REST-API based DDoS Detection Using Multi Feature Hybrid Classification in the Cloud Architecture

Abstract

Cloud services are often delivered through HTTP protocol for ease and reduced cost for both service providers and users. The only drawback is that these protocols and the cloud itself are more prone to Distributed Denial of Service (DDoS) attacks. There is the need for a detection setup that is lightweight, robust and easily deployable on these architectures with an improved efficiency. We thus propose a novel multi-feature hybrid classification based DDOS detection setup that uses the Representational State Transfer (REST)-Application Programming Interface (API) for the attack prediction. The cloud architectures we are using are Heroku, one of the first developed platform as a service (paas) computing platform by salesforce and Amazon Elastic Compute Cloud, one of the most sought after and on-demand infrastructure as a service (iaas) computing platform by amazon. The GitHub repository holds the pre-trained hybrid classifier in its repository which is accessed using the REST-API by the cloud. The HTTP request and response commands are sent to the cloud architecture through the Postman API client where the final attack prediction is done. This makes our cloud burden free as the detection is done outside its domain. The hybrid classifier here is the integration of Random Forest classifier, Decision Tree classifier, Support Vector Machine and XGBoost classifier, all trained on the pre-processed Knowledge Discovery in Databases (KDD) Cup 99 and UNSW-NB15 datasets. Here we are also using two different feature ranking methods i.e., statistical feature ranking and machine learning ranking. It shows the best accuracy results with information gain on KDD Cup 99 dataset and decision tree classifier on UNSW-NB15 dataset as the feature selection technique.