Research On Attack Detection And Performance Optimation Strategies Of Application Layer Gateway

Along with the combination of cloud computing and mobile Internet, it brings great business opportunities for application service provider, but also makes the application service provider face many challenges. Application-layer gateway, as an edge gateway equipment, is located between the application data center and external networks. It integrates a series of core network technologies to provide the application delivery service, having high performance, high security and scalability, for application service providers.In practice, there are still a lot of challenges for application-layer gateway. First, in face of the explosive growth of user scale and data traffic, the application gateway is confronted with the problem of how to reduce the latency of user access for the application service provider. Secondly, in today’s complex network environment, the application service providers tend to suffer from a variety of distributed denial of service attack. It is an urgent problem for application-layer gateway to effectively detect application-layer DDoS attacks which is based on HTTP protocol. Meanwhile, when faced with large-scale user access and data traffic, a single application-layer gateway is unable to carry such a large load. Therefore, in this scenario, how to scalably balance the load among the server clusters has the important research significance for the application-layer gateway. In this paper, we focus on attack detection and performance optimization of application-layer gateway. The main content is as follows:1. According to the situation that the current web caching algorithms do not consider the interest and behavior patterns of users, we propose a web caching algorithm based on PLSA prediction model. First, we introduce the PLSA prediction model from text retrieval. By training the web access log, we could get the PLSA prediction model that describing the interest and behavior patterns of users. Based on the PLSA prediction model, we then extend the NGRAM-GDSF web caching algorithm by introducing the future access frequency factor that characterizing the user interest. Experimental results show that when the cache is0.1%of the memory, compared with the NGRAM-GDSF caching algorithm, the hit ratio and byte hit ratio of PN-NGRAM increased by3.01%and1.43%respectively, and the ones of IPN-NGRAM increased by 5.88%and3.13%.2. In order to detect the application-layer DDoS attack during the flash crowd event, we propose an application-layer DDoS detection algorithm based on user behavior mining. First, we model the dynamic process of user access behavior by making use of HsMM model. After building the HsMM model, we could get the corresponding model parameters λ=(Q,π,A,B,P). The average entropies of observed sequences fitting to the HsMM model are used to detect application-layer DDoS attacks. The deviation from the entropy of the training data set fitting to the HsMM model can be considered as the abnormality of the observed data set. Experiments are conducted to demonstrate the effectiveness of our model and algorithm. When the threshold is set to-2.7, DR is about97%, while FNR is only2%.3. When faced with large-scale user access and data traffic, a single application-layer gateway is unable to carry such a large load. In order to solve the above problem, we propose a load balancing scheme that could provide scalability, availability and reliability for large-scale web server clusters. The scheme combines existing routing technologies and splits the function of load balancing into three levels that could be implemented by different devices, thereby enabling the web server cluster scales with user accesses. When a virtual IP is configured, there are multiple paths to the destination. Each path is assigned a weight. According to the Mean-Variance model, we can get the optimal weight vector. Experimental results show that the multi-path system adopting our strategy obtains a more stable jitter. Compared with the single-path system, along with the increase of the system flow, the packet loss rate of multi-path system increases relatively slow. Under the same load conditions, the pachet loss rate of single-path system is76.81%, howerver, the one of multi-path system is only54.38%.