Detection of Anomaly Based Application Layer DDoSAttacks Using Machine Learning Approaches

M.S.P.S. Vani Nidhi*, K. Munivara Prasad**
* PG Scholar, Department of Computer Networks and Information Security, Sree Vidyanikethan Engineering College, Tirupathi, Andhra Pradesh, India.
** Assistant Professor, Department of Computer Science and Engineering, Sree Vidyanikethan Engineering College, Tirupathi, Andhra Pradesh, India.
Periodicity:June - August'2016
DOI : https://doi.org/10.26634/jcom.4.2.8120

Abstract

DDoS (Distributed Denial of Service) attacks are a major threat to security. These attacks are mainly originated from the network layer or application layer of the compromised systems that are connected to the network. The main intention of these DDoS attacks is to deny or disrupt the services or network bandwidth of the victim or target system. Now-a-days, application layer DDoS attacks are posing a serious threat to the Internet. Differentiating between the legitimate/normal and malicious traffic is a very difficult task. A lot of research work has been done in detecting the attacks using machine learning approaches. In this paper, the authors have proposed the machine learning metrics for detecting the application layer DDoS attacks.

Keywords

App-DDoS Attacks, Legitimate Traffic, Machine Learning Approaches.

How to Cite this Article?

Nidhi, M.S.P.S.V., and Prasad, K.M. (2016). Detection Of Anomaly Based Application Layer DDos Attacks Using Machine Learning Approaches. i-manager’s Journal on Computer Science, 4(2), 6-13. https://doi.org/10.26634/jcom.4.2.8120

References

[1]. Supranamaya Ranjan, Ram Swaminathan, Mustafa Uysal, Antonio Nucci, and Edward Knightly, (2009). “DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks”. IEEE/ACM Transactions on Networking, Vol. 17, No. 1, pp. 26-39.
[2]. Jian Yuan and Kevin Mills, (2005). “Monitoring the Macroscopic Effect of DDoS Flooding Attacks”. IEEE Transactions on Dependable and Secure Computing, Vol. 2, No. 4, pp. 324-335.
[3]. J. Jung, et al., (2002). "Flash Crowds and Denial of Service Attacks: Characterization and Implications for th CDNs and Websites". Proceedings of the 11 International Conference on World Wide Web, Honolulu, Hawaii, USA, pp. 293-304.
[4]. X. Yi and Y. Shun-Zheng, (2009). "A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors". IEEE/ACM Transactions on Networking, Vol. 17, No. 1 pp. 54-65.
[5]. Wen, S., Jia, W., Zhou, W., Zhou, W., and Xu, C, (2010). "CALD: Surviving Various Application-Layer DDoS Attacks th that Mimic Flash Crowd”. 4 IEEE International Conference on Network and System Security (NSS), pp.247-254.
[6]. Huey-Ing Liu, and Kuo-Chao Chang, (2011). th "Defending Systems Against Tilt DDoS Attacks”. 6 IEEE International Conference on Telecommunication Systems, Services, and Applications (TSSA), pp .22-27.
[7]. Ye, Chengxu, Kesong Zheng, and Chuyu She, (2012). "Application Layer DDoS Detection using Clustering nd Analysis”. 2 IEEE International Conference on Computer Science and Network Technology (ICCSNT), pp.1038- 1041.
[8]. D. Das, U. Sharma and D.K. Bhattacharyya, (2011). “Detection of http Flooding Attacks in Multiple Scenarios”. Proceedings of the 2011 International Conference on Communication, Computing and Security, ACM, New York, NY, USA, pp. 517–522.
[9] S. Byers, A.D. Rubin and D. Kormann, (2004). “Defending against an Internet-based Attack on the Physical World ”. ACM Transactions on Internet Technology, Vol. 4, No. 3, pp. 239–254.
[10]. T. Yatagai, T. Isohara and I. Sasase, (2007). “Detection of http-get Flood Attack Based on Analysis of Page Access Behavior”. IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 232–235.
[11]. M. Srivatsa, A. Iyengar, J. Yin and L. Liu, (2008). “Mitigating Application-level Denial of Service Attacks on Web Servers: A Client-transparent Approach”. ACM Transactions, Vol. 2, No. 3, pp.1–49.
[12]. Jin Wang, Xiaolong Yang and Keping Long, (2010). “A New Relative Entropy Based App-DDoS Detection Method ”. IEEE Symposium on Computers and Communications (ISCC), pp.966-968.
[13]. G. Oikonomou and J. Mirkovic, (2009). “Modeling Human Behavior for Defense Against Flash-crowd Attacks”. IEEE International Conference on Communications, pp. 1-6.
[14]. Jie Yu, Chengfang Fang, Liming Lu and Zhoujun Li, (2009). “A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks”. Scaleable Information Systems, Springer. Vol. 18, pp. 175-191.
[15]. Pawel Chwalinski, Roman Belavkin and Xiaochun Cheng, (2013). “Detection of Application Layer DDoS Attacks with Clustering and Bayes Factors”. IEEE Computer Society, pp.156-161.
[16]. R. Bharathi and R. Sukanesh, (2012). “A PCA based Framework for Detection of Application Layer DDoS Attacks”. WSEAS Transactions on Information Science and Applications, Vol. 9, No. 12, pp. 389–398.
[17]. P. Raj Kumar and S. Selvakumar, (2011). “Distributed Denial of Service Attack Detection using an Ensemble of Neural Classifier”. Computer Communications, Vol. 34, No. 11, pp. 1328–1341.
[18]. Stefan Seufert and Darragh O'Brien, (2007). “Machine Learning for Automatic Defence against Distributed Denial of Service Attacks”. IEEE International Conference on Communications Society, pp.1217- 1222.
[19]. Manjula Suresh and R. Anitha, (2011). “Evaluating Machine Learning Algorithms for Detecting DDoS Attacks”. Springer-Verlag, Berlin Heidelberg, pp.441-452.
[20]. V. Shyamala Devi and R. Umarani, (2014). “Multi- Variant Network Forensics Approach To Detect DDOS Attacks To Improve Network Performance”. International Journal for Scientific Research and Applied Sciences, Vol 9, No 24 , pp. 27211-27221.
[21]. S. Umarani and D. Sharmila, (2014). “Predicting Application Layer DDoS Attacks Using Machine Learning Algorithms”. International Scholarly and Scientific Research & Innovation, Vol. 8, No. 10, pp.1901-1906.
[22]. Hartigan and M. A. Wong, (1979). “A K-Means Clustering Algorithm”. Journal of the Royal Statistical Society, Vol. 28, No. 1, pp. 100-108.
[23] CAIDA, (2014). The CAIDA “DDOS Attack 2007” Dataset. Retrieved from http://www.caida.org/ data/passive/ddos 20070804_dataset.xml
[24]. MIT Lincoln Lab, (2000). DARPA Intrusion Detection Scenario Specific Datasets. Reterieved http://www.ll. mit.edu/IST/ideval/data/2000/2000_data_ index.html
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Pdf 35 35 200 20
Online 35 35 200 15
Pdf & Online 35 35 400 25

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.