DDoS attack detection mechanism in the application layer using user features

Bravo, Silvia; Mauricio, David

doi:10.1109/infoct.2018.8356848

Cited by 8 publications

(3 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The critical analysis conducted in Section 8 extensively elaborate similarities and differences between each script. The usage of these attack scripts are publicly available, and have been mentioned and employed broadly by many earlier studies [ 2 , 35 , 36 , 39 , 40 , 42 , 43 , 44 ]. Although DDoS as services available as noted by Hameed and Ali [ 45 ], the usage of attack scripts to be executed in local area network is preferable as DDoS as services require transmission of attack traffic across the network which increases the possibility of the attack traffic to be detected and blocked by many intermediate networks managed by the internet service provider (ISP).…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Jaafar

Ismail

Abdullah

et al. 2020

Sensors

View full text Add to dashboard Cite

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The request headers adopted by HTTP DDoS are categorized as session flooding and request flooding which are capable of mimicking a genuine user request [ 35 , 36 , 37 , 38 ]. Aside from that, the attack has the same syntax and is delivered via multiple HTTP requests in different HTTP formats [ 35 ].…”

Section: Http Ddos Request Headersmentioning

confidence: 99%

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Jaafar

Ismail

Abdullah

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…e purpose of the AL-DDoS attack is to make the applications on the server unable to provide normal services to legitimate users and deny their access [8]. Intrusion Detection System (IDS) is one of the most effective detection and defense mechanisms for DDoS attacks [9]. IDS is an application-type system that monitors suspicious events in the network, generates reports, and forwards them to administrators for action.…”

Section: Ddos Attack and Detectionmentioning

confidence: 99%

Defending Application Layer DDoS Attacks via Multidimensional Parallelotope

Zhao

Peng

Li³

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

The Internet is more and more integrated into people’s life; because of the complexity and fragility of the network environment, network attack presents a more and more serious trend. Application Layer DDoS (AL-DDoS) attack is the most complex form of DDoS attack, which is hindering the availability for the legitimate users by taking up a large number of requests of web server. The paper introduced the concept of behavior utility to portray the network. The concept of attack and defense utility was defined by a specific property which was the manifestation of the network risk after the offset of attack and defense. In the utility model, traffic metrics were mapped to the multidimensional parallelotope in the Euclidean space to express as a diagonal matrix. To determine the threshold status, the defense strategies of load balancing and limiting the maximum number of connections were used with different attack scales. Finally, the attack and defense utility value was calculated to evaluate the network risk level. The proposed method can master the capacity of network system against each attack means and the defense capability of network system. Its availability and accuracy are verified by comparing with the relevant works.

show abstract

A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack

Odusami

Misra

Abayomi‐Alli

et al. 2020

Int J Communication

View full text Add to dashboard Cite

SummaryBackgroundOne of the significant attacks targeting the application layer is the distributed denial‐of‐service (DDoS) attack. It degrades the performance of the server by usurping its resources completely, thereby denying access to legitimate users and causing losses to businesses and organizations.AimThis study aims to investigate existing methodologies for application‐layer DDoS (APDDoS) attack defense by using specific measures: detection methods/techniques, attack strategy, and feature exploration of existing APDDoS mechanisms.MethodologyThe review is carried out on a database search of relevant literature in IEEE Xplore, ACM, Science Direct, Springer, Wiley, and Google Search. The search dates to capture journals and conferences are from 2000 to 2019. Review papers that are not in English and not addressing the APDDoS attack are excluded. Three thousand seven hundred eighty‐nine studies are identified and streamlined to a total of 75 studies. A quantifiable assessment is performed on the selected articles using six search procedures, namely: source, methods/technique, attack strategy, datasets/corpus, status, detection metric, and feature exploration.ResultsBased on existing methods/techniques for detection, the results show that machine learning gave the highest proportion with 36%. However, assessment based on attack strategy shows that several studies do not consider an attack form for deploying their solution. Result based on existing features for the APDDoS detection technique shows request stream during a user session and packet pattern gave the highest result with 47%. Unlike packet header information with 33%, request stream during absolute time interval with 12% and web user features 8%.ConclusionResearch findings show that a large proportion of the solutions for APDDoS attack detection utilized features based on request stream during user session and packet pattern. The optimization of features will improve detection accuracy. Our study concludes that researchers need to exploit all attack strategies using deep learning algorithms, thus enhancing effective detection of APDDoS attack launch from different botnets.

show abstract

DDoS attack detection mechanism in the application layer using user features

Cited by 8 publications

References 9 publications

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Defending Application Layer DDoS Attacks via Multidimensional Parallelotope

A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack

Contact Info

Product

Resources

About