Detection of HTTP flooding attacks in cloud using fuzzy bat clustering

Abstract

Cloud computing plays a major role in reducing the expenditure of infrastructural costs on the basis of pay per use model. Security is the major concern wherein detection of security attacks and crimes is very difficult. Due to the distributed nature of attacks and crimes in the cloud, there is a need for an efficient security mechanism. Traditional security mechanisms cannot be applied directly to identify the source of attack due to the dynamic changes in the cloud. Hypertext Transfer Protocol (HTTP) flooding attacks are identified by keeping track of all the activities of the virtual machine instances running in the cloud. It is hard to identify the source of an attack since an attacker deletes all the possible traces. So, in order to mitigate this issue, the proposed method reads the logs, extracts the relevant features and investigates HTTP flooding attacks by a grouping of similar input patterns using fuzzy bat clustering and determines the anomalous behavior using deviated anomalous score. The suspicious source is determined by finding the event correlation between the virtual machine instance issued by cloud service provider with the suspicious source list. The experimental results are compared with the existing approaches, viz., k -means clustering, fuzzy c -means clustering, bat clustering and Bartd method in which the proposed method determines the anomalies accurately with very few false alarm than existing approaches.