Application layer ddos detection using clustering analysis
Many methods were designed in previous literatures to protect systems from IP and TCP layers distributed denial of service attacks instead of the application layer. However, they will not work well any more when encountering with application layer distributed denial of service. We will introduce clu...
Gespeichert in:
| Veröffentlicht in: | 2012 2nd International Conference on Computer Science and Network Technology S. 1038 - 1041 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Tagungsbericht |
| Sprache: | Englisch |
| Veröffentlicht: |
IEEE
01.12.2012
|
| Schlagworte: | |
| ISBN: | 1467329630, 9781467329637 |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | Many methods were designed in previous literatures to protect systems from IP and TCP layers distributed denial of service attacks instead of the application layer. However, they will not work well any more when encountering with application layer distributed denial of service. We will introduce clustering method to analysis application layer ddos in this paper. To capture users' browsing behavior, we cluster users' sessions. We consider bots' browsing behavior as abnormally behavior. That is, different from normal human behavior. We first extract four features from session to cluster users sessions-average size of objects requested in the session, request rate, average popularity of all objects in the session, average transition probability. Then, we use large amount of legitimate request sequence to get normal user browsing behavior models. Finally, conduct simulation experiments with attack dataset to validate the models. |
|---|---|
| ISBN: | 1467329630 9781467329637 |
| DOI: | 10.1109/ICCSNT.2012.6526103 |