Volume 17 , Issue 2 , PP: 79-97, 2025 | Cite this article as | XML | Html | PDF | Full Length Article
Muhammad Asif Khan 1 , Mohd Faizal Ab Razak 2 * , Zafril Rizal Bin M Azmi 3 , Ahmad Firdaus 4 , Abdul Hafeez Nuhu 5 , Syed Shuja Hussain 6
Doi: https://doi.org/10.54216/FPA.170207
Distributed Denial of Service (DDoS) attacks pose a significant threat to cloud computing environments, necessitating advanced detection methods. This review examines the application of Machine Learning (ML) and Deep Learning (DL) techniques for DDoS detection in cloud settings, focusing on research from 2019 to 2024. It evaluates the effectiveness of various ML and DL approaches, including traditional algorithms, ensemble methods, and advanced neural network architectures, while critically analyzing commonly used datasets for their relevance and limitations in cloud-specific scenarios. Despite improvements in detection accuracy and efficiency, challenges such as outdated datasets, scalability issues, and the need for real-time adaptive learning persist. Future research should focus on developing cloud-specific datasets, advanced feature engineering, explainable AI, and cross-layer detection approaches, with potential exploration of emerging technologies like quantum machine learning.
DDoS Attack Detection , Machine Learning , Deep Learning , IDS , Cloud Computing Security
[1] Chris Conrad et al., “NETSCOUT DDoS THREAT INTELLIGENCE REPORT / FINDINGS FROM 2ND HALF 2023.” Accessed: Jun. 14, 2024. [Online]. Available: https://www.netscout.com/threatreport/wp-content/uploads/2023/09/Threat_Report_1h2023.pdf
[2] Y. Omer and P. Jorge, “DDoS threat report for 2023 Q4.” Accessed: Jul. 03, 2024. [Online]. Available: https://blog.cloudflare.com/ddos-threat-report-2023-q4
[3] J. S. Saini, D. K. Saini, P. Gupta, C. S. Lamba, and G. M. Rao, “Cloud Computing: Legal Issues and Provision,” Security and Communication Networks, vol. 2022, pp. 1–13, Aug. 2022, doi: 10.1155/2022/2288961.
[4] Ponemon Institute, “Cost of Data Center Outages.” Accessed: Jul. 04, 2024. [Online]. Available: https://www.vertiv.com/globalassets/documents/reports/2016-cost-of-data-center-outages-11-11_51190_1.pdf
[5] Z. R. Alashhab, M. Anbar, M. M. Singh, I. H. Hasbullah, P. Jain, and T. A. Al-Amiedy, “Distributed Denial of Service Attacks against Cloud Computing Environment: Survey, Issues, Challenges and Coherent Taxonomy,” Applied Sciences, vol. 12, no. 23, p. 12441, Dec. 2022, doi: 10.3390/app122312441.
[6] Gartner, “Gartner Says Cloud Will Be the Centerpiece of New Digital Experiences.” Accessed: Jul. 15, 2024. [Online]. Available: https://www.gartner.com/en/newsroom/press-releases/2021-11-10-gartner-says-cloud-will-be-the-centerpiece-of-new-digital-experiences
[7] K. Finnell, “Time to move to UCaaS? UC’s future indeed looks ‘cloudy,’” TechTarget. Accessed: Jul. 16, 2024. [Online]. Available: https://www.techtarget.com/searchunifiedcommunications/ehandbook/Time-to-move-to-UCaaS-UCs-future-indeed-looks-cloudy
[8] M. J. Pasha, K. P. Rao, A. MallaReddy, and V. Bande, “LRDADF: An AI enabled framework for detecting low-rate DDoS attacks in cloud computing environments,” Measurement: Sensors, vol. 28, p. 100828, Aug. 2023, doi: 10.1016/j.measen.2023.100828.
[9] H. Attou et al., “Towards an Intelligent Intrusion Detection System to Detect Malicious Activities in Cloud Computing,” Applied Sciences, vol. 13, no. 17, p. 9588, Aug. 2023, doi: 10.3390/app13179588.
[10] Q. Li et al., “A comprehensive survey on DDoS defense systems: New trends and challenges,” Computer Networks, vol. 233, p. 109895, Sep. 2023, doi: 10.1016/j.comnet.2023.109895.
[11] N. Ahmed et al., “Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction,” Sensors, vol. 22, no. 20, p. 7896, Oct. 2022, doi: 10.3390/s22207896.
