Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis
Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2013-01-01
|
| Series: | Journal of Control Science and Engineering |
| Online Access: | http://dx.doi.org/10.1155/2013/821315 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832551827742130176 |
|---|---|
| author | Tongguang Ni Xiaoqing Gu Hongyuan Wang Yu Li |
| author_facet | Tongguang Ni Xiaoqing Gu Hongyuan Wang Yu Li |
| author_sort | Tongguang Ni |
| collection | DOAJ |
| description | Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively. |
| format | Article |
| id | doaj-art-b18d397b42c74242a2be7550faea872e |
| institution | Kabale University |
| issn | 1687-5249 1687-5257 |
| language | English |
| publishDate | 2013-01-01 |
| publisher | Wiley |
| record_format | Article |
| series | Journal of Control Science and Engineering |
| spelling | doaj-art-b18d397b42c74242a2be7550faea872e2025-02-03T06:00:29ZengWileyJournal of Control Science and Engineering1687-52491687-52572013-01-01201310.1155/2013/821315821315Real-Time Detection of Application-Layer DDoS Attack Using Time Series AnalysisTongguang Ni0Xiaoqing Gu1Hongyuan Wang2Yu Li3School of Information Science and Engineering, Changzhou University, Changzhou 213164, ChinaSchool of Information Science and Engineering, Changzhou University, Changzhou 213164, ChinaSchool of Information Science and Engineering, Changzhou University, Changzhou 213164, ChinaSchool of Information Science and Engineering, Changzhou University, Changzhou 213164, ChinaDistributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.http://dx.doi.org/10.1155/2013/821315 |
| spellingShingle | Tongguang Ni Xiaoqing Gu Hongyuan Wang Yu Li Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis Journal of Control Science and Engineering |
| title | Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis |
| title_full | Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis |
| title_fullStr | Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis |
| title_full_unstemmed | Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis |
| title_short | Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis |
| title_sort | real time detection of application layer ddos attack using time series analysis |
| url | http://dx.doi.org/10.1155/2013/821315 |
| work_keys_str_mv | AT tongguangni realtimedetectionofapplicationlayerddosattackusingtimeseriesanalysis AT xiaoqinggu realtimedetectionofapplicationlayerddosattackusingtimeseriesanalysis AT hongyuanwang realtimedetectionofapplicationlayerddosattackusingtimeseriesanalysis AT yuli realtimedetectionofapplicationlayerddosattackusingtimeseriesanalysis |