Mitigating DDoS Attacks in Virtual Machine Migration: An In-Depth Security Framework Utilizing Deep Learning and Advanced Encryption Techniques
Article Sidebar
Main Article Content
Abstract
Safeguarding virtual machines (VMs) during migration is essential to avert Service Level Agreement (SLA) violations. This research article presents a robust security framework that utilizes deep learning and advanced encryption methods to reduce the impact of Distributed Denial of Service (DDoS) attacks during virtual machine migration. The study introduces an Improved Sparrow Search Algorithm-based Deep Neural Network (ISSA-DNN) for the classification of DDoS attacks and utilizes Advanced Encryption Standard-Elliptic Curve Cryptography (AES-ECC) to safeguard virtual machine images. The primary objective is to mitigate the risks associated with VM migration by identifying DDoS attacks and safeguarding VMs using advanced cryptographic techniques. The research employs the Canadian Institute for Cybersecurity Distributed Denial of Service (CICDDoS) dataset, implementing preprocessing procedures like duplication elimination, feature selection via Random Forest, and normalization to improve the precision of the DNN classifier. The ISSA-DNN approach enhances hyperparameter optimization by inverse mutation-based sparrow search, yielding a precise attack classification model. Furthermore, the research incorporates AES-ECC for encrypting VM images, amalgamating AES's computational efficiency with ECC's improved security. In contrast to conventional methods, this hybrid encryption approach enhances throughput and decreases encryption and decryption durations, rendering it appropriate for high-throughput and real-time applications. Experimental findings indicate that the proposed ISSA-DNN attains a classification accuracy of 98.79%, surpassing current state-of-the-art techniques. The AES-ECC encryption technique markedly enhances performance metrics, safeguarding the security of virtual machines during migration. This proactive security policy safeguards sensitive data and guarantees adherence to regulatory standards. In conclusion, the established framework offers a comprehensive solution for mitigating DDoS attacks and safeguarding VM migration via advanced deep learning and encryption methodologies. Integrating ISSA-DNN for attack classification and AES-ECC for encryption offers a robust strategy for improving cybersecurity in cloud environments.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
References
F. Khoda Parast, C. Sindhav, S. Nikam, H. Izadi Yekta, K. B. Kent, and S. Hakak, “Cloud computing security: A survey of service-based models,” Comput. Secur., vol. 114, p. 102580, Mar. 2022, DOI: https://doi.org/10.1016/j.cose.2021.102580
H. Lin, C. Wu, and M. Masdari, “A comprehensive survey of network traffic anomalies and DDoS attacks detection schemes using fuzzy techniques,” Comput. Electr. Eng., vol. 104, p. 108466, 2022, DOI: https://doi.org/10.1016/j.compeleceng.2022.108466
X. Jing, Z. Yan, and W. Pedrycz, “Security Data Collection and Data Analytics in the Internet: A Survey,” IEEE Commun. Surv. Tutorials, vol. 21, no. 1, pp. 586–618, 2019, DOI: https://doi.org/10.1109/COMST.2018.2863942
R. Kumar and R. Goyal, “On cloud security requirements, threats, vulnerabilities and countermeasures: A survey,” Comput. Sci. Rev., vol. 33, pp. 1–48, 2019, DOI: https://doi.org/10.1016/j.cosrev.2019.05.002
H. Tabrizchi and M. Kuchaki Rafsanjani, “A survey on security challenges in cloud computing: issues, threats, and solutions,” J. Supercomput., vol. 76, no. 12, pp.
