Abstract
Distributed Denial of Service (DDoS) attacks have been one of the most effective attacks to the Internet. With the rapid development of Web applications, the application layer DDoS attacks gradually become the main attacks which can make the server deny legitimate users’ requests by exhausting the bandwidth of the target network and the resources of the server hosts. An application layer DDoS detection model is proposed based on data flow aggregation and evaluation in this paper. In the model users’ data first is aggregated to data flows according to the surface characteristics, average scan time and sequence of page requests. Second, it extracts the deep features of data flows, hot-spot access and resource consumption. Then the model utilizes D-S evidential theory to evaluate the data flows so that it can identify and isolate the attack flows. The experimental results show that this model can thwart typical application layer DDoS attacks effectively.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Computer Networks 44, 643–666 (2004)
My Doom virus, http://www.us-cert.gov/cas/techalerts/ta04-028a.html
Chen, Z.H., Zhang, L.Y., Wang, X.M.: CC attack detection method. Telecommunications Science 5, 62–65 (2009)
Xu, C.F., Geng, W.D.: Evidence reasoning theory and application review. Pattern Recognition and Artificial Intelligence 12, 424–430 (1999)
Xu, L.Y., Zhang, B.F., Xu, W.M.: Evidence loss analysis and improvement methods of D-S theory. Journal of Software 15, 69–75 (2004)
Yang, J.B., Xu, D.L.: On the evidential reasoning algorithm for multiple attribute decision analysis under uncertainty. IEEE Transaction on Systems Man and Cybernetics 32, 289–304 (2002)
Xie, Y., Yu, S.Z.: A large-scale hidden Semi-Markov model for anomay detection on user browsing behaviours. IEEE/ACM Transactions on Networking 17, 54–65 (2009)
Yatahai, T., Isohara, T., Sasase, I.: Detection of HTTP-GET flood attack based on analysis of page access behaviour. In: IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (Pacrim), pp. 232–235. IEEE Press, Victoria (2007)
Park, K., Pai, V., Lee, K., Calo, S.: Securing Web service by automatic robot detection. In: Annual Conference on USENIX 2006 Annual Technical Conference, Boston, pp. 23–28 (2006)
Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS defense by offense. In: Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Pisa, Italy, pp. 303–314 (2006)
Doron, E., Wool, A.: WDA: A Web farm Distributed Denial Of Service attack attenuator. Computer Networks 55, 1037–1051 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, M., Zhang, W., Fan, K. (2012). Application Layer DDoS Detection Model Based on Data Flow Aggregation and Evaluation. In: Zhao, M., Sha, J. (eds) Communications and Information Processing. Communications in Computer and Information Science, vol 289. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31968-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-31968-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31967-9
Online ISBN: 978-3-642-31968-6
eBook Packages: Computer ScienceComputer Science (R0)