International Journal of Network Security & Its Applications (IJNSA) - ERA, WJCI Indexed

International Journal of Network Security & Its Applications (IJNSA) - ERA, WJCI Indexed

ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)

Webpage URL: https://airccse.org/journal/ijnsa.html

Application-Layer DDOS Detection Based on a One-Class Support Vector Machine

Chuyu She1, 2, 3 , Wushao Wen1,2, Zaihua Lin1 and Kesong Zheng1, 1Sun Yat-Sen University, China, 2SYSU-CMU Shunde International Joint Research Institute, China and 3Guangdong University of Finance & Economics, China

Abstract

Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since only the normal data is required for training, it is effective for detection of application-layer DDoS attack. In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection method.

Keywords

Application-layer DDoS attack, One-Class Support Vector Machine, machine learning, feature, browsing model

Original Source URL: https://aircconline.com/ijnsa/V9N1/9117ijnsa02.pdf

Volume URL: https://airccse.org/journal/jnsa17_current.html