Real-time detection of application-layer DDoS attack using time series analysis (Q2249310)
From MaRDI portal
 | This is the item page for this Wikibase entity, intended for internal use and editing purposes. Please use this page instead for the normal view: Real-time detection of application-layer DDoS attack using time series analysis |
scientific article
| Language | Label | Description | Also known as |
|---|---|---|---|
| English | Real-time detection of application-layer DDoS attack using time series analysis |
scientific article |
Statements
Real-time detection of application-layer DDoS attack using time series analysis (English)
0 references
1 July 2014
0 references
Summary: Distributed Denial of Service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither Intrusion Detection Systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the Adaptive AutoRegressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained Support Vector Machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.
0 references
distributed denial of service (DDoS) attacks
0 references
intrusion detection systems (IDS)
0 references
victim server
0 references
entropy approach
0 references
multidimensional vector series
0 references
support vector machine (SVM) classifier
0 references
