Please use this identifier to cite or link to this item:
https://idr.l3.nitk.ac.in/jspui/handle/123456789/15649
Title: | Modelling Behavioural Dynamics for Asymmetric Application Layer DDoS Detection |
Authors: | Praseed Amit; Thilagam P. Santhi |
Issue Date: | 2021 |
Citation: | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY Vol. 16 , , p. 617 - 626 |
Abstract: | Asymmetric application layer DDoS attacks using computationally intensive HTTP requests are an extremely dangerous class of attacks capable of taking down web servers with relatively few attacking connections. These attacks consume limited network bandwidth and are similar to legitimate traffic, which makes their detection difficult. Existing detection mechanisms for these attacks use indirect representations of actual user behaviour and complex modelling techniques, which leads to a higher false positive rate (FPR) and longer detection time, which makes them unsuitable for real time use. There is a need for simple, efficient and adaptable detection mechanisms for asymmetric DDoS attacks. In this work, an attempt is made to model the actual behavioural dynamics of legitimate users using a simple annotated Probabilistic Timed Automata (PTA) along with a suspicion scoring mechanism for differentiating between legitimate and malicious users. This allows the detection mechanism to be extremely fast and have a low FPR. In addition, the model can incrementally learn from run-time traces, which makes it adaptable and reduces the FPR further. Experiments on public datasets reveal that our proposed approach has a high detection rate and low FPR and adds negligible overhead to the web server, which makes it ideal for real time use. |
URI: | https://doi.org/10.1109/TIFS.2020.3017928 http://idr.nitk.ac.in/jspui/handle/123456789/15649 |
Appears in Collections: | 1. Journal Articles |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.