Adaptive filter theory (3rd ed.)
Adaptive filter theory (3rd ed.)
Telling humans and computers apart automatically
Communications of the ACM - Information cities
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors
IEEE/ACM Transactions on Networking (TON)
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
Modeling human behavior for defense against flash-crowd attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
| Hi-index | 0.00 |
Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.