• DocumentCode
    3035272
  • Title

    Detection of Application Layer DDoS Attacks with Clustering and Bayes Factors

  • Author

    Chwalinski, Pawel ; Belavkin, Roman ; Cheng, Xiaoyin

  • Author_Institution
    Sch. of Sci. & Technol., Middlesex Univ., London, UK
  • fYear
    2013
  • fDate
    13-16 Oct. 2013
  • Firstpage
    156
  • Lastpage
    161
  • Abstract
    One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of web servers. This attack has been researched in this report, and a novel detection technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of Bayes factors to distinguish among legitimate and attacking sequences. It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a web server, that remain unknown to the attackers. Subsequently, Bayes factors are introduced to measure anomaly of web sessions. The method performs reasonably well, against strategy and scope varying attackers.
  • Keywords
    Bayes methods; computer network security; entropy; file servers; pattern clustering; transport protocols; Bayes factors; HTTP protocol; HTTP-GET attack; Web servers; application layer DDoS attacks; entropy-based clustering; Clustering algorithms; Entropy; Hidden Markov models; Joints; Measurement; NASA; Training; Bayes Factors; Clustering; Entropy; HTTP-GET Attack; Intrusion Detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on
  • Conference_Location
    Manchester
  • Type

    conf

  • DOI
    10.1109/SMC.2013.34
  • Filename
    6721787
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3035272