Low-Rate Application-Layer DDoS Attacks Detection by Principal Component Analysis (PCA) through User Browsing Behavior
作者: Xiao Qiang Di , Hua Min Yang , Hui Qi
DOI: 10.4028/WWW.SCIENTIFIC.NET/AMM.397-400.1945
关键词:
摘要: Application-layer distributed denials of service (DDoS) attacks are becoming ever more challenging to internet service security, since firewall and intrusion detection system work on network layer while these attacks are launched on application layer. In contrast to prior work focusing on detection of high-rate DDoS attacks at static web sites, we propose a novel approach to detect low-rate application-layer DDoS attacks at dynamic web sites. A feature matrix is introduced to characterize user browsing behavior. Principal component analysis (PCA) is applied to profile the user browsing behavior pattern. Outliers from this pattern are used to identify anomaly users. Experiments are conducted to validate our approach. Experimental results show that our approach is accurate to detect low-rate application-layer DDoS attacks.
sci-hub.se 参考文章(4)
Jonathon Shlens, A Tutorial on Principal Component Analysis. arXiv: Learning. ,(2014)
Yi Xie, Shun-Zheng Yu, A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors IEEE ACM Transactions on Networking. ,vol. 17, pp. 54- 65 ,(2009) , 10.1109/TNET.2008.923716
Sangjae Lee, Gisung Kim, Sehun Kim, Sequence-order-independent network profiling for detecting application layer DDoS attacks Eurasip Journal on Wireless Communications and Networking. ,vol. 2011, pp. 50- ,(2011) , 10.1186/1687-1499-2011-50
Yi Xie, Shun-Zheng Yu, Monitoring the application-layer DDoS attacks for popular websites IEEE ACM Transactions on Networking. ,vol. 17, pp. 15- 25 ,(2009) , 10.1109/TNET.2008.925628