Sequence-order-independent network profiling for detecting application layer DDoS attacks
Distributed denial of service (DDoS) attacks, which are a major threat on the Internet, have recently become more sophisticated as a result of their ability to exploit application-layer vulnerabilities. Most defense methods are designed for detecting DDoS attacks on IP and TCP layers and consequently have difficulty in detecting this new type of DDoS attack. With the profiling of web browsing behavior, the sequence order of web page requests can be used for detecting the application-layer DDoS (App-DDoS) attacks. However, the sequence order may be more harmful than helpful in the profiling of web browsing behaviors because it varies significantly for different individuals and different browsing behaviors. This article introduces a sequence-order-independent method for the profiling of network traffic and the detection of a new type of App-DDoS attacks. Four attributes are extracted from web page request sequences without consideration of the sequence order of requested pages. A model based on the multiple principal component analysis is proposed for the profiling of normal web browsing behaviors, and its reconstruction error is used as a criterion for detecting DDoS attacks. The proposed method is experimentally confirmed with various types of new App-DDoS attacks.
- Publisher
- SPRINGER INTERNATIONAL PUBLISHING AG
- Issue Date
- 2011-08
- Language
- English
- Article Type
- Article
- Citation
EURASIP JOURNAL ON WIRELESS COMMUNICATIONS AND NETWORKING, v.2011, no.50
- ISSN
- 1687-1499
- Appears in Collection
- IE-Journal Papers(저널논문)
- Files in This Item
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 22 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.