E-Had: A distributed and collaborative detection framework for early detection of DDoS attacks

•A Hadoop based distributed detection framework called E-Had to detect DDoS attacks is proposed.•E-Had distribute computational and memory overheads to multiple mappers and reducers.•E-Had is robust as it can continue to work in case some of the mappers do not respond in time.•E-Had is implemented u...

Full description

Saved in:
Bibliographic Details
Published in:Journal of King Saud University. Computer and information sciences 2022-04, Vol.34 (4), p.1373-1387
Main Authors: Patil, Nilesh Vishwasrao, Rama Krishna, C., Kumar, Krishan, Behal, Sunny
Format: Article
Language:English
Subjects:
Apache Hadoop
Big Data
DDoS attack
DoS attack
Entropy
Hadoop Distributed File System (HDFS)
MapReduce
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•A Hadoop based distributed detection framework called E-Had to detect DDoS attacks is proposed.•E-Had distribute computational and memory overheads to multiple mappers and reducers.•E-Had is robust as it can continue to work in case some of the mappers do not respond in time.•E-Had is implemented using HA-DDoS testbed consisting of 30 real systems.•E-Had has been validated using different attack scenarios of CAIDA and DDoSTB datasets. During the past few years, the traffic volume of legitimate traffic and attack traffic has increased manifolds up to Terabytes per second (Tbps). Because of the processing of such a huge traffic volume, it has become implausible to detect high rate attacks in time using conventional DDoS defense architectures. At present, the majority of the DDoS defense systems are deployed predominantly at the victim-end domain But these victim-end defense systems themselves are vulnerable to HR-DDoS attacks as the mammoth volume of attack traffic is generated by such type of attacks. The insufficient computational resources further make the problem more crucial at the victim-end. This paper proposed a distributed and collaborative architecture called E-Had that is capable of efficiently processing a large amount of data by distributing it among a number of mappers and reducers in a Hadoop based cluster. The proposed E-Had system has been comprehensively validated using various publicly available benchmarked datasets and real datasets generated in HA-DDoS testbed in terms of various detection system evaluation metrics. The experimental results clearly show that the proposed detection system is capable of early detection of different scenarios of DDoS attacks along with differentiating them from flash crowds.
ISSN:1319-1578
2213-1248
DOI:10.1016/j.jksuci.2019.06.016