DDoS Attack Detection and Clustering of Attacked and Non-attacked VMs Using SOM in Cloud Network

Abstract

Cloud computing has gained more importance in the IT service model that offers cost-effective and scalable processing. It provides virtualized and on-demand services to the user over the internet using several networking protocols with exceptional flexibility. However, with the existing technologies and the vulnerabilities, it leads to the occurrence of several attacks in the cloud environment. Distributed Denial of Service (DDoS) is most dangerous among all the attacks which limit the cloud users to access service and resources. Therefore, the detection of DDoS in the network and the identification of attacked VMs is the most dominating task in the cloud environment. In this work, a novel DDoS attack detection mechanism is presented. The research is carried out as follows: (i) Initially DDoS attack is detected by identifying the maximum number of connections to the network, (ii) then the attacked virtual machine and non-attacked virtual machines will be clustered using Self-Organized Mapping (SOM) based Neural Network (NN). The experimental results exhibit that the presented system can efficiently detect DDoS attacks and cluster attack and non-attack VMs in an attacked cloud network. Moreover, these results demonstrate that the proposed DDoS attack prediction accuracy of 97.63% and precision of 95.4% and it is better than the existing technique.