The article deals with a problem of detecting low and slow distributed denial of service (DDoS) attacks. It is widely known that the detection of slow DDoS attacks differs significantly from volume based attacks, because slow attacks do not increase the intensity of traffic in the network. An assumption about dependency of slow attack from user's behavior is made. A method for detecting such attacks based on research and forecasting of the individual behavioral trajectory of a particular user is proposed. Possibilities of application of such method are proved on the basis of modeling RUDY attacks to HTTP services. The characteristics of forecasting accuracy depending on the accumulated traffic and attack statistics are shown. It is concluded that such method can be used to detect different types of slow DDoS attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.