On the self-similar nature of Ethernet traffic (extended version)
IEEE/ACM Transactions on Networking (TON)
File popularity characterisation
ACM SIGMETRICS Performance Evaluation Review
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
User Centric Walk: An Integrated Approach for Modeling the Browsing Behavior of Users on the Web
ANSS '05 Proceedings of the 38th annual Symposium on Simulation
An Active Detecting Method Against SYN Flooding Attack
ICPADS '05 Proceedings of the 11th International Conference on Parallel and Distributed Systems - Volume 01
Monitoring the Macroscopic Effect of DDoS Flooding Attacks
IEEE Transactions on Dependable and Secure Computing
A Novel Model for Detecting Application Layer DDoS Attacks
IMSCCS '06 Proceedings of the First International Multi-Symposiums on Computer and Computational Sciences - Volume 2 (IMSCCS'06) - Volume 02
A hidden semi-Markov model for web workload self-similarity
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Fast and robust fixed-point algorithms for independent component analysis
IEEE Transactions on Neural Networks
MAC layer jamming mitigation using a game augmented by intervention
EURASIP Journal on Wireless Communications and Networking
Detecting fraudulent use of cloud resources
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Witnessing distributed denial-of-service traffic from an attacker's network
Proceedings of the 7th International Conference on Network and Services Management
Feature evaluation for web crawler detection with data mining techniques
Expert Systems with Applications: An International Journal
Application of IP traceback mechanism to onlinevoting system
ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
Detection of HTTP-GET attack with clustering and information theoretic measurements
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
A confidence-based filtering method for DDoS attack defense in cloud environment
Future Generation Computer Systems
Detecting denial of service by modelling web-server behaviour
Computers and Electrical Engineering
HTTP botnet detection using hidden semi-Markov model with SNMP MIB variables
International Journal of Electronic Security and Digital Forensics
| Hi-index | 0.00 |
Distributed denial of service (DDoS) attack is a continuous critical threat to the Internet. Derived from the low layers, new application-layer-based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. The case may be more serious when such attacks mimic or occur during the flash crowd event of a popular Website. Focusing on the detection for such new DDoS attacks, a scheme based on document popularity is introduced. An Access Matrix is defined to capture the spatial-temporal patterns of a normal flash crowd. Principal component analysis and independent component analysis are applied to abstract the multidimensional Access Matrix. A novel anomaly detector based on hidden semi-Markov model is proposed to describe the dynamics of Access Matrix and to detect the attacks. The entropy of document popularity fitting to the model is used to detect the potential application-layer DDoS attacks. Numerical results based on real Web traffic data are presented to demonstrate the effectiveness of the proposed method.