Call for Paper - Upcoming Issues

Mitigation of HTTP Flood DDoS Attack in Application Layer Using Machine Learning and Isolation Forest

International Journal of Electrical and Electronics Engineering
© 2023 by SSRG - IJEEE Journal
Volume 10 Issue 10
Year of Publication : 2023
Authors : P. Krishna Kishore, S. Ramamoorthy, V.N. Rajavarman
10.14445/23488379/IJEEE-V10I10P102
pdf
How to Cite?

P. Krishna Kishore, S. Ramamoorthy, V.N. Rajavarman, "Mitigation of HTTP Flood DDoS Attack in Application Layer Using Machine Learning and Isolation Forest," SSRG International Journal of Electrical and Electronics Engineering, vol. 10,  no. 10, pp. 6-19, 2023. Crossref, https://doi.org/10.14445/23488379/IJEEE-V10I10P102

Abstract:

Distributed Denial of Service (DDoS) attacks, specifically HTTP flood DDoS attacks, have become a constant and substantial threat to online companies and critical services due to the growing popularity of web-based applications and technology. HTTP flood DDoS attacks inundate web servers with an overwhelming volume of seemingly legitimate HTTP requests emanating from compromised devices or botnets. Traditional DDoS mitigation approaches, often reliant on rate limiting and traffic filtering, struggle to discern between legitimate and malicious traffic, leading to service degradation or downtime. Methods for identifying abnormal HTTP traffic behaviour involve gathering and preprocessing data, generating features, and developing Isolation Forest algorithms. The power of this method comes from its ability to detect anomalies in real-time, making it easy to identify and block HTTP flood DDoS attack traffic. As such, this is a significant feature of the methodology. In tandem with Isolation Forest, machine learning empowers the system to adapt proactively to emerging attack vectors, enhancing its resilience in the face of evolving threats. This research presents a novel approach to fortify the application layer against HTTP flood DDoS attacks by utilizing machine learning techniques, with a central focus on the Isolation Forest algorithm. The experimental validation results show that the proposed framework can effectively recognize and mitigate HTTP flood DDoS attacks with minimal service interruption and false positives. The tests were run on benchmark datasets from the KDD Cup 1999 and the NSL-KDD, and the results stated here enhance the basis for the proposed model and enable the research to achieve its objective.

Keywords:

Distributed Denial of Service (DDoS) attacks, HTTP flood DDoS attack, Botnet, Machine learning, Isolation Forest algorithm.

References:

