Detection of application layer distributed denial of service

Author

Ye, Chengxu ; Zheng, Kesong

Author_Institution

Sch. of Comput., Qinghai Normal Univ., Xining, China

Volume

1

fYear

2011

Firstpage

310

Lastpage

314

Abstract

In the previous literatures, many methods were designed to defend against IP or TCP layers distributed denial of service attacks instead of the application layer. In this paper, we introduce a simple but effective scheme to detect application layer based ddos attacks. A http request transition matrix is proposed to describe users browsing behavior. We assume normal human user will choose interesting pages and objects. And that forms a pattern - transition probability from one page to another. But a bot can not know what are the popular pages for most people, it will randomly send requests to web server for one scenario so that its request sequence has a very small transition probability, i.e. the sequence is less correlative. At last, simulation experiments are conducted with dataset which shows the scheme is effective.

Keywords

Internet; probability; security of data; transport protocols; Web server; application layer based DDoS attacks; application layer distributed denial of service; bot; http request transition matrix; pattern - transition probability; users browsing behavior; Ash; Computational modeling; Computer crime; Humans; IP networks; Servers; Vectors; Application layer DDoS; Correlation analysis; Zipf;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Network Technology (ICCSNT), 2011 International Conference on

Conference_Location

Harbin

Print_ISBN

978-1-4577-1586-0

Type

conf

DOI

10.1109/ICCSNT.2011.6181964

Filename

6181964