| Distributed Denial of Service attack is one of the most serious security issues.An application layer DDoS attack is done mainly for specific targeted purposes,including disrupting transactions and access to databases.It requires less resources and often accompanies network layer attacks.An attack is disguised as legitimate traffic,except that it targets specific application packets.The attack on the application layer can disrupt services such as the retrieval and search function of information as well as Web browser function,email services and photo applications.To defense application-layer Distributed Denial of Service(DDoS)attacks,a defense model based on Web behavior trajectory built on the Web application server was constructed.The access behavior of users was abstracted into Web behavior trajectory.According to the generation approach about attack requests and behavior characteristics of user access to Web pages,five kinds of suspicion were defined,including Session length distribution suspicion,access dependency suspicion,behavior rate suspicion,trajectory similarity suspicion,and trajectory deviation suspicion.With the purpose of reducing time and space overheads of caculating these supicions,we give reduction rules of the WBT.The deviation values between normal Sessions and attack Sessions were calculated to detect the application-layer DDoS to a specific Website.The user was prohibited access from DDoS when detected as attack request by the defense model.In the experiment,real data were used as the training set.Then,through simulating different kinds of attack requests,the defense model could identify the attack requests and take the defense mechanism against the attacks.The experimental results demonstrate that the model can detect and defense the applicationlayer DDoS to a specific Website. |
PDF Full Text Request