Mitigating Distributed Denial of Service Attacks at the Application Layer
| Title | Mitigating Distributed Denial of Service Attacks at the Application Layer |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Bronte, Robert, Shahriar, Hossain, Haddad, Hisham M. |
| Conference Name | Proceedings of the Symposium on Applied Computing |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4486-9 |
| Keywords | flash crowd attack, Human Behavior, information retrieval, inverse document frequency, latent semantic indexing, low rate attack, Metrics, pubcrawl, resilience, Resiliency, Software, stochastic rate attack, term frequency, threat mitigation |
| Abstract | Distributed Denial of Service (DDoS) attacks on web applications have been a persistent threat. Existing approaches for mitigating application layer DDoS attacks have limitations such low detection rate and inability to detect attacks targeting resource files. In this work, we propose Application layer DDoS (App-DDoS) attack detection framework by leveraging the concepts of Term Frequency (TF)-Inverse Document Frequency (IDF) and Latent Semantic Indexing (LSI). The approach involves analyzing web server logs to identify popular pages using TF-IDF; building normal resource access profile; generating query of accessed resources; and applying LSI technique to determine the similarity between a given session and known good sessions. A high-level of dissimilarity triggers a DDoS attack warning. We apply the proposed approach to traffics generated from three PHP applications. The initial results suggest that the proposed approach can identify ongoing DDoS attacks against web applications. |
| URL | https://dl.acm.org/citation.cfm?doid=3019612.3019919 |
| DOI | 10.1145/3019612.3019919 |
| Citation Key | bronte_mitigating_2017 |