MAD-SE: ADAPTIVE THRESHOLD-BASED STACK ENSEMBLE APPROACH FOR THE DETECTION OF DDOS ATTACK IN CLOUD

At present, cyber-attacks are steadily increasing in the cloud network. TCP, ICMP, UDP protocol-based Distributed Denial of Service (DDoS) attacks are the major contributors for making the cloud-based system unsafe. The rate of growth of DDoS cyber-attack is a severe and challenging problem in the network. In the literature, to handle such attacks, various feature selection, and classification techniques are used. In these methods, for the collection of optimal attributes, static thresholding methods are applied. However, when the various variant of DDoS causes a DDoS attack, the size of packets and attribute’s value is significantly changed. Thus, the methods utilizing static statistics are not suitable for a dynamic network. Therefore, an adaptive threshold-based Mean Absolute Deviation technique (MAD) is used to overcome these drawbacks. Moreover, in this work, the Stacked Ensemble (SE) approach is utilized instead of the single classification algorithm for the classification purpose. The proposed approach comprises of three components; (1) data pre-processing, (2) optimal attribute selection, and (3) detection and prevention system from DDoS attacks. In this work, to evaluate the proposed approach, a standard NSL-KDD dataset is used. It is observed that MAD with SE beats all other combinations. In conventional methods, selecting a single classifier may not perform well because it works well on training data, but it poorly classifies the non-viewed new data. The stack ensemble approach removes this issue. Moreover TCP, UDP, and ICMP-based DDoS flooding attacks can also be easily noticed and classified by MAD-SE.