17-10-2012, 05:06 PM
Detection of application layer distributed denial of service
In the previous literatures, many methods were designed to defend against IP or TCP layers distributed denial of service attacks instead of the application layer. In this paper, we introduce a simple but effective scheme to detect application layer based ddos attacks. A http request transition matrix is proposed to describe users browsing behavior. We assume normal human user will choose interesting pages and objects. And that forms a pattern - transition probability from one page to another. But a bot can not know what are the popular pages for most people, it will randomly send requests to web server for one scenario so that its request sequence has a very small transition probability, i.e. the sequence is less correlative. At last, simulation experiments are conducted with dataset which shows the scheme is effective. View full abstract»