Slow flooding attack detection in cloud using change point detection approach


  • Dr Baldev Singh
  • Dr S.N. Panda
  • Dr Gurpinder Singh Samra





Flooding Attacks, HTTP(S), DDOS Attack, Threshold, Cloud


Cloud computing is one of the high-demand services and prone to numerous types of attacks due to its Internet based backbone. Flooding based attack is one such type of attack over the cloud that exhausts the numerous resources and services of an individual or an enterprise by way of sending useless huge traffic. The nature of this traffic may be of slow or fast type. Flooding attacks are caused by way of sending massive volume of packets of TCP, UDP, ICMP traffic and HTTP Posts. The legitimate volume of traffic is suppressed and lost in traffic flooding traffics. Early detection of such attacks helps in minimization of the unauthorized utilization of resources on the target machine. Various inbuilt load balancing and scalability options to absorb flooding attacks are in use by cloud service providers up to ample extent still to maintain QoS at the same time by cloud service providers is a challenge. In this proposed technique. Change Point detection approach is proposed here to detect flooding DDOS attacks in cloud which are based on the continuous variant pattern of voluminous (flooding) traffic and is calculated by using various traffic data based metrics that are primary and computed in nature. Golden ration is used to compute the threshold and this threshold is further used along with the computed metric values of normal and malicious traffic for flooding attack detection. Traffic of websites is observed by using remote java script.



[1] Chang, Rocky KC. "Defending against flooding-based distributed denial-of-service attacks: a tutorial." Communications Magazine, IEEE 40.10 (2002): 42-51.

[2] Suo, Hui, et al. "Security in the internet of things: a review." Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on. Vol. 3. IEEE, 2012.

[3] El Defrawy, Karim, Minas Gjoka, and Athina Markopoulou. "BotTorrent: misusing BitTorrent to launch DDOS attacks." Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet. USENIX Association, 2007.

[4] Ankali, Sanjay B., and D. V. Ashoka. "Detection architecture of application layer DDOS attack for internet." Int. J. Advanced Networking and Applications 3.01 (2011): 984-990.

[5] Saleh, Mohammed A., and Azizah Abdul Manaf. "A Novel Protective Framework for Defeating HTTP-Based Denial of Service and Distributed Denial of Service Attacks." The Scientific World Journal 2015 (2015).

[6] Cambiaso, Enrico, et al. "Slow DOS attacks: definition and categorisation." International Journal of Trust Management in Computing and Communications 1.3-4 (2013): 300-319.

[7] Tomar, Kuldeep, and S. S. Tyagi. "HTTP Packet Inspection Policy for Improvising Internal Network Security." International Journal of Computer Network and Information Security (IJCNIS) 6.11 (2014): 35.

[8] M. Richardson, E. Dominowska, and R. Ragno. Predicting clicks: estimating the click-through rate for new ads. In WWW, 2007.

[9] Lam, V. T., et al. "Puppetnets: misusing web browsers as a distributed attack infrastructure." Proceedings of the 13th ACM conference on Computer and communications security. ACM, 2006.

[10] Jin, Shuyuan, and Daniel S. Yeung. "A covariance analysis model for DDoS attack detection." Communications, 2004 IEEE International Conference on. Vol. 4. IEEE, 2004.

[11] Alomari, Esraa, et al. "Design, Deployment and use of HTTP-based Botnet (HBB) Testbed." Advanced Communication Technology (ICACT), 2014 16th International Conference on. IEEE, 2014.

[12] Choi, Yang-seo, et al. "Aigg threshold based http get flooding attack detection." Information Security Applications. Springer Berlin Heidelberg, 2012. 270-284.

[13] Choi, Junho, et al. "A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment." Soft Computing 18.9 (2014): 1697-1703.

[14] Genes, Raimund, Anthony Arrott, and David Sancho. "Stormy Weather: A Quantitative Assessment of the Storm Web Threat in 2007." (2011).

[15] Sachdeva, Monika, et al. "Performance analysis of web service under DDoS attacks." Advance Computing Conference, 2009. IACC 2009. IEEE International. IEEE, 2009.

[16] Yang, Jin-Seok, Min-Woo Park, and Tai-Myoung Chung. "A Study on Low-Rate DDoS Attacks in Real Networks." Information Science and Applications (ICISA), 2013 International Conference on. IEEE, 2013.

[17] Chonka, Ashley, and Jemal Abawajy. "Detecting and mitigating HX-DoS attacks against cloud web services." Network-Based Information Systems (NBiS), 2012 15th International Conference on. IEEE, 2012.

[18] Zhang Fengxiang; Abe, S., "A Heuristic DDoS Flooding Attack Detection Mechanism Analyses based on the Relationship between Input and Output Traffic Volumes," in Computer Communications and Networks, 2007. ICCCN 2007.

