International Journal of Network Security & Its Applications (IJNSA) - ERA, WJCI Indexed
ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)
Webpage URL: https://airccse.org/journal/ijnsa.html
Application-Layer DDOS Detection Based on a One-Class Support Vector Machine
Chuyu She1, 2, 3 , Wushao Wen1,2, Zaihua Lin1 and Kesong Zheng1, 1Sun Yat-Sen University, China, 2SYSU-CMU Shunde International Joint Research Institute, China and 3Guangdong University of Finance & Economics, China
Abstract
Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since only the normal data is required for training, it is effective for detection of application-layer DDoS attack. In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection method.
Keywords
Application-layer DDoS attack, One-Class Support Vector Machine, machine learning, feature, browsing model
Original Source URL: https://aircconline.com/ijnsa/V9N1/9117ijnsa02.pdf
Volume URL: https://airccse.org/journal/jnsa17_current.html
No comments:
Post a Comment