Detection of application layer DDoS attacks with clustering and bayes factors

Proceedings - 2013 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2013

Volumn , Issue , 2013, Pages 156-161

  Chwalinski, Pawel ^a   Belavkin, Roman ^a   Cheng, Xiaochun ^a  

^a MIDDLESEX UNIVERSITY   (United Kingdom)

Author keywords

Bayes factors; Clustering; Entropy; Http get attack; Intrusion detection

Indexed keywords

APPLICATION LAYERS; BAYES FACTOR; CLUSTERING; DDOS ATTACK; ENTROPY-BASED; HTTP PROTOCOLS; HTTP-GET ATTACK; WEB SESSIONS;

CYBERNETICS; ENTROPY; HYPERTEXT SYSTEMS; INTRUSION DETECTION; WORLD WIDE WEB;

HTTP;

EID: 84893558615     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SMC.2013.34     Document Type: Conference Paper

References (29)

1. M. F. Arlitt and C. L. Williamson. Web server workload characterization: The search for invariants. In Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, SIGMETRICS '96, pages 126-137, New York, NY, USA, 1996. ACM.
2. D. Barbaŕa, Y. Li, and J. Couto. Coolcat: An entropy-based algorithm for categorical clustering. In Proceedings of the eleventh international conference on Information and knowledge management, CIKM '02, pages 582-589, New York, NY, USA, 2002. ACM.
3. P. Chwalinski, R. Belavkin, and X. Cheng. Detection of http-get attack with clustering and information theoretic measurements. In J. Garcia- Alfaro, F. Cuppens, N. Cuppens-Boulahia, A. Miri, and N. Tawbi, editors, Foundations and Practice of Security, volume 7743 of Lecture Notes in Computer Science, pages 45-61. Springer Berlin Heidelberg, 2013.
4. rdInternational Symposium on Empirical Software Engineering and Measurement, ESEM '09, pages 191-202, Washington, DC, USA, 2009. IEEE Computer Society.
5. D. E. Denning. An intrusion-detection model. IEEE Trans. Softw. Eng., 13(2):222-232, Feb. 1987.
6. thInternational Symposium on, pages 266-270, 2006.
7. L. C. Giralte, C. Conde, I. M. de Diego, and E. Cabello. Detecting denial of service by modelling web-server behaviour. Computers and Electrical Engineering, (0):-, 2012.
8. C. Hennig. Cluster-wise assessment of cluster stability. Computational Statistics and Data Analysis, 52(1):258-271, September 2007.
9. L. Ji, H. Liang, Y. Song, and X. Niu. A normal-traffic network covert channel. In Computational Intelligence and Security, 2009. CIS '09. International Conference on, volume 1, pages 499-503, 2009.
10. thinternational conference on World Wide Web, WWW '02, pages 293-304, New York, NY, USA, 2002. ACM.
11. M. Kantardzic. Data Mining: Concepts, Models, Methods and Algorithms. John Wiley & Sons, Inc., New York, NY, USA, 2002.
12. R. E. Kass and A. E. Raftery. Bayes Factors. Journal of the American Statistical Association, 90(430):773-795, June 1995.
13. S. Lee, G. Kim, and S. Kim. Sequence-order-independent network profiling for detecting application layer ddos attacks. EURASIP Journal on Wireless Communications and Networking, 2011(1):50, 2011.
14. W. Lee and D. Xiang. Information-theoretic measures for anomaly detection. In IEEE Symposium on Security and Privacy, pages 130- 143, 2001.
15. M. Levandowsky and D. Winter. Distance between sets. Nature, 234(5323):34-35, 1971.
16. T. Li, S. Ma, and M. Ogihara. Entropy-based criterion in categorical clustering. In Proceedings of the twenty-first international conference on MAChine learning, ICML '04, pages 68-, New York, NY, USA, 2004. ACM.
17. T. Lodewyckx, W. Kim, M. D. Lee, F. Tuerlinckx, P. Kuppens, and E.-J. Wagenmakers. A tutorial on bayes factor estimation with the product space method. Journal of Mathematical Psychology, 55(5):331 - 347, 2011.
18. thInternational Conference on, pages 784- 789, 2010.
19. G. Oikonomou and J. Mirkovic. Modeling human behavior for defense against flash-crowd attacks. In Proceedings of the 2009 IEEE international conference on Communications, ICC'09, pages 625-630, Piscataway, NJ, USA, 2009. IEEE Press.
20. S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly. DDos-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks. Networking, IEEE/ACM Transactions on, 17(1):26 -39, feb. 2009.
21. M. Schonlau, W. DuMouchel, W. H. Ju, A. F. Karr, M. Theus, and Y. Vardi. Computer Intrusion: Detecting Masquerades. Statistical Science, 16(1):58-74, 2001.
22. S. L. Scott. A bayesian paradigm for designing intrusion detection systems. Computational Statistics & Data Analysis, 45(1):69 - 83, 2004. !ce:title.Computer Security and Statistics!/ce:title..
23. C. E. Shannon. A mathematical theory of communication. Bell system technical journal, 27, 1948.
24. M. Srivatsa, A. Iyengar, J. Yin, and L. Liu. Mitigating application-level denial of service attacks on Web servers: A client-transparent approach. ACM Trans. Web, 2:15:1-15:49, July 2008.
25. D. Stevanovic, N. Vlajic, and A. An. Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users. Procedia CS, 5:123-131, 2011.
26. D. Stevanovic, N. Vlajic, and A. An. Detection of malicious and nonmalicious website visitors using unsupervised neural network learning. Applied Soft Computing, 2012.
27. A. Sur, A. Nair, A. Kumar, A. Jain, and S. Nandi. Steganalysis of network packet length based data hiding. Circuits, Systems, and Signal Processing, pages 1-18, 2012.
28. Y. Xie and S.-Z. Yu. A Novel Model for Detecting Application Layer DDoS Attacks. In Proceedings of the First International Multi- Symposiums on Computer and Computational Sciences - Volume 2 (IMSCCS'06) - Volume 02, IMSCCS '06, pages 56-63, Washington, DC, USA, 2006. IEEE Computer Society.
29. Y. Xie and S.-Z. Yu. Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Trans. Netw., 17:15-25, February 2009.