scholarly journals Optimal thresholds of algorithm and expansion of Application-layer attack detection block ALAB in ALADDIN

2011 ◽  
Vol 18C (3) ◽  
pp. 127-134
Author(s):  
Seung-Yeop Yoo ◽  
Dong-Gue Park ◽  
Jin-Tae Oh ◽  
In-Ho Jeon
Keyword(s):  
Attack Detection ◽  
Application Layer ◽  
Optimal Thresholds ◽  
Detection Block

scholarly journals A Classification Detection Algorithm Based on Joint Entropy Vector against Application-Layer DDoS Attack

2018 ◽  
Vol 2018 ◽  
pp. 1-8 ◽  
Author(s):  
Yuntao Zhao ◽  
Wenbo Zhang ◽  
Yongxin Feng ◽  
Bo Yu
Keyword(s):  
Denial Of Service ◽  
Detection Algorithm ◽  
Attack Detection ◽  
Training Data ◽  
Joint Entropy ◽  
Application Layer ◽  
Accurate Identification ◽  
Data Set ◽  
Ddos Attack ◽  
The Web

The application-layer distributed denial of service (AL-DDoS) attack makes a great threat against cyberspace security. The attack detection is an important part of the security protection, which provides effective support for defense system through the rapid and accurate identification of attacks. According to the attacker’s different URL of the Web service, the AL-DDoS attack is divided into three categories, including a random URL attack and a fixed and a traverse one. In order to realize identification of attacks, a mapping matrix of the joint entropy vector is constructed. By defining and computing the value of EUPI and jEIPU, a visual coordinate discrimination diagram of entropy vector is proposed, which also realizes data dimension reduction from N to two. In terms of boundary discrimination and the region where the entropy vectors fall in, the class of AL-DDoS attack can be distinguished. Through the study of training data set and classification, the results show that the novel algorithm can effectively distinguish the web server DDoS attack from normal burst traffic.

Detecting Application-Layer Attacks Based on Hidden Semi-Markov Models

2014 ◽  
Vol 631-632 ◽  
pp. 923-927
Author(s):  
Bai Lin Xie ◽  
Qian Sheng Zhang
Keyword(s):  
Anomaly Detection ◽  
Markov Models ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Application Layer ◽  
Arrival Times ◽  
Positive Ratio ◽  
False Positive Ratio ◽  
Theory Application ◽  
Application Layer Protocol

This paper presents an application-layer attack detection method based on hidden semi-markov models. In this method, the keywords of an application-layer protocol and their inter-arrival times are used as the observations, a hidden semi-markov model is used to describe the application-layer behaviors of a normal user who is using some application-layer protocol. This method is also based anomaly detection. In theory, application-layer anomaly detection can identify the known, unknown and novel attacks happened on application-layer. The experimental results show that this method can identify several application-layer attacks, and has high detection accuracy and low false positive ratio.

Sign in / Sign up

Export Citation Format

Share Document