In the scenario of Distributed Denial of Service (DDoS) attacks are increasing in a significant manner, the attacks should be mitigated in the beginning itself to avoid its devastating consequences for any kind of business. DDoS attack can slow down or completely block online services of business like websites, email or anything that faces internet. The attacks are frequently originating from cloud virtual machines for anonymity and wide network bandwidth. Hyper-Calls Analysis(HCA) enables the tracing of command flow to detect any clues for the occurrence of malicious activity in the system. A DDoS attack detection approach proposed in this paper works in the hypervisor side to perform hyper calls based introspection with machine learning algorithms. The system evaluates system calls in hypervisor for the classification of malicious activities through Support Vector Machine and Stochastic Gradient Descent (SVM & SGD) Algorithms. The attack environment created using XOIC attacker tool and CPU death ping libraries. The system’s performance also evaluated on CICDDOS 2019 dataset. The experimental results reveal that more than 99.6% of accuracy in DDoS detection without degrading performance.

Cloud computing is emerging as a popular paradigm that provides significant advances and utility-oriented services over shared virtualized resources. Despite the advantage of the cloud services, the majority of cloud users are reluctant to access the cloud due to unprecedented security threats in the cloud environment. The increasing cloud vulnerability incidences show the significance of cloud forensic techniques for the criminal investigation. It is challenging to gather the evidence from the abundant cloud data and identifying the source of the attack from the crime scene. Moreover, the Cloud Service Provider (CSP) confines the investigator to carry out the forensic investigation due to the prime concerns in the multi-tenant cloud infrastructure. To cope up with these constraints, this paper presents INSPECT, an investigation model that accomplishes adaptive evidence acquisition with adequate support for dynamic Chain of Custody presentation. By utilizing the VM log files, the INSPECT approach forensically acquires the corresponding evidence from the cloud data storage based on the location of malicious activity. It enhances the evidence acquisition and analysis process by optimally selecting and exploiting the required forensic fields alone instead of analyzing the entire log information. The INSPECT applies the Modified Fuzzy C-Means (M-FCM) clustering with contextual initialization method on the acquired evidence to recognize the source of the attack and improves the trustworthiness of the evidence through the submission of the chain of custody. By analyzing the Service Level Agreement (SLA) of the cloud users, it facilitates the source of attack identification from the clustered data. Furthermore, it isolates the evidence to avert deliberate modification by an adversary in the multi-tenant cloud. Eventually, INSPECT presents the evidence along with the chain of custody information regarding the crime scene. It enables the law enforcement authority to explore the evidence through the chain of custody information and to reconstruct the crime scene using the VM snapshots associated with timestamp data. The experimental results reveal that the INSPECT approach accomplishes a high level of accuracy in the investigation with the improved trustworthiness over the multi-tenant cloud infrastructure.