-time attack detection using incremental learning. The model achieved 99.38% accuracy for the random forest in real-time on the cloud environment and 99.39% on local testing. The RT-AMD was evaluated on the NSL-KDD dataset as well, in which it achieved 99.30% accuracy in real-time in a cloud environment.
format Online
Article
Text
id pubmed-9202629
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher PeerJ Inc.
record_format MEDLINE/PubMed
spelling pubmed-92026292022-06-17 Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing Bamasag, Omaimah Alsaeedi, Alaa Munshi, Asmaa Alghazzawi, Daniyal Alshehri, Suhair Jamjoom, Arwa PeerJ Comput Sci Computer Networks and Communications In recent years, the advent of cloud computing has transformed the field of computing and information technology. It has been enabling customers to rent virtual resources and take advantage of various on-demand services with the lowest costs. Despite the advantages of cloud computing, it faces several threats; an example is a distributed denial of service (DDoS) attack, which is considered among the most serious. This article presents real-time monitoring and detection of DDoS attacks on the cloud using a machine learning approach. Naïve Bayes, K-nearest neighbor, decision tree, and random forest machine learning classifiers have been selected to build a predictive model named “Real-Time DDoS flood Attack Monitoring and Detection RT-AMD.” The DDoS-2020 dataset was constructed with 70,020 records to evaluate RT-AMD’s accuracy. The DDoS-2020 contains three protocols for network/transport-level, which are TCP, DNS, and ICMP. This article evaluates the proposed model by comparing its accuracy with related works. Our model has shown improvement in the results and reached real-time attack detection using incremental learning. The model achieved 99.38% accuracy for the random forest in real-time on the cloud environment and 99.39% on local testing. The RT-AMD was evaluated on the NSL-KDD dataset as well, in which it achieved 99.30% accuracy in real-time in a cloud environment. PeerJ Inc. 2022-06-13 /pmc/articles/PMC9202629/ /pubmed/35721670 http://dx.doi.org/10.7717/peerj-cs.814 Text en © 2022 Bamasag et al. https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Computer Science) and either DOI or URL of the article must be cited.
spellingShingle Computer Networks and Communications
Bamasag, Omaimah
Alsaeedi, Alaa
Munshi, Asmaa
Alghazzawi, Daniyal
Alshehri, Suhair
Jamjoom, Arwa
Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing
title Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing
title_full Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing
title_fullStr Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing
title_full_unstemmed Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing
title_short Real-time DDoS flood attack monitoring and detection (RT-AMD) model for cloud computing
title_sort real-time ddos flood attack monitoring and detection (rt-amd) model for cloud computing
topic Computer Networks and Communications
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9202629/
https://www.ncbi.nlm.nih.gov/pubmed/35721670
http://dx.doi.org/10.7717/peerj-cs.814
work_keys_str_mv AT bamasagomaimah realtimeddosfloodattackmonitoringanddetectionrtamdmodelforcloudcomputing
AT alsaeedialaa realtimeddosfloodattackmonitoringanddetectionrtamdmodelforcloudcomputing
AT munshiasmaa realtimeddosfloodattackmonitoringanddetectionrtamdmodelforcloudcomputing
AT alghazzawidaniyal realtimeddosfloodattackmonitoringanddetectionrtamdmodelforcloudcomputing
AT alshehrisuhair realtimeddosfloodattackmonitoringanddetectionrtamdmodelforcloudcomputing
AT jamjoomarwa realtimeddosfloodattackmonitoringanddetectionrtamdmodelforcloudcomputing

Ejemplares similares