DOI: 10.12732/ijam.v38i2.11
A HYBRID MACHINE LEARNING FRAMEWORK FOR
DETECTION AND MITIGATION OF DENIAL-OF-SERVICE
ATTACKS IN CLOUD OF THINGS ENVIRONMENTS
Sahilpreet Singh1, Arjan Singh2, Vishal Goyal3
1,3Department of Computer Science, Punjabi University
Patiala, Punjab, India
2Department of Mathematics
Punjabi University
Patiala, Punjab, India
Abstract. The Cloud of Things (CoT) integrates large-scale In-ternet of Things (IoT) devices with cloud computing ser-vices to support smart applications such as healthcare mon-itoring, industrial automation, and smart city infrastruc-ture. However, the distributed and resource- constrained nature of IoT devices, combined with centralized cloud de-pendency, makes CoT environments highly vulnerable to Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks. This paper proposes a hybrid machine learning based intrusion detection and mitigation frame-work designed specifically f or C oT s ystems. T he detection layer is implemented using an optimised feature representa-tion obtained through Particle Swarm Optimization based feature selection, followed by supervised classification using Na¨ıve Bayes, Support Vector Machine, and a tuned Ensemble model. Experimental evaluation demonstrates that the ensemble classifier achieves strong generalization, with accuracy above 98.7% and near-perfect recall, ensuring that attack flows are rarely missed. Confusion matrix analysis confirms a substantial reduction in false negatives compared to individual models, supporting reliable early detection. To extend beyond offline classification, the tuned ensemble detector is integrated into a CoT mitigation simulator implementing hierarchical response policies, including rate limiting, flow quarantine, ACL blocking, and escalation to cloud-level scrubbing. Simulation results show high detection coverage, effective recovery performance, and stable throughput under heterogeneous attack scenarios. Overall, the proposed framework provides an accurate, scalable, and operationally resilient solution for securing Cloud of Things deployments against disruptive DoS attacks.
How
to cite this paper?
Source: International Journal of Applied Mathematics
ISSN printed version: 1311-1728
ISSN on-line version: 1314-8060
Year: 2025
Volume: 38
Issue: 2
References
[1] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Computer Networks, vol. 54, no. 15, pp. 2787-2805, 2010.
[2] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloud computing and emerging IT platforms: Vision, hype, and reality,” Future Generation Computer Systems, vol. 25, no. 6, pp. 599-616, 2009.
[3] M. Botta, W. de Donato, V. Persico, and A. Pescap`e, “Integration of cloud computing and Internet of Things: A survey,” Future Generation Computer Systems, vol. 56, pp. 684-700, 2016.
[4] S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers,” in Proc. IEEE International Conference on Computing, Networking and Communications (ICNC), 2015, pp. 77-81.
[5] M. Antonakakis et al., “Understanding the Mirai botnet,” in Proc. USENIX Security Symposium, 2017, pp. 1093-1110.
[6] R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” in Proc. IEEE Symposium on Security and Privacy, 2010, pp. 305-316.
[7] C. Cortes and V. Vapnik, “Support-vector networks,” Machine Learning, vol. 20, no. 3, pp. 273-297, 1995.
[8] Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning,” Nature, vol. 521, no. 7553, pp. 436-444, 2015.
[9] T. G. Dietterich, “Ensemble methods in machine learning,” in Proc. International Workshop on Multiple Classifier Systems, 2000, pp. 1-15.
[10] A. Ahuja, S. Singal, and N. Kumar, “Deep learning based DDoS attack detection in software-defined networks,” Computer Communications, vol. 150, pp. 102-114, 2020.
[11] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in Proc. International Conference on Information Systems Security and Privacy (ICISSP), 2018, pp. 108-116.
[12] Q. Yang, Y. Liu, T. Chen, and Y. Tong, “Federated machine learning: Concept and applications,” ACM Transactions on Intelligent Systems and Technology, vol. 10, no. 2, pp. 1-19, 2019.
