Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS\r\nattacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion\r\ndetection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer\r\nDDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive\r\nautoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support\r\nvector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results\r\nshow that this approach can detect application-layer DDoS attacks effectively.
Loading....