App-DDoS detection method using partial binary tree based SVM algorithm

Abstract

Read online

As it ignored the detection of ramp-up and pulsing type of application layer DDoS (App-DDoS) attacks in existing flow-based App-DDoS detection methods, an effective detection method for multi-type App-DDoS was proposed. Firstly, in order to fast count the number of HTTP GET for users and further support the calculation of feature parameters applied in detection method, the indexes of source IP address in multiple time windows were constructed by the approach of Hash function. Then the feature parameters by combining SVM classifiers with the structure of partial binary tree were trained hierarchically, and the App-DDoS detection method was proposed with the idea of traversing binary tree and feedback learning to distinguish non-burst normal flow, burst normal flow and multi-type App-DDoS flows. The experimental results show that compared with the conventional SVM-based and naïve-Bayes-based detection methods, the proposed method has more excellent detection performance and can distinguish specific App-DDoS types through subdividing attack types and training detection model layer by layer.

Keywords

• app-ddos attack
• http get statistical model
• flow feature parameter
• svm multi-classifier