–9532, 2020, DOI: https://doi.org/10.1007/s11227-020-03213-1
K. B. V., N. D. G., and P. S. Hiremath, “Detection of DDoS Attacks in Software Defined Networks,” in 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions (CSITSS), 2018, pp. 265–270. DOI: https://doi.org/10.1109/CSITSS.2018.8768551
J. Ali, B. Roh, B. Lee, J. Oh, and M. Adil, “A Machine Learning Framework for Prevention of Software-Defined Networking controller from DDoS Attacks and dimensionality reduction of big data,” in 2020 International Conference on Information and Communication Technology Convergence (ICTC), 2020, pp. 515–519. DOI: https://doi.org/10.1109/ICTC49870.2020.9289504
A. E. Cil, K. Yildiz, and A. Buldu, “Detection of DDoS attacks with feed forward based deep neural network model,” Expert Syst. Appl., vol. 169, p. 114520, 2021, DOI: https://doi.org/10.1016/j.eswa.2020.114520
M. Albanese, A. De Benedictis, D. D. J. de Macedo, and F. Messina, “Security and trust in cloud application life-cycle management,” Futur. Gener. Comput. Syst., vol. 111, pp. 934–936, 2020, DOI: https://doi.org/10.1016/j.future.2020.01.025
T. V Phan and M. Park, “Efficient Distributed Denial-of-Service Attack Defense in SDN-Based Cloud,” IEEE Access, vol. 7, pp. 18701–18714, 2019, DOI: https://doi.org/10.1109/ACCESS.2019.2896783
A. Bhardwaj, V. Mangat, and R. Vig, “Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud,” IEEE Access, vol. 8, pp. 181916–181929, 2020, DOI: https://doi.org/10.1109/ACCESS.2020.3028690
J. David and C. Thomas, “Detection of distributed denial of service attacks based on information theoretic approach in time series models,” J. Inf. Secur. Appl., vol. 55, p. 102621, 2020, DOI: https://doi.org/10.1016/j.jisa.2020.102621
D. J. Prathyusha and G. Kannayaram, “A cognitive mechanism for mitigating DDoS attacks using the artificial immune system in a cloud environment,” Evol. Intell., vol. 14, no. 2, pp. 607–618, 2021, DOI: https://doi.org/10.1007/s12065-019-00340-4
T.-H. Vuong, C.-V. N. Thi, and Q.-T. Ha, “N-Tier Machine Learning-Based Architecture for DDoS Attack Detection,” in Intelligent Information and Database Systems, 2021, pp. 375–385, DOI: https://doi.org/10.1007/978-3-031-09484-2_2
N. Gupta, V. Jindal, and P. Bedi, “LIO-IDS: Handling class imbalance using LSTM and improved one-vs-one technique in intrusion detection system,” Comput. Networks, vol. 192, p. 108076, 2021, DOI: https://doi.org/10.1016/j.comnet.2021.108076
Y. Wei, J. Jang-Jaccard, F. Sabrina, A. Singh, W. Xu, and S. Camtepe, “AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification,” IEEE Access, vol. 9, pp. 146810–146821, 2021, DOI: https://doi.org/10.1109/ACCESS.2021.3123791
T. Khempetch and P. Wuttidittachotti, “DDoS attack detection using deep learning,” vol. 10, no. 2, pp. 382–388, 2021, DOI: https://doi.org/10.11591/ijai.v10.i2.pp382-388
A. Agarwal, M. Khari, and R. Singh, “Detection of DDOS Attack using Deep Learning Model in Cloud Storage Application,” Wirel. Pers. Commun., vol. 127, no. 1, pp. 419–439, 2022, DOI: https://doi.org/10.1007/s11277-021-08271-z
R. K. Batchu and H. Seetha, “An integrated approach explaining the detection of distributed denial of service attacks,” Comput. Networks, vol. 216, p. 109269, 2022, DOI: https://doi.org/10.1016/j.comnet.2022.109269
D. H. Parekh and R. Sridaran, “Mitigating cloud security threats using public-key infrastructure,” in Cyber Security: Proceedings of CSI 2015, 2018, pp. 165–177, doi: https://doi.org/10.1007/978-981-10-8536-9_17
S. Rehman, N. Talat Bajwa, M. A. Shah, A. O. Aseeri, and A. Anjum, “Hybrid AES-ECC Model for the Security of Data over Cloud Storage,” Electronics, vol. 10, no. 21, 2021, DOI: https://doi.org/10.3390/electronics10212673
