Application layer distributed denial of service (App-layer DDoS) attacks are becoming a severe threat to the security of web servers. In this paper, we model user browsing activity in order to detect abnormal requests. User access patterns are analyzed to detect anomaly at the session level. The likelihood of a browsing session is then calculated to distinguish abnormal behaviors from normal ones. We evaluate our methods based on a real dataset collected from a commercial website that suffered from actual DDoS attacks. The experimental results validate the effectiveness of the proposed methods.
|Name||Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST|
|Conference||12th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2016|
|Period||10/10/16 → 12/10/16|
- Browsing activity
- DDoS attack
- User access pattern
- Computer Networks and Communications