Detection of application layer DDoS attack with clustering and likelihood analysis

Author

Chwalinski, Pawel ; Belavkin, Roman ; Cheng, Xiaoyin

Author_Institution

Sch. of Sci. & Technol., Middlesex Univ., London, UK

fYear

2013

fDate

9-13 Dec. 2013

Firstpage

217

Lastpage

222

Abstract

One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of webservers. This attack has been researched in this report, and a novel detection technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of likelihood analysis to distinguish among legitimate and attacking sequences. It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a webserver, that remain unknown to the attackers. In addition, empirical analysis shows stability of the clustering approach. Subsequently, likelihood of websession behaviour has been provided to measure anomaly of web sessions. The method performs reasonably well, regardless of browsing strategies and scope chosen by attackers.

Keywords

Internet; computer network security; hypermedia; pattern clustering; probability; telecommunication services; transport protocols; HTTP protocol; HTTP-GET attack; application layer DDoS attack; attacking sequences; browsing strategies; clustering approach; detection technique; distributed denial; entropy-based clustering; likelihood analysis; service; web servers; web session behaviour; Clustering algorithms; Conferences; Data privacy; Entropy; NASA; Security; Clustering; Entropy; HTTP-GET Attack; Intrusion Detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Globecom Workshops (GC Wkshps), 2013 IEEE

Conference_Location

Atlanta, GA

Type

conf

DOI

10.1109/GLOCOMW.2013.6824989

Filename

6824989