WEB DDoS Attack Detection Method Based on Semisupervised Learning

Since the services on the Internet are becoming increasingly abundant, all walks of life are inextricably linked with the Internet. Simultaneously, the Internet’s WEB attacks have never stopped. Relative to other common WEB attacks, WEB DDoS (distributed denial of service) will cause serious damage to the availability of the target network or system resources in a short period of time. At present, most researches are centered around machine learning-related DDoS attack detection algorithms. According to previous studies, unsupervised methods generally have a high false positive rate, while supervisory methods cannot handle large amount of network traffic data, and the performance is often limited by noise and irrelevant data. Therefore, this paper proposes a semisupervised learning detection model combining spectral clustering and random forest to detect the DDoS attack of the WEB application layer and compares it with other existing detection schemes to verify the semisupervised learning model proposed in this paper. While ensuring a low false positive rate, there is a certain improvement in the detection rate, which is more suitable for the WEB application layer DDoS attack detection.

Download Full-text

Web Application-Layer DDoS Attack Detection Based on Generalized Jaccard Similarity and Information Entropy

Lecture Notes in Computer Science - Artificial Intelligence and Security ◽

10.1007/978-3-030-24271-8_51 ◽

2019 ◽

pp. 576-585

Author(s):

Bo Li ◽

Minghui Gao ◽

Li Ma ◽

Ye Liang ◽

Guifeng Chen

Keyword(s):

Information Entropy ◽

Web Application ◽

Attack Detection ◽

Application Layer ◽

Jaccard Similarity ◽

Ddos Attack ◽

Ddos Attack Detection

Download Full-text

DDoS attack detection mechanism in the application layer using user features

2018 International Conference on Information and Computer Technologies (ICICT) ◽

10.1109/infoct.2018.8356848 ◽

2018 ◽

Author(s):

Silvia Bravo ◽

David Mauricio

Keyword(s):

Attack Detection ◽

Application Layer ◽

Detection Mechanism ◽

Ddos Attack ◽

Ddos Attack Detection

Download Full-text

A Classification Detection Algorithm Based on Joint Entropy Vector against Application-Layer DDoS Attack

Security and Communication Networks ◽

10.1155/2018/9463653 ◽

2018 ◽

Vol 2018 ◽

pp. 1-8 ◽

Cited By ~ 5

Author(s):

Yuntao Zhao ◽

Wenbo Zhang ◽

Yongxin Feng ◽

Bo Yu

Keyword(s):

Denial Of Service ◽

Detection Algorithm ◽

Attack Detection ◽

Training Data ◽

Joint Entropy ◽

Application Layer ◽

Accurate Identification ◽

Data Set ◽

Ddos Attack ◽

The Web

The application-layer distributed denial of service (AL-DDoS) attack makes a great threat against cyberspace security. The attack detection is an important part of the security protection, which provides effective support for defense system through the rapid and accurate identification of attacks. According to the attacker’s different URL of the Web service, the AL-DDoS attack is divided into three categories, including a random URL attack and a fixed and a traverse one. In order to realize identification of attacks, a mapping matrix of the joint entropy vector is constructed. By defining and computing the value of EUPI and jEIPU, a visual coordinate discrimination diagram of entropy vector is proposed, which also realizes data dimension reduction from N to two. In terms of boundary discrimination and the region where the entropy vectors fall in, the class of AL-DDoS attack can be distinguished. Through the study of training data set and classification, the results show that the novel algorithm can effectively distinguish the web server DDoS attack from normal burst traffic.

Download Full-text

Semantic System for Attacks and Intrusions Detection

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.2015100102 ◽

2015 ◽

Vol 7 (4) ◽

pp. 19-32

Author(s):

Abdeslam El Azzouzi ◽

Kamal Eddine El Kadiri

Keyword(s):

Web Application ◽

Description Logics ◽

Attack Detection ◽

Web Ontology Language ◽

Detection Systems ◽

Web Attacks ◽

Ontology Language ◽

Essential Properties ◽

Prevention Methods ◽

The Web

The increasing development of information systems complicate task of protecting against threats. They have become vulnerable to malicious attacks that may affect the essential properties such as confidentiality, integrity and availability. Then the security becomes an overriding concern. Securing a system begins with prevention methods that are insufficient to reduce the danger of attacks, that must be accomplished by intrusion and attack detection systems. In this paper, a method for detecting web application attacks is proposed. Unlike methods based on signatures, the proposed solution is a technique based on ontology. It describes the Web attacks, the HTTP request, and the application using semantic rules. The system is able to detect effectively the sophisticated attacks by analysing user requests. The semantic rules allow inference about the ontologies models to detect complex variations of web attacks. The ontologies models was developed using description logics which was based Web Ontology Language (OWL). The proposed system is able to be installed on an HTTP server.

Download Full-text