NPC '08 Proceedings of the IFIP International Conference on Network and Parallel Computing
Monitoring the application-layer DDoS attacks for popular websites
IEEE/ACM Transactions on Networking (TON)
Genetic algorithm combined with support vector machine for building an intrusion detection system
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Detection of HTTP-GET attack with clustering and information theoretic measurements
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
ACM SIGSOFT Software Engineering Notes
Visual analytics for intrusion detection in spam emails
International Journal of Grid and Utility Computing
Hi-index | 0.00 |
Countering Distributed Denial of Service (DDoS) attacks is becoming ever more challenging with the vast resources and techniques increasingly available to attackers. DDoS attacks are typically carried out at the network layer. However, there is evidence to suggest that application layer DDoS attacks can be more effective than the traditional ones. In this paper, we consider sophisticated attacks that utilize legitimate application layer HTTP requests from legitimately connected network machines to overwhelm Web server. Since the attack signature of each application layer DDoS is represented in abnormal user behavior, we propose a countermechanism based on Web user browsing behavior to protect the servers from these attacks. In contrast to prior works, we explore Hidden semi-Markov Model to describe the browsing behaviors of Web users and apply it to implement the anomaly detection for the application layer DDoS attacks which simulate the Web request behaviors of browser and use HTTP requests to launch attacks. By conducting an experiment with a real traffic data, the model shows that it is effective in measuring the user behaviors and detecting the application layer DDoS attacks.