Anomaly Detection for Application Layer User Browsing Behavior Based on Attributes and Features
作者: Xiong Luo , Xiaoqiang Di , Xu Liu , Hui Qi , Jinqing Li
DOI: 10.1088/1742-6596/1069/1/012072
关键词:
摘要: Application layer distributed denial of service (App-DDoS) attacks has posed a great threat to the security Internet. Since these occur in application layer, they can easily evade traditional network and transport detection methods. In this paper, we extract group user behavior attributes from our intercept program instead web server logs construct feature matrix based on nine features characterize behavior. Subsequently, principal component analysis (PCA) is applied profile browsing pattern outliers are used recognize normal users attackers. Experiment results show that proposed method good distinguish Finally, implement three machine learning algorithms (K-means, DBSCAN SVM) further validate effectiveness features.
sci-hub.se 参考文章(12)
Shui Yu, Wanlei Zhou, Weijia Jia, Song Guo, Yong Xiang, Feilong Tang, Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient IEEE Transactions on Parallel and Distributed Systems. ,vol. 23, pp. 1073- 1080 ,(2012) , 10.1109/TPDS.2011.262
Qin Liao, Hong Li, Songlin Kang, Chuchu Liu, Feature extraction and construction of application layer DDoS attack based on user behavior conference on computational complexity. pp. 5492- 5497 ,(2014) , 10.1109/CHICC.2014.6895878
Dusan Stevanovic, Natalija Vlajic, Aijun An, Detection of malicious and non-malicious website visitors using unsupervised neural network learning soft computing. ,vol. 13, pp. 698- 708 ,(2013) , 10.1016/J.ASOC.2012.08.028
G. Oikonomou, J. Mirkovic, Modeling Human Behavior for Defense Against Flash-Crowd Attacks international conference on communications. pp. 625- 630 ,(2009) , 10.1109/ICC.2009.5199191
Yi Xie, Shun-Zheng Yu, A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors IEEE ACM Transactions on Networking. ,vol. 17, pp. 54- 65 ,(2009) , 10.1109/TNET.2008.923716
Hervé Abdi, Lynne J. Williams, Principal component analysis Wiley Interdisciplinary Reviews: Computational Statistics. ,vol. 2, pp. 433- 459 ,(2010) , 10.1002/WICS.101
Sangjae Lee, Gisung Kim, Sehun Kim, Sequence-order-independent network profiling for detecting application layer DDoS attacks Eurasip Journal on Wireless Communications and Networking. ,vol. 2011, pp. 50- ,(2011) , 10.1186/1687-1499-2011-50
Yi Xie, S. Tang, Y. Xiang, J. Hu, Resisting Web Proxy-Based HTTP Attacks by Temporal and Spatial Locality Behavior IEEE Transactions on Parallel and Distributed Systems. ,vol. 24, pp. 1401- 1410 ,(2013) , 10.1109/TPDS.2012.232
Saman Taghavi Zargar, James Joshi, David Tipper, A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks IEEE Communications Surveys and Tutorials. ,vol. 15, pp. 2046- 2069 ,(2013) , 10.1109/SURV.2013.031413.00127
Yi Xie, Shun-Zheng Yu, Monitoring the application-layer DDoS attacks for popular websites IEEE ACM Transactions on Networking. ,vol. 17, pp. 15- 25 ,(2009) , 10.1109/TNET.2008.925628