Detecting application-layer DDoS attack based on analysis of users' behaviors

Compared with traditional DDoS attack,application-layer DDoS attack has more destructiveness and becomes harder to be detected and defense.Based on user browsing behavior analysis,this paper presented a method for detecting application layer DDoS attacks using auto-regression model.It adopted AR model and Kalman filtering to learn and predict normal user access,the results of which were advancedly used to judge abnormal.The routers were capable of limiting or blocking the attack traffic after locating the attack source accurately.The test result in China Telecom Internet Data Center shows that the method is effective.