[1] Ali Mustapha et al., “Detecting DDoS Attacks Using Adversarial Neural Network,” Computers & Security, vol. 127, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Abdullah Ahmed Bahashwan et al., “A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking,” Sensors, vol. 23, no. 9, pp. 1-48, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[3] K. Munivara Prasad, A. Rama Mohan Reddy, and K. Venugopal Rao, “Anomaly Based Real Time Prevention of under Rated App-DDOS Attacks on Web: An Experiential Metrics Based Machine Learning Approach,” Indian Journal of Science and Technology, vol. 9, no. 27, pp. 1-10, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Raj kumar, and Manisha Jitendra Nene, “A Survey on Latest DoS Attacks: Classification and Defense Mechanisms,” International Journal of Innovative Research in Computer and Communication Engineering, vol. 1, no. 8, pp. 1847-1860, 2013.
[Google Scholar] [Publisher Link]
[5] Erol Gelenbe, Michael Gellman, and George Loukas, “An Autonomic Approach to Denial of Service Defence,” Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks, Taormina-Giardini Naxos, Italy, pp. 537-541, 2005.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Yadong Wang et al., “A Survey of Defense Mechanisms against Application Layer Distributed Denial of Service (DDoS) Attacks,” 2015 6th IEEE International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, pp. 1034-1037, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Yi Xie, and Shun-Zheng Yu, “A Novel Model for Detecting Application Layer DDoS Attacks,” First International Multi-Symposiums on Computer and Computational Sciences (IMSCCS’06), Hangzhou, China, pp. 56-63, 2006.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Jie Yu et al., “A Detection and Offense Mechanism to Defend against Application Layer DDoS Attacks,” International Conference on Networking and Services (ICNS ‘07), Athens, Greece, pp. 54-54, 2007.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Abigail Hubbard, “Detecting the Intensity of Denial-of-Service Cyber Attacks Using Supervised Machine Learning,” Undergraduate Honors Theses, East Tennessee State University, 2022.
[Google Scholar] [Publisher Link]
[10] Saikat Das, “Detection and Explanation of Distributed Denial of Service (DDoS) Attack through Interpretable Machine Learning,” Electronic Theses and Dissertations, University of Memphis, 2021.
[Google Scholar] [Publisher Link]
[11] C.M. Nalayini, and Jeevaa Katiravan, “Detection of DDoS Attack Using Machine Learning Algorithms,” Journal of Emerging Technologies and Innovative Research, vol. 9, no. 7, pp. 223-232, 2022.
[Google Scholar] [Publisher Link]
[12] Jayakumar Sadhasivam et al., “A Survey of Machine Learning Algorithms,” International Journal of Engineering Trends and Technology, vol. 68, no. 4, pp. 64-71, 2020.
[CrossRef] [Publisher Link]
[13] Parvinder Singh Saini, Sunny Behal, and Sajal Bhatia, “Detection of DDoS Attacks Using Machine Learning Algorithms,” 2020 7th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, pp. 16-21, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Marwane Zekri et al., “DDoS Attack Detection Using Machine Learning Techniques in Cloud Computing Environments,” 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), Rabat, Morocco, pp. 1-7, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Supranamaya Ranjan et al., “DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 26-39, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Georgios Loukas, and Gülay Öke, “Protection against Denial of Service Attacks: A Survey,” The Computer Journal, vol. 53, no. 7, pp. 1020-1037, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Alan Bivens et al., “Network-Based Intrusion Detection Using Neural Networks,” Proceeding of Intelligent Engineering Systems through Artificial Neural Networks, St. Louis, MO, vol. 12, pp. 579-584, 2002.
[Google Scholar] [Publisher Link]
[18] Sujay Apale et al., “Defense Mechanism for DDoS Attack through Machine Learning,” International Journal of Research in Engineering and Technology, vol. 3, no. 10, pp. 291-294, 2014.
[Google Scholar] [Publisher Link]
[19] Kejie Lu et al., “Robust and Efficient Detection of DDoS Attacks for Large-Scale Internet,” Computer Networks, vol. 51, no. 18, pp. 5036-5056, 2007.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Fariba Haddadi et al., “Intrusion Detection and Attack Classification Using Feed-Forward Neural Network,” 2010 Second International Conference on Computer and Network Technology, Bangkok, Thailand, pp. 262-266, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[21] J. Jorgenson et al., “A Hierarchical Anomaly Network Intrusion Detection System Using Neural Network Classification,” Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 2001.
[Google Scholar]
