Detection of application layer DDoS attack by modeling user behavior using logistic regression

Yadav, Satyajit; Selvakumar, S.

doi:10.1109/icrito.2015.7359289

Cited by 27 publications

(9 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…False positive rates were compared with the Packet Threshold Algorithm-Support Vector Machine (PTA-SVM) model proposed by [18], Efficient Data Adapted Decision Tree (EDADT) proposed by [19], Lightweight detection algorithm proposed by [20], Modified K-means proposed by [21], and a logistic regression model proposed by [22]. The false positive rate for the proposed model was 0, outperforming the algorithms it was compared with, as shown in Figure 19.…”

Section: Test Results and Discussionmentioning

confidence: 99%

A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

2019

View full text Add to dashboard Cite

A denial of service (DoS) attack in a computer network is an attack on the availability of computer resources to prevent users from having access to those resources over the network. Denial of service attacks can be costly, capable of reaching $100,000 per hour. Development of easily-accessible, simple DoS tools has increased the frequency and reduced the level of expertise needed to launch an attack. Though these attack tools have been available for years, there has been no proposed defense mechanism targeted specifically at them. Most defense mechanisms in literature are designed to defend attacks captured in datasets like the KDD Cup 99 dataset from 20 years ago and from tools no longer in use in modern attacks. In this paper, we capture and analyze traffic generated by some of these DoS attack tools using Wireshark Network Analyzer and propose a signature-based DoS detection mechanism based on SVM classifier to defend against attacks launched by these attack tools. Our proposed detection mechanism was tested with Snort IDS and compared with some already existing defense mechanisms in literature and had a high detection accuracy, low positive rate and fast detection time.

show abstract

Section: Test Results and Discussionmentioning

confidence: 99%

A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

2019

View full text Add to dashboard Cite

show abstract

“…They explained that a malware requires to establish connection to Command and Control (C&C) server which has shorter request message. Saleh and Abdul Manaf [ 32 ] combined non-HTTP features with “user-agent”, “accept” and “host” while Yadav and Selvakumar [ 33 ] also adopted non-HTTP features to be combined with request headers known as “User-Agent” and “Referrer” in providing solutions to detect HTTP DDoS attacks. Malicious request traffic has a specific pattern which can be recognized through detection.…”

Section: Http Manipulationmentioning

confidence: 99%

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Jaafar

Ismail

Abdullah

et al. 2020

Sensors

View full text Add to dashboard Cite

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

show abstract

“…Critical inspection against researchers who employed more than one dataset showed that they also executed their experiments to obtain the dataset. Old datasets should be avoided as they contain obsolete and meaningless data [9], while retrieving real cutting-edge attack dataset is challenging as they are unavailable publicly [46].…”

Section: Datasetmentioning

confidence: 99%

Review of Recent Detection Methods for HTTP DDoS Attack

Jaafar

Abdullah

Ismail

2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

With increment in dependency on web technology, a commensurate increase has been noted in destructive attempts to disrupt the essential web technologies, hence leading to service failures. Web servers that run on Hypertext Transfer Protocol (HTTP) are exposed to denial-of-service (DoS) attacks. A sophisticated version of this attack known as distributed denial of service (DDOS) is among the most dangerous Internet attacks, with the ability to overwhelm a web server, thereby slowing it down and potentially taking it down completely. This paper reviewed 12 recent detection of DDoS attack at the application layer published between January 2014 and December 2018. A summary of each detection method is summarised in table view, along with in-depth critical analysis, for future studies to conduct research pertaining to detection of HTTP DDoS attack.

show abstract

Detection of application layer DDoS attack by modeling user behavior using logistic regression

Cited by 27 publications

References 10 publications

A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

A Proposed DoS Detection Scheme for Mitigating DoS Attack Using Data Mining Techniques

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Review of Recent Detection Methods for HTTP DDoS Attack

Contact Info

Product

Resources

About