Application-layer DDoS attack defense detection model based on Web access path

Abstract

Read online

In order to improve the effectiveness and timeliness of defense against distributed denial of service (DDoS) attacks in application layer, the evolution and mode of application-layer DDoS attacks, as well as the attack path and behavior of attackers are explored in depth. A defense detection model based on Web access path is proposed, according to access path trajectory, attack behavior characteristics and website link rules, five anomaly detection models including request path, request distribution, path loop, behavior slot and path length are established. By calculating the normal value of legitimate users accessing websites and the deviation degree of real-time outliers of users with aggressive behavior, it can determine whether it is attacked by application-layer DDoS. In order to improve the accuracy of detection, the defense module chooses the best defense strategy according to the size of user's illegal value, resists application-layer DDoS attacks, and achieves website data security and computer security. The experiment is trained with real log data, launch five different types of application-layer DDoS attacks on experimental website, the result show that the defense detection model can accurately identify users with aggressive behavior in a short time, it combines with defense module to defend the application-layer DDoS to a specific website, realizes real-time detection and real-time defense, and the false alarm rate is significantly reduced.

Keywords

• data security and computer security
• application layer
• distributed denial of service
• access path
• anomaly detection
• attack behaviors