[22] Zhengan Huang et al., “Insight of the Protection for Data Security under Selective Opening Attacks,” Information Sciences, vol. 412- 413, pp. 223-241, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Paul Barford, and David Plonka, “Characteristics of Network Traffic Flow Anomalies,” IMW’01: Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, pp. 69-73, 2001.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Aapo Kalliola et al., “Flooding DDoS Mitigation and Traffic Management with Software Defined Networking,” 2015 IEEE 4th International Conference on Cloud Networking (CloudNet), Niagara Falls, Canada, pp. 248-254, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[25] S. Seufert, and D. O’Brien, “Machine Learning for Automatic Defence against Distributed Denial of Service Attacks,” 2007 IEEE International Conference on Communications, Glasgow, UK, pp. 1217-1222, 2007.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Josep L. Berral et al., “Adaptive Distributed Mechanism against Flooding Network Attacks Based on Machine Learning,” Proceedings of the 1st ACM Workshop on AISec, pp. 43-50, 2008.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Alfredo Cuzzocrea, Edoardo Fadda, and Enzo Mumolo, “Cyber-Attack Detection via Non-Linear Prediction of IP Addresses: An Innovative Big Data Analytics Approach,” Multimedia Tools and Applications, vol. 81, pp. 171-189, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[28] J. Olamantanmi Mebawondu et al., “Network Intrusion Detection System Using Supervised Learning Paradigm,” Scientific African, vol. 9, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[29] P. Arun Raj Kumar, and S. Selvakumar, “Distributed Denial of Service Attack Detection Using an Ensemble of Neural Classifier,” Computer Communications, vol. 34, no. 11, pp. 1328-1341, 2011.
[CrossRef] [Google Scholar] [Publisher Link]
[30] Mouhammd Alkasassbeh et al., “Detecting Distributed Denial of Service Attacks Using Data Mining Techniques,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 7, no. 1, pp. 436-445, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[31] Mahbod Tavallaee et al., “A Detailed Analysis of the KDD Cup 99 Data Set,” 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, Canada, pp. 1-6, 2009.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Mahadev, Vinod Kumar, and Krishan Kumar, “Classification of DDoS Attack Tools and Its Handling Techniques and Strategy at Application Layer,” 2016 2nd International Conference on Advances in Computing, Communication, & Automation (ICACCA), Bareilly, India, pp. 1-6, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[33] Vishal V. Mahale, Nikita P. Pareek, and Vrushali U. Uttarwar, “Alleviation of DDoS Attack Using Advance Technique,” 2017 International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), Bengaluru, India, pp. 172-176, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Rohan Doshi, Noah Apthorpe, and Nick Feamster, “Machine Learning DDoS Detection for Consumer Internet of Things Devices,” 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, pp. 29-35, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[35] Rubayyi Alghamdi, and Martine Bellaiche, “A Cascaded Federated Deep Learning Based Framework for Detecting Wormhole Attacks in IoT Networks,” Computers & Security, vol. 125, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[36] I. Lakshmi, “Security Analysis in Internet of Things Using DDOS Mechanisms,” SSRG International Journal of Mobile Computing and Application, vol. 6, no. 1, pp. 19-24, 2019.
[Publisher Link]
[37] Antoni Jaszcz, and Dawid Połap, “AIMM: Artificial Intelligence Merged Methods for Flood DDoS Attacks Detection,” Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 10, pp. 8090-8101, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[38] M. Revathi, V.V. Ramalingam, and B. Amutha, “A Machine Learning Based Detection and Mitigation of the DDOS Attack by Using SDN Controller Framework,” Wireless Personal Communications, vol. 127, pp. 2417-2441, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[39] Arvind T., and K. Radhika, “XGBoost Machine Learning Model-Based DDoS Attack Detection and Mitigation in an SDN Environment,” International Journal of Engineering Trends and Technology, vol. 71, no. 2, pp. 349-361, 2023.
[CrossRef] [Publisher Link]
[40] Hakem Beitollahi, Dyari Mohammed Sharif, and Mahdi Fazeli, “Application Layer DDoS Attack Detection Using Cuckoo Search Algorithm-Trained Radial Basis Function,” IEEE Access, vol. 10, pp. 63844-63854, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[41] Morenikeji Kabirat Kareem et al., “Efficient Model for Detecting Application Layer Distributed Denial of Service Attacks,” Bulletin of Electrical Engineering and Informatics, vol. 12, no. 1, pp. 441-450, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[42] Kamran Siddique et al., “KDD Cup 99 Data Sets: A Perspective on the Role of Data Sets in Network Intrusion Detection Research,” Computer, vol. 52, no. 2, pp. 41-51, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[43] Robin Sommer, and Vern Paxson, “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection,” 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 305-316, 2010.
[CrossRef] [Google Scholar] [Publisher Link]
[44] K. Munivara Prasad, A. Rama Mohan Reddy, and K. Venugopal Rao, “BIFAD: Bio-Inspired Anomaly Based HTTP-Flood Attack Detection,” Wireless Personal Communications, vol. 97, no. 1, pp. 281-308, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[45] P. Arun Raj Kumar, and S. Selvakumar, “Detection of Distributed Denial of Service Attacks Using an Ensemble of Adaptive and Hybrid Neuro-Fuzzy Systems,” Computer Communications, vol. 36, no. 3, pp. 303-319, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[46] Bin Jia et al., “A DDoS Attack Detection Method Based on Hybrid Heterogeneous Multiclassifier Ensemble Learning,” Journal of Electrical and Computer Engineering, vol. 2017, pp. 1-9, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[47] Fadir Salmen et al., “Using Firefly and Genetic Metaheuristics for Anomaly Detection Based on Network Flows,” AICT 2015: The Eleventh Advanced International Conference on Telecommunications, pp. 113-118, 2015.
[Google Scholar] [Publisher Link]