Detection of HTTP Flooding Attacks in Cloud Using Dynamic Entropy Method

In recent years, cloud computing has emerged as a prominent paradigm that is used to provide cloud services to users. The technology enables the users to access the services by renting multiple virtual instances running in cloud on the basis of their demand. The attackers may send enormous volumes of malicious HTTP requests to the victims to exhaust the resources and services running in cloud. The techniques generally used for the detection of HTTP flooding attacks are pattern analysis, packet filtering methods, network-based access control, cloud trace-back methods, etc. These techniques use existing rules to identify traffic patterns to determine the attacks. However, these methods do not adapt to the dynamic and flexibility of the cloud models and its changing network traffic behavior and also suffer from spoofing attacks. So, in order to overcome the drawbacks, it is necessary to keep track of all the virtual instances running in cloud using the log trace and then monitor the status of the virtual machines in real time. Hence, the proposed method detects the flooding attacks by reading the network logs, and keeps track of the alive states, i.e., active IPs of the incoming requests by varying the window size (number of time slots) which depends on traffic load, and by measuring the sliding window of dynamic entropy. The experimental results of the proposed method are compared with the existing methods viz., static entropy and adaptive negative selection algorithm, and it was observed that the proposed method detects the HTTP flooding attacks with high probability, reduces false alarms and enhances performance even in the case of spoofing attacks.