Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

Abstract EN

Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable.

Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets.

In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI).

By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series.

Then, a trained support vector machine (SVM) classifier is applied to identify the attacks.

The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.