[13] M. Ma, J. Chen, and X. Wang, “Graph learning based DDoS detection using programmable data planes in SDN,” IEEE Transactions on Network and Service Management, vol. 21, no. 1, pp. 55-69, 2024.
[14] A. Ahuja, S. Singal, and N. Kumar, “Deep learning based DDoS attack detection in software-defined networks,” Computer Communications, vol. 150, pp. 102-114, 2020.
[15] S. Ravi, P. Sharma, and M. Gupta, “Temporal deep learning for low-rate DDoS detection in SDN-enabled IoT systems,” IEEE Access, vol. 9, pp. 44512-44525, 2021.
[16] M. Lopez, J. Torres, and R. Sandhu, “A reproducible SDN DDoS dataset using Mininet and Ryu controller,” Future Internet, vol. 12, no. 6, pp. 1-15, 2020.
[17] H. Alshamrani, A. Alshehri, and K. Salah, “Tree-SDN-DDoS: A topology-aware dataset for hierarchical SDN-based IoT networks,” Computer Networks, vol. 189, pp. 107905, 2021.
[18] Y. Zhang, X. Li, and J. Wang, “HLD-DDoSDN: A mixed-rate DDoS dataset for modern SDN traffic analysis,” Data in Brief, vol. 35, pp. 106848, 2021.
[19] R. Singh and P. Kaur, “Optimized feature selection and ensemble learning for DDoS detection in SDN,” Journal of Network and Computer Applications, vol. 176, pp. 102930, 2021.
[20] M. Khan, S. Hussain, and A. Rehman, “Nature-inspired Siberian Tiger optimization for deep learning based DDoS detection,” Expert Systems with Applications, vol. 185, pp. 115593, 2021.
[21] T. Verma and S. Patel, “A hybrid SDN architecture for smart city DDoS defense using gateway filtering and ML,” IEEE Internet of Things Journal, vol. 8, no. 14, pp. 11234-11247, 2021.
[22] L. Chen, Y. Xu, and M. Qiu, “Distributed edge-controller framework for early DDoS detection in IoT networks,” Computer Security, vol. 110, pp. 102447, 2021.
[23] S. Mehmood, H. Abbas, and M. Afzal, “Hybrid DBN-LSTM architecture for evolving DDoS attack detection in SDN,” Neural Computing and Applications, vol. 33, pp. 15521-15538, 2021.
[24] J. Li, Z.Wang, and Y. Sun, “CNN-LSTM hybrid deep learning framework for automatic DDoS attack identification,” IEEE Transactions on Network Science and Engineering, vol. 9, no. 2, pp. 845-857, 2022.
[25] A. Kumar and R. Tripathi, “Deep learning based detection and mitigation pipeline for DDoS attacks in SDN,” in Proc. IEEE International Conference on Communications (ICC), 2022, pp. 1-6.
[26] Q. Zhao, H. Li, and X. Zhang, “Weighted federated learning for privacy-preserving low-rate DDoS detection in IoT,” IEEE Access, vol. 10, pp. 33110-33125, 2022.
[27] M. Ibrahim, A. El-Sayed, and K. Salah, “Scalable federated intrusion detection in large SDN deployments under node failures,” IEEE Transactions on Network and Service Management, vol. 19, no. 3, pp. 2671-2685, 2022.
[28] G. Garba, A. Yusuf, and S. Mohammed, “SDN-based detection and mitigation of DDoS attacks in smart home IoT environments,” Sensors, vol. 24, no. 3, pp. 1-18, 2024.
[29] A. Hirsi, M. Ali, and F. Noor, “An SDN-DDoS traffic dataset for benchmarking machine learning and deep learning models,” Data in Brief, vol. 52, pp. 109872, 2024.
[30] M. Ma, J. Chen, and X. Wang, “Graph learning based DDoS detection using programmable data planes in SDN,” IEEE Transactions on Network and Service Management, vol. 21, no. 1, pp. 55-69, 2024.
IJAM
o Home
o Contents