Entropy based Anomaly Detection System to Prevent DDoS Attacks in Cloud

TL;DR

This paper proposes an entropy-based anomaly detection system that enhances DDoS attack prevention in cloud environments by combining detection and confirmation algorithms across network routers.

Contribution

It introduces a novel multi-level intrusion detection approach integrating entropy and anomaly detection techniques for cloud security.

Findings

Effective detection of DDoS attacks in cloud environments.

Improved accuracy over traditional signature-based IDS.

Enhanced security through multi-level verification.

Abstract

Cloud Computing is a recent computing model provides consistent access to wide area distributed resources. It revolutionized the IT world with its services provision infrastructure, less maintenance cost, data and service availability assurance, rapid accessibility and scalability. Grid and Cloud Computing Intrusion Detection System detects encrypted node communication and find the hidden attack trial which inspects and detects those attacks that network based and host based cant identify. It incorporates Knowledge and behavior analysis to identify specific intrusions. Signature based IDS monitor the packets in the network and identifies those threats by matching with database but It fails to detect those attacks that are not included in database. Signature based IDS will perform poor capturing in large volume of anomalies. Another problem is that Cloud Service Provider hides the attack that is caused by intruder, due to distributed nature cloud environment has high possibility for vulnerable resources. By impersonating legitimate users, the intruders can use a services abundant resources maliciously. In Proposed System we combine few concepts which are available with new intrusion detection techniques. Here to merge Entropy based System with Anomaly detection System for providing multilevel Distributed Denial of Service. This is done in two steps: First, Users are allowed to pass through router in network site in that it incorporates Detection Algorithm and detects for legitimate user. Second, again it pass through router placed in cloud site in that it incorporates confirmation Algorithm and checks for threshold value, if its beyond the threshold value it considered as legitimate user, else its an intruder found in environment.