Detection of Anomalous HTTP Requests Based on Advanced N-gram Model and Clustering Techniques

Zolotukhin, Mikhail; Hämäläinen, Timo

doi:10.1007/978-3-642-40316-3_33

Cited by 6 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When a new attack occurs, the new rules correspond to the map units will be updated instead of updating the entire model in the fuzzy rule base. Zolotukhin et al proposed a method for the identification of benign or malicious requests using n-gram analysis and through statistical methods [21]. This method takes more computational time since the size of the feature is large.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Investigation of Application Layer DDoS Attacks Using Clustering Techniques

Sree¹,

Bhanu²

2018

IJWMT

View full text Add to dashboard Cite

The exponential usage of internet attracts cyber criminals to commit crimes and attacks in the network. The forensic investigator investigates the crimes by determining the series of actions performed by an attacker. Digital forensic investigation can be performed by isolating the hard disk, RAM images, log files etc. It is hard to identify the trace of an attack by collecting the evidences from network since the attacker deletes all possible traces. Therefore, the possible way to identify the attack is from the access log traces located in the server. Clustering plays a vital role in identifying attack patterns from the network traffic. In this paper, the performance of clustering techniques such as k-means, GA k-means and Self Organizing Map (SOM) are compared to identify the source of an application layer DDoS attack. These methods are evaluated using web server log files of an apache server and the results demonstrate that the SOM based method achieves high detection rate than k-means and GA k-means with less false positives.

show abstract

Section: Related Workmentioning

confidence: 99%

“…This method takes more computational time since the size of the feature is large. Bhuyan et al proposed a method to distinguish the low rate and high rate malicious traffic from benign traffic using information theory with low computational overhead [21].…”

Section: Related Workmentioning

confidence: 99%