A technique for DoS attack detection in e-commerce transactions based on ECC and Optimized Support Vector Neural Network

• Autorzy: Shaikh J. R. , Iliev G.
• Języki publikacji: EN

Abstrakty

EN

Cloud computing has become a significant area forbusiness due to the high demand from people engaging in commerce and hence, protecting the entities from attacks, like Denial-of-Service (DoS) attacks is essential. Therefore, an effective DoS attack detection technique is required in the e-commerce transactions to provide security in this space. Accordingly, in this paper, a technique is developed for DoS attack detection for the e commerce transactions by proposing Glowworm Swarm Optimization-based Support Vector Neural Network (GSO-SVNN) based authorization. The user and the server, who are registered for accessing the e-commerce web, are first registered and then, authenticated based on Elliptic Curve Cryptography (ECC) encryption with four verification levels follows. The proposed GSO-SVNN classifier, which is developed by incorporating the GSO algorithm in the training procedure of SVNN, determines the class of the user. The performance of the proposed technique is evaluated using four metrics, namely accuracy, precision, recall, and False Positive Rate (FPR), and the experimental results show that the maximum accuracy attained by the proposed DoS attack detection technique is 95.1%. This proves that the proposed technique is effective in detecting DoS attacks in e commerce applications using the proposed GSO-SVNN based authorization.

Słowa kluczowe

EN

cloud computing; e-commerce transactions; DoS attack detection; SVNN; GSO

• Wydawca: Systems Research Institute, Polish Academy of Sciences
• Czasopismo: Control and Cybernetics
• Rocznik: 2018
• Tom: Vol. 47, no. 4
• Strony: 439--463
• Opis fizyczny: Bibliogr. 34 poz., rys.

Twórcy

autor

Shaikh J. R.

• SKN Sinhgad Institute of Technology and Science, Lonavala, India

autor

Iliev G.

