摘要:Distributed Denial of Service (DDoS) attacks have caused continuous critical threats to the Internet services. DDoS attacks are generally conducted at the network layer. Many DDoS attack detection methods are focused on the IP and TCP layers. However, they are not suitable for detecting the application layer DDoS attacks. In this paper, we propose a scheme based on web user browsing behaviors to detect the application layer DDoS attacks (app-DDoS). A clustering method is applied to extract the access features of the web objects. Based on the access features, an extended hidden semi-Markov model is proposed to describe the browsing behaviors of web user. The deviation from the entropy of the training data set fitting to the hidden semi-Markov model can be considered as the abnormality of the observed data set. Finally experiments are conducted to demonstrate the effectiveness of our model and algorithm.
关键词:HsMM;web user behaviors;DDoS;DDoS Attacks;clustering
