Title :
Detection of Application Layer DDoS Attacks with Clustering and Bayes Factors
Author :
Chwalinski, Pawel ; Belavkin, Roman ; Cheng, Xiaoyin
Author_Institution :
Sch. of Sci. & Technol., Middlesex Univ., London, UK
Abstract :
One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of web servers. This attack has been researched in this report, and a novel detection technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of Bayes factors to distinguish among legitimate and attacking sequences. It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a web server, that remain unknown to the attackers. Subsequently, Bayes factors are introduced to measure anomaly of web sessions. The method performs reasonably well, against strategy and scope varying attackers.
Keywords :
Bayes methods; computer network security; entropy; file servers; pattern clustering; transport protocols; Bayes factors; HTTP protocol; HTTP-GET attack; Web servers; application layer DDoS attacks; entropy-based clustering; Clustering algorithms; Entropy; Hidden Markov models; Joints; Measurement; NASA; Training; Bayes Factors; Clustering; Entropy; HTTP-GET Attack; Intrusion Detection;
Conference_Titel :
Systems, Man, and Cybernetics (SMC), 2013 IEEE International Conference on
Conference_Location :
Manchester
DOI :
10.1109/SMC.2013.34