A. Nanda, P. Nanda, X. He, A. Jamdagni, and D. Puthal, “A hybrid encryption technique for Secure-GLOR: The adaptive secure routing protocol for dynamic wireless mesh networks,” Futur. Gener. Comput. Syst., vol. 109, pp. 521–530, 2020, DOI: https://doi.org/10.1016/j.future.2018.05.065
H. Aliev and H.-W. Kim, “Matrix-Based Dynamic Authentication With Conditional Privacy-Preservation for Vehicular Network Security,” IEEE Access, vol. 8, pp. 200883–200896, 2020, DOI: https://doi.org/10.1109/ACCESS.2020.3035845
B. Alaya and L. SELLAMI, “Clustering method and symmetric/asymmetric cryptography scheme adapted to securing urban VANET networks,” J. Inf. Secur. Appl., vol. 58, p. 102779, 2021, DOI: https://doi.org/10.1016/j.jisa.2021.102779
D. K. R. Shukla, V. K. R. Dwivedi, and M. C. Trivedi, “Encryption algorithm in cloud computing,” Mater. Today Proc., vol. 37, pp. 1869–1875, 2021, DOI: https://doi.org/10.1016/j.matpr.2020.07.452
H. S. Yahia et al., “Comprehensive survey for cloud computing based nature-inspired algorithms optimization scheduling,” Asian J. Res. Comput. Sci., vol. 8, no. 2, pp. 1–16, 2021, DOI: https://doi.org/10.9734/ajrcos/2021/v8i230195
P. Chinnasamy, S. Padmavathi, R. Swathy, and S. Rakesh, “Efficient Data Security Using Hybrid Cryptography on Cloud Computing,” in Inventive Communication and Computational Technologies, 2021, pp. 537–547, DOI: https://doi.org/10.1007/978-981-15-7345-3_46
V. K. Soman and V. Natarajan, “Analysis of Hybrid Data Security Algorithms for Cloud,” in Second International Conference on Networks and Advances in Computational Technologies, 2021, pp. 231–242, DOI: https://doi.org/10.1007/978-3-030-49500-8_20
F. K. Mupila and H. Gupta, “An Innovative Authentication Model for the Enhancement of Cloud Security,” in Innovations in Computer Science and Engineering, 2021, pp. 447–455, DOI: https://doi.org/10.1007/978-981-33-4543-0_48
D. Saxena, I. Gupta, J. Kumar, A. K. Singh, and X. Wen, “A Secure and Multiobjective Virtual Machine Placement Framework for Cloud Data Center,” IEEE Syst. J., vol. 16, no. 2, pp. 3163–3174, 2022, DOI: https://doi.org/10.1109/JSYST.2021.3092521
F. Thabit, O. Can, S. Alhomdy, G. H. Al-Gaphari, and S. Jagtap, “A Novel Effective Lightweight Homomorphic Cryptographic Algorithm for data security in cloud computing,” Int. J. Intell. Networks, vol. 3, pp. 16–30, 2022, DOI: https://doi.org/10.1016/j.ijin.2022.04.001
B. Thakkar and B. Thankachan, “An Approach for Enhancing Security of Data over Cloud Using Multilevel Algorithm,” in Congress on Intelligent Systems, 2022, pp. 305–318, DOI: https://doi.org/10.1007/978-981-16-9416-5_22
F. Pandey, P. Dash, D. Samanta, and M. Sarma, “Efficient and provably secure intelligent geometrical method of secret key generation for cryptographic applications,” Comput. Electr. Eng., vol. 101, p. 107947, 2022, DOI: https://doi.org/10.1016/j.compeleceng.2022.107947
R. K. Batchu and H. Seetha, “A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning,” Comput. Networks, vol. 200, p. 108498, 2021, DOI: https://doi.org/10.1016/j.comnet.2021.108498
D. Akgun, S. Hizal, and U. Cavusoglu, “A new DDoS attacks intrusion detection model based on deep learning for cybersecurity,” Comput. Secur., vol. 118, p. 102748, 2022, DOI: https://doi.org/10.1016/j.cose.2022.102748
J. Xue and B. Shen, “A novel swarm intelligence optimization approach: sparrow search algorithm,” Syst. Sci. & Control Eng., vol. 8, no. 1, pp. 22–34, 2020, DOI: https://doi.org/10.1080/21642583.2019.1708830
R. Kumar, M. Memoria, A. Gupta, and M. Awasthi, “Critical Analysis of Genetic Algorithm under Crossover and Mutation Rate,” in 2021 3rd International Conference on Advances in Computing, Communication Control and Networking (ICAC3N), 2021, pp. 976–980. DOI:: https://doi.org/10.1109/ICAC3N53548.2021.9725640
