USP Electronic Research Repository

Detecting TCP SYN Flood Attack in the Cloud

Kumar, Raneel and Lal, Sunil P. and Sharma, Alokanand (2017) Detecting TCP SYN Flood Attack in the Cloud. Journal of Software, 12 (7). pp. 493-506. ISSN 1796-217X

[img]
Preview
PDF - Published Version
Download (1MB) | Preview

Abstract

In this paper, an approach to protecting virtual machines (VMs) against TCP SYN flood attack in a cloud environment is proposed. An open source cloud platform Eucalyptus is deployed and experimentation is carried out on this setup. We investigate attacks emanating from one VM to another in a multi-tenancy cloud environment. Various scenarios of the attack are executed on a webserver VM. To detect such attacks from a cloud provider’s perspective, a security mechanism involving a packet sniffer, feature extraction process, a classifier and an alerting component is proposed and implemented. We experiment with k-nearest neighbor and artificial neural network for classification of the attack. The dataset obtained from the attacks on the webserver VM is passed through the classifiers. The artificial neural network produced a F1 score of 1 with the test cases implying a 100% detection accuracy of the malicious attack traffic from legitimate traffic. The proposed security mechanism shows promising results in detecting TCP SYN flood attack behaviors in the cloud.

Item Type: Journal Article
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Faculty of Science, Technology and Environment (FSTE)
Depositing User: Raneel Kumar
Date Deposited: 10 Oct 2017 23:17
Last Modified: 10 Jul 2018 02:47
URI: http://repository.usp.ac.fj/id/eprint/10287
UNSPECIFIED

Actions (login required)

View Item View Item

Document Downloads

More statistics for this item...