[12] I. Ahmad, Z. Wan, and A. Ahmad, “A big data analytics for DDOS attack detection using optimized ensemble framework in Internet of Things,” Internet of Things, vol. 23, p. 100825, Oct. 2023, doi: 10.1016/j.iot.2023.100825.
[13] K. Arumugam et al., “Towards applicability of machine learning techniques in agriculture and energy sector,” Mater Today Proc, vol. 51, pp. 2260–2263, 2022, doi: 10.1016/j.matpr.2021.11.394.
[14] M. Soori, B. Arezoo, and R. Dastres, “Artificial intelligence, machine learning and deep learning in advanced robotics, a review,” Cognitive Robotics, vol. 3, pp. 54–70, 2023, doi: 10.1016/j.cogr.2023.04.001.
[15] J. K. Chahal, A. Bhandari, and S. Behal, “DDoS attacks & defense mechanisms in SDN-enabled cloud: Taxonomy, review and research challenges,” Comput Sci Rev, vol. 53, p. 100644, Aug. 2024, doi: 10.1016/j.cosrev.2024.100644.
[16] M. Najafimehr, S. Zarifzadeh, and S. Mostafavi, “DDoS attacks and machine‐learning‐based detection methods: A survey and taxonomy,” Engineering Reports, May 2023, doi: 10.1002/eng2.12697.
[17] S. Lata and D. Singh, “Intrusion detection system in cloud environment: Literature survey & future research directions,” International Journal of Information Management Data Insights, vol. 2, no. 2, p. 100134, Nov. 2022, doi: 10.1016/j.jjimei.2022.100134.
[18] A. B. Nassif, M. A. Talib, Q. Nasir, H. Albadani, and F. M. Dakalbab, “Machine Learning for Cloud Security: A Systematic Review,” IEEE Access, vol. 9, pp. 20717–20735, 2021, doi: 10.1109/ACCESS.2021.3054129.
[19] J. Baas, M. Schotten, A. Plume, G. Côté, and R. Karimi, “Scopus as a curated, high-quality bibliometric data source for academic research in quantitative science studies,” Quantitative Science Studies, vol. 1, no. 1, pp. 377–386, Feb. 2020, doi: 10.1162/qss_a_00019.
[20] A. Aldhaheri, F. Alwahedi, M. A. Ferrag, and A. Battah, “Deep learning for cyber threat detection in IoT networks: A review,” Internet of Things and Cyber-Physical Systems, vol. 4, pp. 110–128, 2024, doi: 10.1016/j.iotcps.2023.09.003.
[21] R. M. A. Haseeb-ur-rehman et al., “High-Speed Network DDoS Attack Detection: A Survey,” Sensors, vol. 23, no. 15, p. 6850, Aug. 2023, doi: 10.3390/s23156850.
[22] A. Bhardwaj, V. Mangat, R. Vig, S. Halder, and M. Conti, “Distributed denial of service attacks in cloud: State-of-the-art of scientific and commercial solutions,” Comput Sci Rev, vol. 39, p. 100332, Feb. 2021, doi: 10.1016/j.cosrev.2020.100332.
[23] Y. Shang, “Prevention and detection of DDOS attack in virtual cloud computing environment using Naive Bayes algorithm of machine learning,” Measurement: Sensors, vol. 31, p. 100991, Feb. 2024, doi: 10.1016/j.measen.2023.100991.
[24] H. Setia et al., “Securing the road ahead: Machine learning-driven DDoS attack detection in VANET cloud environments,” Cyber Security and Applications, vol. 2, p. 100037, 2024, doi: 10.1016/j.csa.2024.100037.
[25] A. V. Songa and G. R. Karri, “An integrated SDN framework for early detection of DDoS attacks in cloud computing,” Journal of Cloud Computing, vol. 13, no. 1, p. 64, Mar. 2024, doi: 10.1186/s13677-024-00625-9.
[26] A. Naithani, S. N. Singh, K. Kant Singh, and S. Kumar, “Machine Learning for Cloud-Based DDoS Attack Detection: A Comprehensive Algorithmic Evaluation,” in 2024 14th International Conference on Cloud Computing, Data Science & Engineering (Confluence), IEEE, Jan. 2024, pp. 561–567. doi: 10.1109/Confluence60223.2024.10463504.