C. E. L. BALMANY, Z. TBATOU, A. ASIMI, and M. BAMAROUF, “Secure Virtual Machine Image Storage Process into a Trusted Zone-based Cloud Storage,” Comput. Secur., vol. 120, p. 102815, 2022, DOI: https://doi.org/10.1016/j.cose.2022.102815
D. N. Tran, B. L. Vu, and X. N. Tien, “Improved Deterministic Usage of the Elliptic Curve Digital Signature Algorithm with Scrypt,” in 2023 IEEE Statistical Signal Processing Workshop (SSP), 2023, pp. 611–615. DOI: https://doi.org/10.1109/SSP53291.2023.10207927
R. Banoth and R. Regar, Classical and Modern Cryptography for Beginners. Springer Nature, 2023, DOI: https://doi.org/10.1007/978-3-031-32959-3
R. Banoth and R. Regar, “Security Standards for Classical and Modern Cryptography,” in Classical and Modern Cryptography for Beginners, Cham: Springer Nature Switzerland, 2023, pp. 47–83. DOI: https://doi.org/10.1007/978-3-031-32959-3_2
V. S. Shetty, R. Anusha, D. Kumar M.J., and P. Hegde N., “A Survey on Performance Analysis of Block Cipher Algorithms,” in 2020 International Conference on Inventive Computation Technologies (ICICT), 2020, pp. 167–174. DOI: https://doi.org/10.1109/ICICT48043.2020.9112491
P. Oktivasari, M. Agustin, R. E. M. Akbar, A. Kurniawan, A. R. Zain, and F. A. Murad, “Analysis of ECG Image File Encryption using ECDH and AES-GCM Algorithm,” in 2022 7th International Workshop on Big Data and Information Security (IWBIS), 2022, pp. 75–80. DOI: https://doi.org/10.1109/IWBIS56557.2022.9924954
R. Banoth and R. Regar, “Asymmetric Key Cryptography,” in Classical and Modern Cryptography for Beginners, Cham: Springer Nature Switzerland, 2023, pp. 109–165.
DOI: https://doi.org/10.1007/978-3-031-32959-3_4
M. Ma, “Comparison between RSA and ECC,” in 2021 2nd International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT), 2021, pp. 642–645. DOI: https://doi.org/10.1109/AINIT54228.2021.00129
M. P. Novaes, L. F. Carvalho, J. Lloret, and M. L. Proença, “Adversarial Deep Learning approach detection and defense against DDoS attacks in SDN environments,” Futur. Gener. Comput. Syst., vol. 125, pp. 156–167, Dec. 2021, DOI: https://doi.org/10.1016/j.future.2021.06.047
R. Priyadarshini and R. K. Barik, “A deep learning based intelligent framework to mitigate DDoS attack in fog environment,” J. King Saud Univ. - Comput. Inf. Sci., vol. 34, no. 3, pp. 825–831, 2022, DOI: https://doi.org/10.1016/j.jksuci.2019.04.010
M. Wang, Y. Lu, and J. Qin, “A dynamic MLP-based DDoS attack detection method using feature selection and feedback,” Comput. Secur., vol. 88, p. 101645, 2020, DOI: https://doi.org/10.1016/j.cose.2019.101645
M. V. O. de Assis, L. F. Carvalho, J. J. P. C. Rodrigues, J. Lloret, and M. L. Proença Jr, “Near real-time security system applied to SDN environments in IoT networks using convolutional neural network,” Comput. Electr. Eng., vol. 86, p. 106738, 2020, DOI: https://doi.org/10.1016/j.compeleceng.2020.106738
Midha, S., & Kaur, G. (2020). Svm Implementation for Ddos Attacks in Software Defined Networks. In International Journal of Innovative Technology and Exploring Engineering (Vol. 10, Issue 1, pp. 205–212). DOI: https://doi.org/10.35940/ijitee.A8166.1110120
R, P., & M, P. (2019). Artificial Neural Network (ANN) Based DDoS Attack Detection Model on Software Defined Networking (SDN). In International Journal of Recent Technology and Engineering (IJRTE) (Vol. 8, Issue 2, pp. 4887–4894). DOI: https://doi.org/10.35940/ijrte.B3670.078219
Prasad, D. (2019). Improving Security for Internet of Things Devices using Software Defined Networking. In International Journal of Engineering and Advanced Technology (Vol. 9, Issue 2, pp. 2881–2884). DOI: https://doi.org/10.35940/ijeat.B3736.129219