Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
DDoS defence for service availability in cloud computing
Cloud computing presents a convenient way of accessing services, resources and applications over the Internet by shifting the focus of industries and organizations from the deployment and day-to-day running of their IT facilities, to provide an on-demand, self-service, and pay-as-you-go business mod...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Electrical Engineering
2017
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867611277201768448 |
|---|---|
| access_status_str | Open Access |
| author | Osanaiye, Opeyemi Ayokunle |
| author2 | Dlodlo, Mqhele E |
| author_browse | Dlodlo, Mqhele E Osanaiye, Opeyemi Ayokunle |
| author_facet | Dlodlo, Mqhele E Osanaiye, Opeyemi Ayokunle |
| author_sort | Osanaiye, Opeyemi Ayokunle |
| collection | Thesis |
| description | Cloud computing presents a convenient way of accessing services, resources and applications over the Internet by shifting the focus of industries and organizations from the deployment and day-to-day running of their IT facilities, to provide an on-demand, self-service, and pay-as-you-go business model. Despite its increased popularity, ensuring security and availability of data, resources and services remains an ongoing research challenge. Distributed Denial of Service (DDoS) attacks are not a new threat but they remain a major security challenge in achieving a secure and guaranteed service and resources in cloud computing. Mitigating DDoS attack in cloud computing presents a new dimension to the solutions proffered in traditional computing, therefore, this work proposes DDoS defence solutions that identify and classify packet traffic as either legitimate or malicious, based on its attributes. This thesis has three objectives. Firstly, it investigates a major attribute of DDoS attack, the spoofing of source IP address that hides its identity to disallow easy traceback or deceive the cloud provider to enjoy certain services accrued to a trusted host. Secondly, due to the increased number and sophistication of DDoS attacks against cloud services and the magnitude of traffic that needs to be processed, the analysis of feature selection methods and classification techniques was carried out. Feature selection has been identified as a pre-processing phase in cloud DDoS attack defence that could potentially increase the classification accuracy and reduce the computational complexity, by identifying important features from the original dataset, during supervised learning. Finally, this thesis studies the packet inter-arrival time (IAT) feature of traffic traces, in order to determine the presence of an attack using a change-point detection. The DDoS attack pattern is detected by leveraging on the fact that most DDoS attacks are automated, thus exhibiting similar patterns. The main contributions are as follows: (i) This thesis proposes an IP spoofing detection technique that uses a passive and active host-based operating system (OS) fingerprinting to detect the true source of a packet during a spoofed DDoS attack; (ii) this thesis proposes an ensemble-based multi-filter feature selection (EMFFS) method that combines the output of four filter methods to achieve an optimum selection, and a decision-tree classifier to detect DDoS attacks; and (iii) this thesis proposes a change-point monitoring algorithm to detect DDoS flooding attacks against cloud services, by examining the packet IAT. A DDoS attack pattern is distinguished from normal traffic by using cumulative sum algorithm (CUSUM). The results obtained show a high detection rate and classification accuracy, when compared with other classification techniques in the literature. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/23391 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2017 |
| publishDateRange | 2017 |
| publishDateSort | 2017 |
| publisher | Department of Electrical Engineering |
| publisherStr | Department of Electrical Engineering |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/23391 DDoS defence for service availability in cloud computing Osanaiye, Opeyemi Ayokunle Dlodlo, Mqhele E Choo, Kim-Kwang Raymond Electrical Engineering Cloud computing presents a convenient way of accessing services, resources and applications over the Internet by shifting the focus of industries and organizations from the deployment and day-to-day running of their IT facilities, to provide an on-demand, self-service, and pay-as-you-go business model. Despite its increased popularity, ensuring security and availability of data, resources and services remains an ongoing research challenge. Distributed Denial of Service (DDoS) attacks are not a new threat but they remain a major security challenge in achieving a secure and guaranteed service and resources in cloud computing. Mitigating DDoS attack in cloud computing presents a new dimension to the solutions proffered in traditional computing, therefore, this work proposes DDoS defence solutions that identify and classify packet traffic as either legitimate or malicious, based on its attributes. This thesis has three objectives. Firstly, it investigates a major attribute of DDoS attack, the spoofing of source IP address that hides its identity to disallow easy traceback or deceive the cloud provider to enjoy certain services accrued to a trusted host. Secondly, due to the increased number and sophistication of DDoS attacks against cloud services and the magnitude of traffic that needs to be processed, the analysis of feature selection methods and classification techniques was carried out. Feature selection has been identified as a pre-processing phase in cloud DDoS attack defence that could potentially increase the classification accuracy and reduce the computational complexity, by identifying important features from the original dataset, during supervised learning. Finally, this thesis studies the packet inter-arrival time (IAT) feature of traffic traces, in order to determine the presence of an attack using a change-point detection. The DDoS attack pattern is detected by leveraging on the fact that most DDoS attacks are automated, thus exhibiting similar patterns. The main contributions are as follows: (i) This thesis proposes an IP spoofing detection technique that uses a passive and active host-based operating system (OS) fingerprinting to detect the true source of a packet during a spoofed DDoS attack; (ii) this thesis proposes an ensemble-based multi-filter feature selection (EMFFS) method that combines the output of four filter methods to achieve an optimum selection, and a decision-tree classifier to detect DDoS attacks; and (iii) this thesis proposes a change-point monitoring algorithm to detect DDoS flooding attacks against cloud services, by examining the packet IAT. A DDoS attack pattern is distinguished from normal traffic by using cumulative sum algorithm (CUSUM). The results obtained show a high detection rate and classification accuracy, when compared with other classification techniques in the literature. 2017-01-26T13:31:41Z 2017-01-26T13:31:41Z 2016 Doctoral Thesis Doctoral PhD http://hdl.handle.net/11427/23391 eng application/pdf Department of Electrical Engineering Faculty of Engineering and the Built Environment University of Cape Town |
| spellingShingle | Electrical Engineering Osanaiye, Opeyemi Ayokunle DDoS defence for service availability in cloud computing |
| thesis_degree_str | Doctoral |
| title | DDoS defence for service availability in cloud computing |
| title_full | DDoS defence for service availability in cloud computing |
| title_fullStr | DDoS defence for service availability in cloud computing |
| title_full_unstemmed | DDoS defence for service availability in cloud computing |
| title_short | DDoS defence for service availability in cloud computing |
| title_sort | ddos defence for service availability in cloud computing |
| topic | Electrical Engineering |
| url | http://hdl.handle.net/11427/23391 |
| work_keys_str_mv | AT osanaiyeopeyemiayokunle ddosdefenceforserviceavailabilityincloudcomputing |