ALDD: a hybrid traffic-user behavior detection method for application layer DDoS
conference contribution
posted on 2018-01-01, 00:00authored byJ Jiang, Q Yu, M Yu, Gang LiGang Li, J Chen, K Liu, C Liu, W Huang
Distributed Denial of Service (DDoS) has been one of the most critical threats to internet applications and web services. Especially with the current advances in network technology, many attackers resort to application layer DDoS (ALDDoS) which utilizes legitimate requests to overwhelm the victim servers. Under this kind of attack, the single request content can be highly similar to normal ones, and this renders previous traffic features-based detection methods void. In this paper, we are addressing two common issues in ALDDoS detection methods: the inaccuracy of traffic feature based detecting algorithms, and the time and space complexity of user behavior-based detecting algorithms. Different from the existing detection pattern for each request, the detection pattern used in this paper is for a time window. We extract instances of traffic and user behaviors from web server logs, and propose a hybrid traffic-user behavior detection method for ALDDoS. Neutral network is adopted for further cluster analysis. Experimental results on the recent public dataset CICIDS2017 indicate that the proposed method can achieve high detection accuracy while reducing 90% of time cost.
TrustCom/BigDataSE 2018 : Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering
Event
IEEE Computer Society. Conference (2018 : New York, N.Y.)