Detection of Application Layer DDoS attack by feature learning using Stacked AutoEncoder

Yadav, Satyajit; Subramanian, S.

doi:10.1109/icctict.2016.7514608

Cited by 64 publications

(41 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Table 3. Comparison of proposed system with existing works Works DR (%) FPR (%) Attack strategy * Liao Q et al [42] 99.80 0.33 3 Yadav S et al [43] 98.99 1.27 2 Wang J et al [29] 88.95 5.10 2 Liao et al [30] 89.25 0.04 4 Xie Y et al [9] 90.00 1.00 1 Our work 94.45 0.97 5 *Based on the taxonomy proposed in our previous work…”

Section: Discussionmentioning

confidence: 99%

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Singh¹,

Singh²,

Kumar³

2018

IJISA

View full text Add to dashboard Cite

Internet was designed to serve the basic requirement of data transfer between systems. The security perspectives were therefore overlooked due to which the Internet remains vulnerable to a variety of attacks. Among all the possible attacks, Distributed Denial of Service (DDoS) attack is one of the eminent threats that target the availability of the online services to the intended clients. Now-a-days, attackers target application layer of the network stack to orchestrate attacks having a high degree of sophistication. GET flood attacks have been very much prevalent in recent years primarily due to advancement of bots allowing impersonating legitimate client behavior. Differentiating between a human client and a bot is therefore necessary to mitigate an attack. This paper introduces a mitigation framework based on Fuzzy Control System that takes as input two novel detection parameters. These detection parameters make use of clients' behavioral characteristic to measure their respective legitimacy. We design an experimental setup that incorporates two widely used benchmark web logs (Clarknet and WorldCup) to build legitimate and attack datasets. Further, we use these datasets to assess the performance of the proposed through well-known evaluation metrics. The results obtained during this work point towards the efficiency of our proposed system to mitigate a wide range of GET flood attack types.

show abstract

Section: Discussionmentioning

confidence: 99%

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Singh¹,

Singh²,

Kumar³

2018

IJISA

View full text Add to dashboard Cite

show abstract

“…The proposed mechanism is compared with the Deep Learning Mechanism [10], Entropy based Clustering and Likehood Analyasis (ECLA) ) [12], Defence against Tilt DoS Attack (DAT) [9] and Document Popularity Scheme [4] and the results are presented in this section to show the performance of the proposed work. Fig.…”

Section: Experimental Results and Performance Evaluationmentioning

confidence: 99%

“…(10). scoredis = DH(p, q) /√2 (10) In general, the request inter-arrival time distribution observed for the incoming legitimate flow will not vary much from the ideal distribution and the score, if computed, will be 0 or close to 0. But, for the attack scenario, the deviation will be more (towards 1) which in turn indicates the suspicious level of the examined session.…”

Section: Computing Score With Respect To the Request Inter-arrival Timementioning

confidence: 99%

“…Yadav and Selvakumar [11] proposed a method based on feature construction and logistic regression to differentiate the legitimate and illegitimate user behavior. The above mentioned works [9][10][11] depend on the signature based detection which may not be suitable for detecting the newly emerging attacks.…”

Section: Related Workmentioning

confidence: 99%

“…Based on the classification, it provides differentiated services to the end users. Yadav and Subramanian [10] proposed Deep learning, a neural network based approach to identify the significant features of Application layer DDoS attack and to detect the attack based on the extracted features. Yadav and Selvakumar [11] proposed a method based on feature construction and logistic regression to differentiate the legitimate and illegitimate user behavior.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Suspicious Score Based Mechanism to Protect Web Servers against Application Layer Distributed Denial of Service Attacks

Saravanan¹,

Loganathan²,

Shunmuganathan³

et al. 2017

IJIES

View full text Add to dashboard Cite

Distributed Denial of Service attacks are becoming a serious issue for the developers and the users of the Internet. In recent times, the attackers are targeting the online applications and web services. Detecting such application level attacks are much challenging because the attack traffic mimics the legitimate behaviour. A more sophisticated mechanism is required to detect and mitigate such attacks. In this paper, a novel method for detecting application layer Distributed Denial of Service attack is proposed. Initially, web user behaviour on different perspectives is analyzed using the system log and key dimensions that are highly responsive to attacks are identified using Principal Component Analysis. The extracted key features are analyzed to fix up the appropriate thresholds for differentiating legitimate and illegitimate access. Each incoming session is examined and if found suspicious, the detection mechanism is invoked. The detection mechanism includes a score assignment mechanism which assigns the threat score based on the history and statistical analysis of the current characteristics. The sessions having acceptable score are then scheduled to get service from the server. Remaining sessions are considered malicious and dropped. The real data sets are taken for the simulation and the results are exhibited to show the efficiency of the proposed detection method. The results show that the proposed technique performs effective detection of constant flooding and repeated shot attacks with low false positives and low false negatives.

show abstract

An augmented K‐means clustering approach for the detection of distributed denial‐of‐service attacks

2021

View full text Add to dashboard Cite

Summary The problem of distributed denial‐of‐service (DDoS) attack detection remains challenging due to new and innovative methods developed by attackers to evade the deployed security systems. In this work, we devise an unsupervised machine learning (ML)‐based approach for the detection of different types of DDoS attacks by augmenting the performance of K‐means clustering algorithm with the aid of a hybrid method for feature selection and extraction. By sequentially combining an integrated feature selection (IFS) algorithm and a deep autoencoder (DAE), we develop the hybrid method for extracting encoded features, which can better separate the clusters of benign and malicious network flows. We formulate the problem of DDoS attack detection as a binary clustering of network flows. Although K‐means clustering is the simplest and widely used algorithm, we investigate its performance for DDoS attack detection before and after applying the proposed hybrid method for feature selection and extraction. Our results show that after employing the proposed hybrid method, the performance of K‐means clustering model improves, and it is comparable to the state‐of‐the‐art supervised ML and deep learning (DL)‐based methods developed for DDoS attack detection.

show abstract

Detection of Application Layer DDoS attack by feature learning using Stacked AutoEncoder

Cited by 64 publications

References 9 publications

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Suspicious Score Based Mechanism to Protect Web Servers against Application Layer Distributed Denial of Service Attacks

An augmented K‐means clustering approach for the detection of distributed denial‐of‐service attacks

Contact Info

Product

Resources

About