[27] B. Rexha, R. Thaqi, A. Mazrekaj, and K. Vishi, “Guarding the Cloud: An Effective Detection of Cloud-Based Cyber Attacks using Machine Learning Algorithms,” International Journal of Online and Biomedical Engineering (iJOE), vol. 19, no. 18, pp. 158–174, Dec. 2023, doi: 10.3991/ijoe.v19i18.45483.
[28] S. Naiem, A. E. Khedr, A. M. Idrees, and M. I. Marie, “Enhancing the Efficiency of Gaussian Naïve Bayes Machine Learning Classifier in the Detection of DDOS in Cloud Computing,” IEEE Access, vol. 11, pp. 124597–124608, 2023, doi: 10.1109/ACCESS.2023.3328951.
[29] M. Bakro et al., “Efficient Intrusion Detection System in the Cloud Using Fusion Feature Selection Approaches and an Ensemble Classifier,” Electronics (Basel), vol. 12, no. 11, p. 2427, May 2023, doi: 10.3390/electronics12112427.
[30] L. M. Pattnaik, P. K. Swain, S. Satpathy, and A. N. Panda, “Cloud DDoS Attack Detection Model with Data Fusion & Machine Learning Classifiers,” ICST Transactions on Scalable Information Systems, Sep. 2023, doi: 10.4108/eetsis.3936.
[31] P. Verma, A. R. K. Kowsik, R. K. Pateriya, N. Bharot, A. Vidyarthi, and D. Gupta, “A Stacked Ensemble Approach to Generalize the Classifier Prediction for the Detection of DDoS Attack in Cloud Network,” Mobile Networks and Applications, Aug. 2023, doi: 10.1007/s11036-023-02225-4.
[32] U. Islam, A. Al-Atawi, H. S. Alwageed, M. Ahsan, F. A. Awwad, and M. R. Abonazel, “Real-Time Detection Schemes for Memory DoS (M-DoS) Attacks on Cloud Computing Applications,” IEEE Access, vol. 11, pp. 74641–74656, 2023, doi: 10.1109/ACCESS.2023.3290910.
[33] R. Patil, G. Kandakur, R. Vardhamane, S. Kotyal, N. D. G., and A. Kachavimath, “A Collaborative Approach to Detect DDoS Attacks in OpenStack-based Cloud using Entropy and Machine Learning,” in 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), IEEE, Jul. 2023, pp. 1–5. doi: 10.1109/ICCCNT56998.2023.10306629.
[34] M. Ouhssini and K. Afdel, “Machine Learning Methods for DDoS Attacks Detection in the Cloud Environment,” 2022, pp. 401–413. doi: 10.1007/978-3-030-90639-9_32.
[35] N. Mishra, R. K. Singh, and S. K. Yadav, “Detection of DDoS Vulnerability in Cloud Computing Using the Perplexed Bayes Classifier,” Comput Intell Neurosci, vol. 2022, pp. 1–13, Jul. 2022, doi: 10.1155/2022/9151847.
[36] M. Arunkumar and K. Ashok Kumar, “Malicious attack detection approach in cloud computing using machine learning techniques,” Soft comput, vol. 26, no. 23, pp. 13097–13107, Dec. 2022, doi: 10.1007/s00500-021-06679-0.
[37] G. S. Kushwah and V. Ranga, “Detecting DDoS Attacks in Cloud Computing Using Extreme Learning Machine and Adaptive Differential Evolution,” Wirel Pers Commun, vol. 124, no. 3, pp. 2613–2636, Jun. 2022, doi: 10.1007/s11277-022-09481-9.
[38] J. Praba. J and R. Sridaran, “An SDN-based Decision Tree Detection (DTD) Model for Detecting DDoS Attacks in Cloud Environment,” International Journal of Advanced Computer Science and Applications, vol. 13, no. 7, 2022, doi: 10.14569/IJACSA.2022.0130708.
[39] A. Alshammari and A. Aldribi, “Apply machine learning techniques to detect malicious network traffic in cloud computing,” J Big Data, vol. 8, no. 1, p. 90, Dec. 2021, doi: 10.1186/s40537-021-00475-1.
[40] G. S. Kushwah and V. Ranga, “Optimized extreme learning machine for detecting DDoS attacks in cloud computing,” Comput Secur, vol. 105, p. 102260, Jun. 2021, doi: 10.1016/j.cose.2021.102260.
