Title :
Application layer ddos detection using clustering analysis
Author :
Chengxu Ye ; Kesong Zheng ; Chuyu She
Author_Institution :
Sch. of Comput., Qinghai Normal Univ., Xining, China
Abstract :
Many methods were designed in previous literatures to protect systems from IP and TCP layers distributed denial of service attacks instead of the application layer. However, they will not work well any more when encountering with application layer distributed denial of service. We will introduce clustering method to analysis application layer ddos in this paper. To capture users´ browsing behavior, we cluster users´ sessions. We consider bots´ browsing behavior as abnormally behavior. That is, different from normal human behavior. We first extract four features from session to cluster users sessions-average size of objects requested in the session, request rate, average popularity of all objects in the session, average transition probability. Then, we use large amount of legitimate request sequence to get normal user browsing behavior models. Finally, conduct simulation experiments with attack dataset to validate the models.
Keywords :
IP networks; computer network security; IP layer; TCP layer; application layer ddos detection; attack dataset; average transition probability; clustering analysis; distributed denial of service attack; user browsing behavior model; application; browsing behavior; cluster; ddos;
Conference_Titel :
Computer Science and Network Technology (ICCSNT), 2012 2nd International Conference on
Conference_Location :
Changchun
Print_ISBN :
978-1-4673-2963-7
DOI :
10.1109/ICCSNT.2012.6526103