• Technical University of Sofia, Bulgaria

Bibliografia

• [1] Al-Haidari, F., Sqalli, M and Salah, K. (2015) Evaluation of the impact of EDoS attacks against cloud computing services. Arabian Journal for Science and Engineering, 40(3) 773-785.
• [2] Brustoloni, J. (2002) Protecting electronic commerce from distributed denial of-service attacks. In: Proceedings of the 11th ACM international conference on World Wide Web, ACM Digital Library, 553-561.
• [3] Cao, J., Yu, B., Dong, F., Zhu, X. and Xu, S. (2015) Entropy-based denial-of-service attack detection in cloud data center. Concurrency and Computation: Practice and Experience, 27(18) 5623-5639.
• [4] Chan, G., Lee, C. and Heng, S. (2014) Defending against XML-related attacks in e-commerce applications with predictive fuzzy associative rules. Applied Soft Computing, 24, 142-157.
• [5] Chen, Y., Paxson, V. and Katz, R.H. (2010) What’s new about cloud computing security. University of California, Berkeley Report No. UCB/EECS-2010-5.
• [6] Chun-Tao, X., Xue-Hui, D., Li-Feng and Hua-Cheng, C. (2012) An algorithm of detecting and defending CC attack in real time. In: Proceedings of 2012 IEEE International Conference on Industrial Control and Electronics Engineering (ICICEE), IEEE, 1804-1806.
• [7] Gomez-Herrera, E., Martens, B and Turlea, G. (2014) The drivers and impediments for cross-border ecommerce in the EU. Information Economics and Policy, 28, 83-96.
• [8] Hankerson, D., Menezes, A.J. and Vanstone, S. (2006) Guide to Elliptic Curve Cryptography. Springer Science & Business Media.
• [9] Hoffman, K., Zage, D. and Nita-Rotaru, C. (2007) A Survey of attacks on Reputation Systems. Computer Science Technical Reports. Report No. 07-013, Purdue University, 1-17.
• [10] Hoque, N., Kashyap, H. and Bhattacharyy, D.K. (2017) Real-time DDoS attack detection using FPGA. Computer Communications, 110, 48-58.
• [11] Josang, A., Ismail, R. and Boyd, C. (2007) A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2), 618-644.
• [12] Kaipa, K.N. and Ghose, D. (2017) Glowworm Swarm Optimization: Theory, Algorithms and Applications. Studies in Computational Intelligence 698, Springer Verlag.
• [13] Karlekar N.P. and Gomathi, N. (2018) OW-SVM: Ontology and whale optimization-based support vector machine for privacy-preserved medical data classification in cloud. International Journal for Communication Systems. 31(12), 1–18.
• [14] Karoui, K. (2016) Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E-commerce web server. International Journal of Network Management, 26(6), 553-578.
• [15] Lucking-Reiley, D., Bryan, D., Prasad, N. and Reeves, D. (2007) Pennies from eBay: The determinants of price in online auctions. The Journal of Industrial Economics, 55(2), 223-233.
• [16] Ludwig, O., Nunes, U. and Araujo, R. (2014) Eigen value decay: A new method for neural network regularization. Neurocomputing, 124, 33–42.
• [17] Menaga, D. and Revathi, S. (2018) Least Lion Optimization algorithm (LLOA) Based Secret key Generation for Privacy Preserving Association Rule Hiding. IET Information Security 12(4), 1-9.
• [18] Mukhopadhyay, A., Chatterjee, S., Bagchi, K.K., Kirs, P.J. and Shukla, G.K. (2017) Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber Insurance. Information Systems Frontiers, 1-22.
• [19] Pinyol, I. and Sabater-Mir, J. (2013) Computational trust and reputation models for open multi-agent systems: a review. Artificial Intelligence Review, 40(1), 1-25.
• [20] Prasad, K.M., Reddy, A.R.M. and Rao, K.V. (2017) BARTD: Bioinspired anomaly based real time detection of under rated App-DDoS attack on web. Journal of King Saud University-Computer and Information Sciences, 115.
• [21] Ranjan, N.M. and Prasad, R.S. (2018) LFNN: Lion fuzzy neural network based evolutionary model for text classification using context and sense based features. Applied Soft Computing. 71, 994-1008.
• [22] Rasmusson, L. and Jansson, S. (1996) Simulated social control for secure Internet commerce. In: Proceedings of the 1996 ACM workshop on new security paradigms, ACM, 18-25.
• [23] Resnick, P. and Zeckhauser, R. (2002) Trust among strangers in Internet transactions: Empirical analysis of eBay’s reputation system. In: Proceedings of the Economics of the Internet and E-commerce, Emerald Group
• [24] Publishing Limited, 127-157.
• [25] Sahoo, K.S., Puthal, D., Tiwary, M., Rodrigues, J.J.P.C., Sahoo, B. and Dash, R. (2018) An Early Detection of Low Rate DDoS Attack to SDN Based Data Center Networks using Information Distance Metrics. Future Generation Computer Systems, 89, 685-697.
• [26] Seroussi, G. (1999) Elliptic curve cryptography. Information Theory and Networking Workshop (Cat. No.99EX371), Metsovo, 41, IEEE.
• [27] Specht, S.M. and Lee, R.B. (2004) Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures. Proceedings of the ISCA 17th International Conference on Parallel and Distributed Computing Systems, September 15-17, 2004, San Francisco, CA, 543-550.
• [28] Thomas, R. and Rangachar, M.J.S. (2016) Integrating GWTM and BAT algorithm for face recognition in low resolution images. The Imaging Science Journal, 64(8), 441-452.
• [29] TTW Group (2013) The notorious nine: Cloud computing top threats in 2013, Report. Cloud Security Alliance.
• [30] Udhayan, J. and Anitha, R. (2009) Demystifying and rate limiting ICMP hosted DoS/DDoS flooding attacks with attack productivity analysis. In: Proceedings of IEEE International Advance computing conference (IACC 2009), IEEE, 558-564.
• [31] Wang, G., Musau, F., Guo, S. and Abdullahi, M.B. (2015) Neighbor similarity trust against sybil attack in P2P ecommerce. IEEE Transactions on Parallel and Distributed Systems, 26(3), 824-833.
• [32] Yang, Y., Feng, Q., Sun, Y.L. and Dai, Y. (2009) Dishonest behaviors in online rating systems: cyber competition, attack models, and attack generator. Journal of Computer Science and Technology, 24(5), 855-867.
• [33] Yin, D., Zhang, L. and Yang, K. (2018) A DDoS Attack Detection and Mitigation with Software-Defined Internet of Things Framework. IEEE Access, 6, 24694 – 24705.
• [34] Zupancic, E. and Trcek, D. (2017) QADE: a novel trust and reputation model for handling false trust values in e commerce environments with subjectivity consideration. Technological and Economic Development of Economy, 23(1), 81-110.