Application layer ddos detection using clustering analysis

Many methods were designed in previous literatures to protect systems from IP and TCP layers distributed denial of service attacks instead of the application layer. However, they will not work well any more when encountering with application layer distributed denial of service. We will introduce clu...

Full description

Saved in:
Bibliographic Details
Published in:2012 2nd International Conference on Computer Science and Network Technology pp. 1038 - 1041
Main Authors: Ye, Chengxu, Zheng, Kesong, She, Chuyu
Format: Conference Proceeding
Language:English
Published: IEEE 01.12.2012
Subjects:
application
browsing behavior
cluster
Computational modeling
Computer crime
ddos
Denial-of-service attack
Feature extraction
IP networks
Probability
Synthetic aperture sonar
Viruses (medical)
Web servers
World Wide Web
ISBN:1467329630, 9781467329637
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Many methods were designed in previous literatures to protect systems from IP and TCP layers distributed denial of service attacks instead of the application layer. However, they will not work well any more when encountering with application layer distributed denial of service. We will introduce clustering method to analysis application layer ddos in this paper. To capture users' browsing behavior, we cluster users' sessions. We consider bots' browsing behavior as abnormally behavior. That is, different from normal human behavior. We first extract four features from session to cluster users sessions-average size of objects requested in the session, request rate, average popularity of all objects in the session, average transition probability. Then, we use large amount of legitimate request sequence to get normal user browsing behavior models. Finally, conduct simulation experiments with attack dataset to validate the models.
ISBN:1467329630
9781467329637
DOI:10.1109/ICCSNT.2012.6526103