Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching

Liao, Qin; Li, Hong; Kang, Sanghoon; Liu, Chuchu

doi:10.1002/sec.1236

Cited by 52 publications

(26 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Table 3. Comparison of proposed system with existing works Works DR (%) FPR (%) Attack strategy * Liao Q et al [42] 99.80 0.33 3 Yadav S et al [43] 98.99 1.27 2 Wang J et al [29] 88.95 5.10 2 Liao et al [30] 89.25 0.04 4 Xie Y et al [9] 90.00 1.00 1 Our work 94.45 0.97 5 *Based on the taxonomy proposed in our previous work…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Singh¹,

Singh²,

Kumar³

2018

IJISA

View full text Add to dashboard Cite

Internet was designed to serve the basic requirement of data transfer between systems. The security perspectives were therefore overlooked due to which the Internet remains vulnerable to a variety of attacks. Among all the possible attacks, Distributed Denial of Service (DDoS) attack is one of the eminent threats that target the availability of the online services to the intended clients. Now-a-days, attackers target application layer of the network stack to orchestrate attacks having a high degree of sophistication. GET flood attacks have been very much prevalent in recent years primarily due to advancement of bots allowing impersonating legitimate client behavior. Differentiating between a human client and a bot is therefore necessary to mitigate an attack. This paper introduces a mitigation framework based on Fuzzy Control System that takes as input two novel detection parameters. These detection parameters make use of clients' behavioral characteristic to measure their respective legitimacy. We design an experimental setup that incorporates two widely used benchmark web logs (Clarknet and WorldCup) to build legitimate and attack datasets. Further, we use these datasets to assess the performance of the proposed through well-known evaluation metrics. The results obtained during this work point towards the efficiency of our proposed system to mitigate a wide range of GET flood attack types.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Liao et al [30] proposed machine learning-based detection technique that used a support vector machine to identify presence of any attacks. The rhythm-matching algorithm is applied to identify similar patterns.…”

Section: Related Workmentioning

confidence: 99%

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Singh¹,

Singh²,

Kumar³

2018

IJISA

View full text Add to dashboard Cite

show abstract

“…Liao et al [34] proposed a detection technique based on user access frequencies, speci cally focusing on request time interval and frequency request to detect DDoS attacks at the application layer. e time interval refers to the present and the next HTTP GET requests.…”

Section: Recent Detection Methods For Http Ddos Attackmentioning

confidence: 99%

Review of Recent Detection Methods for HTTP DDoS Attack

Jaafar

Abdullah

Ismail

2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

With increment in dependency on web technology, a commensurate increase has been noted in destructive attempts to disrupt the essential web technologies, hence leading to service failures. Web servers that run on Hypertext Transfer Protocol (HTTP) are exposed to denial-of-service (DoS) attacks. A sophisticated version of this attack known as distributed denial of service (DDOS) is among the most dangerous Internet attacks, with the ability to overwhelm a web server, thereby slowing it down and potentially taking it down completely. This paper reviewed 12 recent detection of DDoS attack at the application layer published between January 2014 and December 2018. A summary of each detection method is summarised in table view, along with in-depth critical analysis, for future studies to conduct research pertaining to detection of HTTP DDoS attack.

show abstract

“…DDoS attacks can take several forms, with different levels of sophistication. While SYN flooding attacks remain one of the dominant types of attacks, application‐layer botnet‐based DDoS attacks are becoming the norm these days . In these attacks, bots are instructed to establish full TCP connections with the targeted system and to request some content from or perform some computationally intensive task at the server.…”

Section: Background and Related Workmentioning

confidence: 99%

“…While SYN flooding attacks remain one of the dominant types of attacks, 19 application-layer botnet-based DDoS attacks are becoming the norm these days. 20,21 In these attacks, bots are instructed to establish full TCP connections with the targeted system and to request some content from or perform some computationally intensive task at the server. Typically, thousands or millions of bots would target the victim server simultaneously, resulting in high overload that leaves no room to serve legitimate requests.…”

Section: Ddos and Flash Crowd Eventsmentioning

confidence: 99%

ReCAP: A distributed CAPTCHA service at the edge of the network to handle server overload

Al-Hammouri

Al-Ali

Al-Duwairi

2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Web server overload resulting from an application layer–based distributed denial‐of‐service (DDoS) attack or a flash crowd event continues to be a major problem in today's internet because it renders the Web server unavailable in both cases. In this paper, we propose a novel system, called ReCAP, that handles server overload resulting from application layer–based DDoS attacks or flash crowd events. The system is envisioned as a service that can be provided to websites that have limited resources with no infrastructure in place to handle these events. The main goal of ReCAP is to filter attack traffic in case of a DDoS attack event and to provide users with basic information during a flash crowd event. The proposed system is composed of 2 main modules: (1) the HTTPredirect module, which is a stateless Hypertext Transfer Protocol server that redirects Web requests destined to the targeted Web server to the second module, and (2) the distributed Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA) service, which comprises a large number of powerful nodes geographically and suitably distributed in the internet acting as a large distributed firewall. All requests to the origin Web server are redirected to the CAPTCHA nodes, which can segregate legitimate clients from automated attacks by requiring them to solve a challenge. Upon successful response, legitimate clients (humans) are forwarded through a given CAPTCHA node to the Web server. These CAPTCHA proxies are envisioned to be placed intrinsically at the edge of the network in the proximity of the clients to curb communication delays, and thus perceived response times, and to relieve the core network from further traffic congestion. In particular, such organization fits squarely in the fifth use case scenario presented in the European Telecommunications Standards Institute Mobile Edge Computing Industry Specification Group's introductory technical paper on Mobile‐Edge Computing. In conclusion, the performance evaluation shows that the proposed system is able to mitigate application‐layer DDoS attacks while incurring acceptable delays for legitimate clients as a result of redirecting them to and via CAPTCHA nodes.

show abstract

Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching

Cited by 52 publications

References 15 publications

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Review of Recent Detection Methods for HTTP DDoS Attack

ReCAP: A distributed CAPTCHA service at the edge of the network to handle server overload

Contact Info

Product

Resources

About