Title :
Detection of application layer DDoS attack with clustering and likelihood analysis
Author :
Chwalinski, Pawel ; Belavkin, Roman ; Cheng, Xiaoyin
Author_Institution :
Sch. of Sci. & Technol., Middlesex Univ., London, UK
Abstract :
One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of webservers. This attack has been researched in this report, and a novel detection technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of likelihood analysis to distinguish among legitimate and attacking sequences. It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a webserver, that remain unknown to the attackers. In addition, empirical analysis shows stability of the clustering approach. Subsequently, likelihood of websession behaviour has been provided to measure anomaly of web sessions. The method performs reasonably well, regardless of browsing strategies and scope chosen by attackers.
Keywords :
Internet; computer network security; hypermedia; pattern clustering; probability; telecommunication services; transport protocols; HTTP protocol; HTTP-GET attack; application layer DDoS attack; attacking sequences; browsing strategies; clustering approach; detection technique; distributed denial; entropy-based clustering; likelihood analysis; service; web servers; web session behaviour; Clustering algorithms; Conferences; Data privacy; Entropy; NASA; Security; Clustering; Entropy; HTTP-GET Attack; Intrusion Detection;
Conference_Titel :
Globecom Workshops (GC Wkshps), 2013 IEEE
Conference_Location :
Atlanta, GA
DOI :
10.1109/GLOCOMW.2013.6824989