[41] A. A. Alqarni, “Majority Vote-Based Ensemble Approach for Distributed Denial of Service Attack Detection in Cloud Computing,” Journal of Cyber Security and Mobility, Mar. 2022, doi: 10.13052/jcsm2245-1439.1126.
[42] G. S. Kushwah and V. Ranga, “Voting extreme learning machine based distributed denial of service attack detection in cloud computing,” Journal of Information Security and Applications, vol. 53, p. 102532, Aug. 2020, doi: 10.1016/j.jisa.2020.102532.
[43] I. AlSaleh, A. Al-Samawi, and L. Nissirat, “Novel Machine Learning Approach for DDoS Cloud Detection: Bayesian-Based CNN and Data Fusion Enhancements,” Sensors, vol. 24, no. 5, p. 1418, Feb. 2024, doi: 10.3390/s24051418.
[44] M. Ouhssini, K. Afdel, E. Agherrabi, M. Akouhar, and A. Abarda, “DeepDefend: A comprehensive framework for DDoS attack detection and prevention in cloud computing,” Journal of King Saud University - Computer and Information Sciences, vol. 36, no. 2, p. 101938, Feb. 2024, doi: 10.1016/j.jksuci.2024.101938.
[45] O. Pandithurai, C. Venkataiah, S. Tiwari, and N. Ramanjaneyulu, “DDoS attack prediction using a honey badger optimization algorithm based feature selection and Bi-LSTM in cloud environment,” Expert Syst Appl, vol. 241, p. 122544, May 2024, doi: 10.1016/j.eswa.2023.122544.
[46] R. Verma, M. Jailia, M. Kumar, and B. Kaliraman, “Deep Neural Network Model for Improved DDoS Attack Detection in Cloud Environments,” in 2024 5th International Conference for Emerging Technology (INCET), IEEE, May 2024, pp. 1–6. doi: 10.1109/INCET61516.2024.10593561.
[47] A. H. Madhukar and S. D. Sasmita, “Optimization of a Deep Learning-Based Model for Detecting DDoS Attacks in Cloud Computing,” Nanotechnol Percept, vol. 20, no. S4, May 2024, doi: 10.62441/nano-ntp.v20iS4.19.
[48] A. Abdullah and M. A. Bouke, “Towards Image-Based Network Traffic Pattern Detection for DDoS Attacks in Cloud Computing Environments: A Comparative Study,” in Proceedings of the 14th International Conference on Cloud Computing and Services Science, SCITEPRESS - Science and Technology Publications, 2024, pp. 287–294. doi: 10.5220/0012725600003711.
[49] Y. Sanjalawe and T. Althobaiti, “DDoS Attack Detection in Cloud Computing Based on Ensemble Feature Selection and Deep Learning,” Computers, Materials & Continua, vol. 75, no. 2, pp. 3571–3588, 2023, doi: 10.32604/cmc.2023.037386.
[50] R. Bingu and S. Jothilakshmi, “Design of Intrusion Detection System using Ensemble Learning Technique in Cloud Computing Environment,” International Journal of Advanced Computer Science and Applications, vol. 14, no. 5, 2023, doi: 10.14569/IJACSA.2023.0140580.
[51] K. K. Paidipati, C. Kurangi, J. Uthayakumar, S. Padmanayaki, D. Pradeepa, and S. Nithinsha, “Ensemble of deep reinforcement learning with optimization model for DDoS attack detection and classification in cloud based software defined networks,” Multimed Tools Appl, vol. 83, no. 11, pp. 32367–32385, Sep. 2023, doi: 10.1007/s11042-023-16894-6.
[52] E. S. G.S.R., R. Ganeshan, I. D. J. Jingle, and J. P. Ananth, “FACVO-DNFN: Deep learning-based feature fusion and Distributed Denial of Service attack detection in cloud computing,” Knowl Based Syst, vol. 261, p. 110132, Feb. 2023, doi: 10.1016/j.knosys.2022.110132.
[53] S. Balasubramaniam et al., “Optimization Enabled Deep Learning-Based DDoS Attack Detection in Cloud Computing,” International Journal of Intelligent Systems, vol. 2023, pp. 1–16, Feb. 2023, doi: 10.1155/2023/2039217.
[54] R. A. Karthika, P. Sriramya, and A. Rohini, “Detection and Classification of DDoS Attacks in Cloud Data Using Hybrid LSTM and RNN for Feature Selection,” in 2023 International Conference on Circuit Power and Computing Technologies (ICCPCT), IEEE, Aug. 2023, pp. 1491–1495. doi: 10.1109/ICCPCT58313.2023.10244979.
