Title :
Detection of application layer distributed denial of service
Author :
Ye, Chengxu ; Zheng, Kesong
Author_Institution :
Sch. of Comput., Qinghai Normal Univ., Xining, China
Abstract :
In the previous literatures, many methods were designed to defend against IP or TCP layers distributed denial of service attacks instead of the application layer. In this paper, we introduce a simple but effective scheme to detect application layer based ddos attacks. A http request transition matrix is proposed to describe users browsing behavior. We assume normal human user will choose interesting pages and objects. And that forms a pattern - transition probability from one page to another. But a bot can not know what are the popular pages for most people, it will randomly send requests to web server for one scenario so that its request sequence has a very small transition probability, i.e. the sequence is less correlative. At last, simulation experiments are conducted with dataset which shows the scheme is effective.
Keywords :
Internet; probability; security of data; transport protocols; Web server; application layer based DDoS attacks; application layer distributed denial of service; bot; http request transition matrix; pattern - transition probability; users browsing behavior; Ash; Computational modeling; Computer crime; Humans; IP networks; Servers; Vectors; Application layer DDoS; Correlation analysis; Zipf;
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2011 International Conference on
Conference_Location :
Harbin
Print_ISBN :
978-1-4577-1586-0
DOI :
10.1109/ICCSNT.2011.6181964
