论文信息 - Access Model of Web Users Based on Multi-chains Hidden Markov Models

Access Model of Web Users Based on Multi-chains Hidden Markov Models

How to distinguish abnormal access from normal ones is the key problem in Distribution Denial of service(DDoS) attack detection. This research aims at finding out the major difference between the abnormal access and the normal ones in application layer. To this end, the paper conducts modeling on Web users’ access behaviors based on hidden Markov model(HMM) with multiple chains and puts forward a method to identify abnormal access. Tests on simulation data indicate that this model can undo Web users access to a certain degree and discern the abnormal access well.

[1] Yu Shun. A Model for Detecting Application Layer Flooding Attacks , 2007 .

[2] Feng Deng. A Data-Mining Based DoS Detection Technique , 2006 .

[3] W.T. Penzhorn,et al. Denial of service and distributed denial of service-today and tomorrow , 2004, 2004 IEEE Africon. 7th Africon Conference in Africa (IEEE Cat. No.04CH37590).

[4] Xie Yi,et al. Anomaly Detection Based on Web Users’ Browsing Behaviors , 2007 .

[5] Kotagiri Ramamohanarao,et al. Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[6] Wang Hai-yan. Wavelet analysis method for detection of DDoS attack based on self-similar , 2006 .

[7] Sun Qin. Detecting Distributed Denial of Service Attacks Based on Time Series Analysis , 2005 .

[8] Kevin J. Houle,et al. Trends in Denial of Service Attack Technology , 2001 .