[55] H. Aydın, Z. Orman, and M. A. Aydın, “A long short-term memory (LSTM)-based distributed denial of service (DDoS) detection and defense system design in public cloud network environment,” Comput Secur, vol. 118, p. 102725, Jul. 2022, doi: 10.1016/j.cose.2022.102725.
[56] D. Srilatha and N. Thillaiarasu, “DDoSNet: A Deep Learning Model for detecting Network Attacks in Cloud Computing,” in 2022 4th International Conference on Inventive Research in Computing Applications (ICIRCA), IEEE, Sep. 2022, pp. 576–581. doi: 10.1109/ICIRCA54612.2022.9985524.
[57] G. Kiruthiga, P. Saraswathi, S. Rajkumar, S. Suresh, B. Dhiyanesh, and R. Radha, “Effective DDoS Attack Detection using Deep Generative Radial Neural Network in the Cloud Environment,” in 2022 7th International Conference on Communication and Electronics Systems (ICCES), IEEE, Jun. 2022, pp. 675–681. doi: 10.1109/ICCES54183.2022.9835916.
[58] A. Agarwal, M. Khari, and R. Singh, “Detection of DDOS Attack using Deep Learning Model in Cloud Storage Application,” Wirel Pers Commun, vol. 127, no. 1, pp. 419–439, Nov. 2022, doi: 10.1007/s11277-021-08271-z.
[59] B. B. Gupta, A. Gaurav, and D. Perakovic, “A Big Data and Deep Learning based Approach for DDoS Detection in Cloud Computing Environment,” in 2021 IEEE 10th Global Conference on Consumer Electronics (GCCE), IEEE, Oct. 2021, pp. 287–290. doi: 10.1109/GCCE53005.2021.9622091.
[60] A. Bhardwaj, V. Mangat, and R. Vig, “Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud,” IEEE Access, vol. 8, pp. 181916–181929, 2020, doi: 10.1109/ACCESS.2020.3028690.
[61] W. Wang, X. Du, D. Shan, R. Qin, and N. Wang, “Cloud Intrusion Detection Method Based on Stacked Contractive Auto-Encoder and Support Vector Machine,” IEEE Transactions on Cloud Computing, vol. 10, no. 3, pp. 1634–1646, Jul. 2022, doi: 10.1109/TCC.2020.3001017.
[62] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy,” in 2019 International Carnahan Conference on Security Technology (ICCST), IEEE, Oct. 2019, pp. 1–8. doi: 10.1109/CCST.2019.8888419.
[63] I. Sharafaldin, A. Habibi Lashkari, and A. A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” in Proceedings of the 4th International Conference on Information Systems Security and Privacy, SCITEPRESS - Science and Technology Publications, 2018, pp. 108–116. doi: 10.5220/0006639801080116.
[64] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, IEEE, Jul. 2009, pp. 1–6. doi: 10.1109/CISDA.2009.5356528.
[65] N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference (MilCIS), IEEE, Nov. 2015, pp. 1–6. doi: 10.1109/MilCIS.2015.7348942.
[66] Canadian Institute for Cybersecurity, “CSE-CIC-IDS2018 on AWS: A collaborative project between the Communications Security Establishment (CSE) & the Canadian Institute for Cybersecurity (CIC).” Accessed: Mar. 23, 2024. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html
[67] N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics: Bot-IoT dataset,” Future Generation Computer Systems, vol. 100, pp. 779–796, Nov. 2019, doi: 10.1016/j.future.2019.05.041.
[68] M. Ring, S. Wunderlich, D. Grüdl, D. Landes, and A. Hotho, “Flow-based benchmark data sets for intrusion detection,” in European Conference on Information Warfare and Security, ECCWS, 2017, pp. 361–369.
[69] S. HETTICH, “The UCI KDD Archive,” http://kdd.ics.uci.edu, 1999, Accessed: Aug. 11, 2024. [Online]. Available: https://cir.nii.ac.jp/crid/1572543025502459520.bib?lang=en
[70] A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” Comput Secur, vol. 31, no. 3, pp. 357–374, May 2012, doi: 10.1016/j.cose.2011.12.012.
[71] “Traffic Data from Kyoto University’s Honeypots.” Accessed: Jul. 10, 2024. [Online]. Available: https://www.takakura.com/Kyoto_data/