{"title":"应用层DDOS攻击检测的混合机器学习方法","authors":"Rizwan Ur Rahman, D. Tomar, A. V. Jijin","doi":"10.14257/IJSIA.2017.11.4.07","DOIUrl":null,"url":null,"abstract":"Application Layer Distributed Denial of Service (App-DDoS) attack has become a major threat to web security. Attack detection is difficult as they mimic genuine user request. This paper proposes a clustering based correlation approach for detecting application layer DDoS attack on HTTP protocol. Proposed approach has two main modules ----Flow monitoring module and User behavior monitoring module. Flow monitor is responsible to analyze data flow information. User behavior monitor analyses end user behavior. Proposed approach is capable to detect three main attacks on HTTP protocol, i.e. HTTP-GET attack, HTTP-POST attack and Slow Read attack. It is also possible to detect hybrid type of DDoS attacks which uses a mixture network and application layer DDoS techniques. Comparative analysis of clustering algorithms on generated dataset is also done to demonstrate the effectiveness of detection approach.","PeriodicalId":46187,"journal":{"name":"International Journal of Security and Its Applications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Application Layer DDOS Attack Detection Using Hybrid Machine Learning Approach\",\"authors\":\"Rizwan Ur Rahman, D. Tomar, A. V. Jijin\",\"doi\":\"10.14257/IJSIA.2017.11.4.07\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Application Layer Distributed Denial of Service (App-DDoS) attack has become a major threat to web security. Attack detection is difficult as they mimic genuine user request. This paper proposes a clustering based correlation approach for detecting application layer DDoS attack on HTTP protocol. Proposed approach has two main modules ----Flow monitoring module and User behavior monitoring module. Flow monitor is responsible to analyze data flow information. User behavior monitor analyses end user behavior. Proposed approach is capable to detect three main attacks on HTTP protocol, i.e. HTTP-GET attack, HTTP-POST attack and Slow Read attack. It is also possible to detect hybrid type of DDoS attacks which uses a mixture network and application layer DDoS techniques. Comparative analysis of clustering algorithms on generated dataset is also done to demonstrate the effectiveness of detection approach.\",\"PeriodicalId\":46187,\"journal\":{\"name\":\"International Journal of Security and Its Applications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Security and Its Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14257/IJSIA.2017.11.4.07\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Security and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/IJSIA.2017.11.4.07","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Application Layer DDOS Attack Detection Using Hybrid Machine Learning Approach
Application Layer Distributed Denial of Service (App-DDoS) attack has become a major threat to web security. Attack detection is difficult as they mimic genuine user request. This paper proposes a clustering based correlation approach for detecting application layer DDoS attack on HTTP protocol. Proposed approach has two main modules ----Flow monitoring module and User behavior monitoring module. Flow monitor is responsible to analyze data flow information. User behavior monitor analyses end user behavior. Proposed approach is capable to detect three main attacks on HTTP protocol, i.e. HTTP-GET attack, HTTP-POST attack and Slow Read attack. It is also possible to detect hybrid type of DDoS attacks which uses a mixture network and application layer DDoS techniques. Comparative analysis of clustering algorithms on generated dataset is also done to demonstrate the effectiveness of detection approach.
期刊介绍:
IJSIA aims to facilitate and support research related to security technology and its applications. Our Journal provides a chance for academic and industry professionals to discuss recent progress in the area of security technology and its applications. Journal Topics: -Access Control -Ad Hoc & Sensor Network Security -Applied Cryptography -Authentication and Non-repudiation -Cryptographic Protocols -Denial of Service -E-Commerce Security -Identity and Trust Management -Information Hiding -Insider Threats and Countermeasures -Intrusion Detection & Prevention -Network & Wireless Security -Peer-to-Peer Security -Privacy and Anonymity -Secure installation, generation and operation -Security Analysis Methodologies -Security assurance -Security in Software Outsourcing -Security products or systems -Security technology -Systems and Data Security
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
