DDOS Attack Detection System Based on Analysis of Users' Behaviors for Application Layer
| Title | DDOS Attack Detection System Based on Analysis of Users' Behaviors for Application Layer |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Meng, B., Andi, W., Jian, X., Fucai, Z. |
| Conference Name | 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) |
| Date Published | jul |
| Publisher | IEEE |
| ISBN Number | 978-1-5386-3221-5 |
| Keywords | anomaly behavior, anomaly detection, anomaly detection system, Application Layer, behavior features extraction, composability, Computer crime, computer network security, database management systems, database system, Databases, DDoS attack detection, DDOS attack detection system, discrete-time markov chain, discrete-time Markov chains, distributed denial of service attack, distributed denial of service attacks, DTMC, feature extraction, Human Behavior, internal attackers, internal threats detection, Intrusion detection, Law, Markov processes, Metrics, pubcrawl, query processing, Resiliency, Servers, SQL, SQL queries, user behavior, users behaviors analysis |
| Abstract | Aiming at the problem of internal attackers of database system, anomaly detection method of user behaviour is used to detect the internal attackers of database system. With using Discrete-time Markov Chains (DTMC), an anomaly detection system of user behavior is proposed, which can detect the internal threats of database system. First, we make an analysis on SQL queries, which are user behavior features. Then, we use DTMC model extract behavior features of a normal user and the detected user and make a comparison between them. If the deviation of features is beyond threshold, the detected user behavior is judged as an anomaly behavior. The experiments are used to test the feasibility of the detction system. The experimental results show that this detction system can detect normal and abnormal user behavior precisely and effectively. |
| URL | https://ieeexplore.ieee.org/document/8005861 |
| DOI | 10.1109/CSE-EUC.2017.109 |
| Citation Key | meng_ddos_2017 |
- pubcrawl
- feature extraction
- Human behavior
- internal attackers
- internal threats detection
- Intrusion Detection
- Law
- Markov processes
- Metrics
- DTMC
- query processing
- Resiliency
- Servers
- SQL
- SQL queries
- User behavior
- users behaviors analysis
- database system
- Anomaly Detection
- anomaly detection system
- Application Layer
- behavior features extraction
- composability
- Computer crime
- computer network security
- database management systems
- anomaly behavior
- Databases
- DDoS attack detection
- DDOS attack detection system
- discrete-time markov chain
- discrete-time Markov chains
- distributed denial of service attack
- distributed denial of service attacks