Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Data Mining: Concepts, Models, Methods and Algorithms
Data Mining: Concepts, Models, Methods and Algorithms
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Modelling and Predicting Web Page Accesses Using Markov Processes
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Combining the web content and usage mining to understand the visitor behavior in a web site
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
User Centric Walk: An Integrated Approach for Modeling the Browsing Behavior of Users on the Web
ANSS '05 Proceedings of the 38th annual Symposium on Simulation
A hidden semi-Markov model for web workload self-similarity
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
Asset priority risk assessment using hidden markov models
Proceedings of the 10th ACM conference on SIG-information technology education
Markov anomaly modeling for trust management in variable threat environments
Proceedings of the 48th Annual Southeast Regional Conference
An effective defense mechanism against DoS/DDoS attacks in flow-based routers
Proceedings of the 8th International Conference on Advances in Mobile Computing and Multimedia
Unsupervised segmentation of hidden semi-Markov non-stationary chains
Signal Processing
Performance evaluation with hidden markov models
PERFORM'10 Proceedings of the 2010 IFIP WG 6.3/7.3 international conference on Performance Evaluation of Computer and Communication Systems: milestones and future challenges
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
Countermeasures on application level low-rate denial-of-service attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
The Journal of Supercomputing
A confidence-based filtering method for DDoS attack defense in cloud environment
Future Generation Computer Systems
Dynamic entropy based DoS attack detection method
Computers and Electrical Engineering
Information Sciences: an International Journal
Real-time detection of application-layer DDoS attack using time series analysis
Journal of Control Science and Engineering - Special issue on Advances in Methods for Networked and Cyber-Physical System
| Hi-index | 0.00 |
Many methods designed to create defenses against distributed denial of service (DDoS) attacks are focused on the IP and TCP layers instead of the high layer. They are not suitable for handling the new type of attack which is based on the application layer. In this paper, we introduce a new scheme to achieve early attack detection and filtering for the application-layer-based DDoS attack. An extended hidden semi-Markov model is proposed to describe the browsing behaviors of web surfers. In order to reduce the computational amount introduced by the model's large state space, a novel forward algorithm is derived for the online implementation of the model based on the M-algorithm. Entropy of the user's HTTP request sequence fitting to the model is used as a criterion to measure the user's normality. Finally, experiments are conducted to validate our model and algorithm.