Modeling user browsing activity for application layer DDoS attack detection

Tung Ngai Miu; Chenxu Wang; Xiapu Luo; Jinhe Wang

doi:10.1007/978-3-319-59608-2_42

Modeling user browsing activity for application layer DDoS attack detection

Tung Ngai Miu, Chenxu Wang, Xiapu Luo, Jinhe Wang

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

5 Citations (Scopus)

Abstract

Application layer distributed denial of service (App-layer DDoS) attacks are becoming a severe threat to the security of web servers. In this paper, we model user browsing activity in order to detect abnormal requests. User access patterns are analyzed to detect anomaly at the session level. The likelihood of a browsing session is then calculated to distinguish abnormal behaviors from normal ones. We evaluate our methods based on a real dataset collected from a commercial website that suffered from actual DDoS attacks. The experimental results validate the effectiveness of the proposed methods.

Original language	English
Title of host publication	Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings
Publisher	Springer Verlag
Pages	747-750
Number of pages	4
ISBN (Print)	9783319596075
DOIs	https://doi.org/10.1007/978-3-319-59608-2_42
Publication status	Published - 1 Jan 2017
Event	12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016 - Guangzhou, China Duration: 10 Oct 2016 → 12 Oct 2016

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	198 LNICST
ISSN (Print)	1867-8211

Conference

Conference	12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016
Country/Territory	China
City	Guangzhou
Period	10/10/16 → 12/10/16

Keywords

Browsing activity
DDoS attack
User access pattern

ASJC Scopus subject areas

Computer Networks and Communications

More information

10.1007/978-3-319-59608-2_42

Cite this

Miu, T. N., Wang, C., Luo, X., & Wang, J. (2017). Modeling user browsing activity for application layer DDoS attack detection. In Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings (pp. 747-750). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 198 LNICST). Springer Verlag. https://doi.org/10.1007/978-3-319-59608-2_42

Miu, Tung Ngai ; Wang, Chenxu ; Luo, Xiapu et al. / Modeling user browsing activity for application layer DDoS attack detection. Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. Springer Verlag, 2017. pp. 747-750 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{089774045d4b4f4db54959aae7c60df3,

title = "Modeling user browsing activity for application layer DDoS attack detection",

abstract = "Application layer distributed denial of service (App-layer DDoS) attacks are becoming a severe threat to the security of web servers. In this paper, we model user browsing activity in order to detect abnormal requests. User access patterns are analyzed to detect anomaly at the session level. The likelihood of a browsing session is then calculated to distinguish abnormal behaviors from normal ones. We evaluate our methods based on a real dataset collected from a commercial website that suffered from actual DDoS attacks. The experimental results validate the effectiveness of the proposed methods.",

keywords = "Browsing activity, DDoS attack, User access pattern",

author = "Miu, {Tung Ngai} and Chenxu Wang and Xiapu Luo and Jinhe Wang",

year = "2017",

month = jan,

day = "1",

doi = "10.1007/978-3-319-59608-2_42",

language = "English",

isbn = "9783319596075",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Verlag",

pages = "747--750",

booktitle = "Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings",

address = "Germany",

note = "12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016 ; Conference date: 10-10-2016 Through 12-10-2016",

}

Miu, TN, Wang, C, Luo, X & Wang, J 2017, Modeling user browsing activity for application layer DDoS attack detection. in Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 198 LNICST, Springer Verlag, pp. 747-750, 12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016, Guangzhou, China, 10/10/16. https://doi.org/10.1007/978-3-319-59608-2_42

Modeling user browsing activity for application layer DDoS attack detection. / Miu, Tung Ngai; Wang, Chenxu; Luo, Xiapu et al.
Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. Springer Verlag, 2017. p. 747-750 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 198 LNICST).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Modeling user browsing activity for application layer DDoS attack detection

AU - Miu, Tung Ngai

AU - Wang, Chenxu

AU - Luo, Xiapu

AU - Wang, Jinhe

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Application layer distributed denial of service (App-layer DDoS) attacks are becoming a severe threat to the security of web servers. In this paper, we model user browsing activity in order to detect abnormal requests. User access patterns are analyzed to detect anomaly at the session level. The likelihood of a browsing session is then calculated to distinguish abnormal behaviors from normal ones. We evaluate our methods based on a real dataset collected from a commercial website that suffered from actual DDoS attacks. The experimental results validate the effectiveness of the proposed methods.

AB - Application layer distributed denial of service (App-layer DDoS) attacks are becoming a severe threat to the security of web servers. In this paper, we model user browsing activity in order to detect abnormal requests. User access patterns are analyzed to detect anomaly at the session level. The likelihood of a browsing session is then calculated to distinguish abnormal behaviors from normal ones. We evaluate our methods based on a real dataset collected from a commercial website that suffered from actual DDoS attacks. The experimental results validate the effectiveness of the proposed methods.

KW - Browsing activity

KW - DDoS attack

KW - User access pattern

UR - http://www.scopus.com/inward/record.url?scp=85021729976&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-59608-2_42

DO - 10.1007/978-3-319-59608-2_42

M3 - Conference article published in proceeding or book

SN - 9783319596075

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 747

EP - 750

BT - Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings

PB - Springer Verlag

T2 - 12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016

Y2 - 10 October 2016 through 12 October 2016

ER -

Miu TN, Wang C, Luo X, Wang J. Modeling user browsing activity for application layer DDoS attack detection. In Security and Privacy in Communication Networks -12th International Conference, SecureComm 2016, Proceedings. Springer Verlag. 2017. p. 747-750. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-319-59608-2_42

Modeling user browsing activity for application layer DDoS attack detection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this