Hybrid Machine Learning System for Early Detection of SSH Brute-Force, ICMP Flood, DNS Reflection, and TCP SYN Attacks in Cloud Environments

Abstract

Distributed Denial of Service (DDoS) attacks have been the major source of worry to modern network infrastructures as such attacks disrupted network services by flooding them with malicious traffic. The growth of cloud computing has been a huge factor behind the DDoS attacks as the attackers can utilize virtual machines (VMs) to create a powerful attack and at the same time, they can stay anonymous. This work investigates the DDoS attacks from the cloud and offers a machine learning-based solution for the earliest detection and mitigation. The idea system utilizes statistical traffic analysis and anomaly detection techniques to find the malicious patterns in network activity.

Through a hybrid learning model made up of pre-trained and online learning modules, the system is able to remain dynamic as it is able to adjust to the method of attack that changes continuously.

The system has been put to the test in real cloud environments hence the results obtained show that it is able to detect the source of the attack with a very high level of accuracy and in this regard, it is able to do better than traditional destination-side defense. This work is vital in the implementation of a proactive security strategy that aims at large-scale DDoS attacks prevention thus, it contributes to the strengthening of the modern network infrastructures.