A Novel Application Layer DDOS Detecting Method Based on Cluster Method

Application layer DDoS attack challenges web applications seriously. It launches attack by sending a large number of HTTP Get requests to a web server. The anomaly-based method is a promising method, which detects the DDoS attack by comparing the individual surfing behavior with a reference surfing-behavior profile. Yet due to the exist of noisy web logs caused by web-crawling, it is difficult to build robust reference profile for detection. This paper proposes a novel anomaly-based application DDoS detection scheme base on clustering method. Our method could tolerate the web-crawling traces in building reference surfing profile, and can detect different Application layer DDoS attack (e.g., repetitively getting several webpages, randomly getting webpages following hyper-links etc.). The simulation results show that our method can detect application layer DDoS attacks accurately.

[1]  Sangjae Lee,et al.  Sequence-order-independent network profiling for detecting application layer DDoS attacks , 2011 .

[2]  Jin Wang,et al.  Web DDoS Detection Schemes Based on Measuring User's Access Behavior with Large Deviation , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[3]  Jelena Mirkovic,et al.  Modeling Human Behavior for Defense Against Flash-Crowd Attacks , 2009, 2009 IEEE International Conference on Communications.

[4]  Athanasios V. Vasilakos,et al.  Browsing behavior mimicking attacks on popular web sites for large botnets , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[5]  Shun-Zheng Yu,et al.  A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors , 2009, TNET.

[6]  Song Guo,et al.  Can we beat legitimate cyber behavior mimicking attacks from botnets? , 2012, 2012 Proceedings IEEE INFOCOM.

[7]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[8]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[9]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[10]  Aijun An,et al.  Detection of malicious and non-malicious website visitors using unsupervised neural network learning , 2013, Appl. Soft Comput..

[11]  Haining Wang,et al.  Surviving a search engine overload , 2012, WWW.

[12]  Taieb Znati,et al.  Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach , 2010, IEEE Transactions on Parallel and Distributed Systems.

[13]  Z. Li,et al.  Mitigating application layer distributed denial of service attacks via effective trust management , 2010, IET Commun..

[14]  Mudhakar Srivatsa,et al.  Mitigating application-level denial of service attacks on Web servers: A client-transparent approach , 2008, TWEB.