[19] Chao Liu; Shunyi Zhang, "A Bidirectional-Based DDoS Detection Mechanism," in Wireless Communications, Networking and Mobile Computing, 2009. WiCom '09. 5th International Conference on , vol., no., pp.1-4, 24-26 Sept. 2009

[20] Zhang Dengyin; Liu Yu; Adi, A.; Li Haibo, "Improved R/S Algorithm Based on Network Traffic Self-Similarity," in Wireless Communications, Networking and Mobile Computing, 2008. WiCOM '08. 4th International Conference on , vol., no., pp.1-4, 12-14 Oct. 2008

[21] Piggott, P.; Carter, C.; Patterson, W.; Gutierrez, F.; Mujica, S.; Rojas, E.; Valenzuela, C., "Development of an indicator to distinguish DDoS attacks from other anomalous events," in Southeastcon, 2013 Proceedings of IEEE , vol., no., pp.1-5, 4-7 April 2013

[22] Ruoyu Yan; Qinghua Zheng; Guolin Niu; Sheng Gao, "A new way to detect DDoS attacks within single router," in Communication Systems, 2008. ICCS 2008. 11th IEEE Singapore International Conference on , vol., no., pp.1192-1196, 19-21 Nov. 2008

[23] Sanchika Gupta, Padam Kumar, Ajith Abraham, “A Profile Based Network Intrusion Detection and Prevention System for Securing Cloud Environmentâ€; International Journal of Distributed Sensor Networks, Volume 2013.

[24] Alqahtani, S.; Gamble, R., "DDoS Attacks in Service Clouds," in System Sciences (HICSS), 2015 48th Hawaii International Conference on , vol., no., pp.5331-5340, 5-8 Jan. 2015

[25] Alomari, E.; Manickam, S.; Gupta, B.B.; Singh, P.; Anbar, M., "Design, deployment and use of HTTP-based botnet (HBB) testbed," in Advanced Communication Technology (ICACT), 2014

[26] Soejima, Y.; Chen, E.Y.; Fuji, H., "Detecting DDoS Attacks by Analyzing Client Response Patterns," in Applications and the Internet Workshops, 2005. Saint Workshops 2005. The 2005 Symposium , vol., no., pp.98-101, 31-04 Jan. 2005

[27] Singh Baldev, Panda S.N., Samra G.S., “Detecting and Countering DDOS Attacksâ€; IJARCSSE, Issue-11, November 2013.

[28] Rohita P. Patil, Shreyansh Daga, Singh M, Nitin L., “Gesture Recognition Engine using Golden Section Search Algorithm for Touch Tables†; IJECCE, Vol. 5, Issue-4, 2014.

[29] Biegler, L. T. and J. E. Cuthrell, "Improved Infeasible Path Optimization for Sequential Modular Simulators-II: The Optimization Algorithm," Computers & Chemical Engineering.

[30] Cisco Global Cloud Index: Forecast and Methodology 2016-2021;


[32] Baldev Singh, S.N. Panda, “Weighted Bounce Threshold to Detect Slow DDOS Attacks in Cloudâ€, IJSST, Issue-1, Vol. 2, 2014

[33] M. Khoo, Joe Pagano, A .l. Washington, M. Recker, B. Palmer, Robert D., “ Using web metrics to analyze digital libraries†; Conference: ACM/IEEE Joint Conference on Digital Libraries, JCDL 2008, Pittsburgh, PA, USA, June 16-20, 2008

[34] M. Thottan and C. Ji. Anomaly detection in IP networks. IEEE Transactions on Signal Processing, 51(8), August 2003.

[35] Cisco Visual Networking Index: Forecast and Methodolgy, 2016–2021

[36] B. Krishnamurthy, S. Sen, Y. Zhang, and Y. Chen. Sketch-based change detection: Methods, evaluation, and applications,. In Proceedings of ACM Internet Measurement Conference'2003, Miami, FL, October 2002.

[37] Muhai Li, Ming Li; †A New Approach for Detecting DDoS Attacks Based on Wavelet Analysisâ€, 2009 2nd International Congress on Image and Signal Processing

[38] Yu Chen, Kai Hwang , Wei-Shinn Ku , “Distributed Change-Point Detection of DDoS Attacks: Experimental Results on DETER Testbedâ€; DETER Community Workshop on Cyber Security Experimentation and Test, in conjunction with USENIX Security Symposium, Boston, MA. August 6-7, 2007.

View Full Article:

How to Cite

Baldev Singh, D., S.N. Panda, D., & Gurpinder Singh Samra, D. (2018). Slow flooding attack detection in cloud using change point detection approach. International Journal of Engineering & Technology, 7(2.30), 33–38.
Received 2018-05-29
Accepted 2018-05-29
Published 2018-05-29