Bamasag Omaimah, Alsaeedi Alaa, Munshi Asmaa, Alghazzawi Daniyal, Alshehri Suhair, Jamjoom Arwa
Department of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi Arabia.
Department of Computer Science, University of Jeddah, Jeddah, Saudi Arabia.
PeerJ Comput Sci. 2022 Jun 13;7:e814. doi: 10.7717/peerj-cs.814. eCollection 2022.
In recent years, the advent of cloud computing has transformed the field of computing and information technology. It has been enabling customers to rent virtual resources and take advantage of various on-demand services with the lowest costs. Despite the advantages of cloud computing, it faces several threats; an example is a distributed denial of service (DDoS) attack, which is considered among the most serious. This article presents real-time monitoring and detection of DDoS attacks on the cloud using a machine learning approach. Naïve Bayes, K-nearest neighbor, decision tree, and random forest machine learning classifiers have been selected to build a predictive model named "Real-Time DDoS flood Attack Monitoring and Detection RT-AMD." The DDoS-2020 dataset was constructed with 70,020 records to evaluate RT-AMD's accuracy. The DDoS-2020 contains three protocols for network/transport-level, which are TCP, DNS, and ICMP. This article evaluates the proposed model by comparing its accuracy with related works. Our model has shown improvement in the results and reached real-time attack detection using incremental learning. The model achieved 99.38% accuracy for the random forest in real-time on the cloud environment and 99.39% on local testing. The RT-AMD was evaluated on the NSL-KDD dataset as well, in which it achieved 99.30% accuracy in real-time in a cloud environment.
近年来,云计算的出现改变了计算和信息技术领域。它使客户能够以最低成本租赁虚拟资源并利用各种按需服务。尽管云计算有诸多优势,但它也面临着一些威胁;例如分布式拒绝服务(DDoS)攻击,这被认为是最严重的威胁之一。本文提出了一种使用机器学习方法对云环境中的DDoS攻击进行实时监测和检测的方法。选择了朴素贝叶斯、K近邻、决策树和随机森林机器学习分类器来构建一个名为“实时DDoS泛洪攻击监测与检测RT - AMD”的预测模型。构建了包含70,020条记录的DDoS - 2020数据集来评估RT - AMD的准确性。DDoS - 2020包含网络/传输层的三种协议,即TCP、DNS和ICMP。本文通过将所提模型的准确性与相关工作进行比较来评估该模型。我们的模型在结果上有改进,并通过增量学习实现了实时攻击检测。该模型在云环境中对随机森林实时攻击检测的准确率达到了99.38%,在本地测试中达到了99.39%。RT - AMD也在NSL - KDD数据集上进行了评估,在云环境中实时攻击检测的准确率达到了99.30%。
