{"title":"基于贝叶斯分类器的应用层DDoS攻击检测","authors":"S. Khairi, D. Nashat","doi":"10.21608/aunj.2019.220864","DOIUrl":null,"url":null,"abstract":"One of the major challenges in networks security is detecting network attacks. The HTTP flooding attack is the most common type of DDoS attacks that targets application layer. The malicious DDoS packets are encapsulated with the huge amount of normal traffic, so this type of attack is considered the hardest one for detection. The available detection techniques for the HTTP flooding attack usually used similarity methods for traffic attributes or machine learning algorithms but these techniques are not effective especially for large scale networks. In this paper, a new detection technique is presented based on conditional probability and Bayes’ theorem. First the probability value for every normal traffic attribute is calculated. Then, we compute the conditional probability for the same attribute in any incoming connection given the occurrence of the same value in the previous normal traffic. Finally, the total probability is calculated by using the Bayes’ theorem to classify it either as normal or abnormal connection. The performance of the proposed technique is evaluated by extensive simulation in terms of its detection rate, probability of false positive and false negative.","PeriodicalId":8568,"journal":{"name":"Assiut University Journal of Multidisciplinary Scientific Research","volume":"66 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Detection of Application layer DDoS Attacks Based on Bayesian Classifier\",\"authors\":\"S. Khairi, D. Nashat\",\"doi\":\"10.21608/aunj.2019.220864\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the major challenges in networks security is detecting network attacks. The HTTP flooding attack is the most common type of DDoS attacks that targets application layer. The malicious DDoS packets are encapsulated with the huge amount of normal traffic, so this type of attack is considered the hardest one for detection. The available detection techniques for the HTTP flooding attack usually used similarity methods for traffic attributes or machine learning algorithms but these techniques are not effective especially for large scale networks. In this paper, a new detection technique is presented based on conditional probability and Bayes’ theorem. First the probability value for every normal traffic attribute is calculated. Then, we compute the conditional probability for the same attribute in any incoming connection given the occurrence of the same value in the previous normal traffic. Finally, the total probability is calculated by using the Bayes’ theorem to classify it either as normal or abnormal connection. The performance of the proposed technique is evaluated by extensive simulation in terms of its detection rate, probability of false positive and false negative.\",\"PeriodicalId\":8568,\"journal\":{\"name\":\"Assiut University Journal of Multidisciplinary Scientific Research\",\"volume\":\"66 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Assiut University Journal of Multidisciplinary Scientific Research\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21608/aunj.2019.220864\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Assiut University Journal of Multidisciplinary Scientific Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21608/aunj.2019.220864","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detection of Application layer DDoS Attacks Based on Bayesian Classifier
One of the major challenges in networks security is detecting network attacks. The HTTP flooding attack is the most common type of DDoS attacks that targets application layer. The malicious DDoS packets are encapsulated with the huge amount of normal traffic, so this type of attack is considered the hardest one for detection. The available detection techniques for the HTTP flooding attack usually used similarity methods for traffic attributes or machine learning algorithms but these techniques are not effective especially for large scale networks. In this paper, a new detection technique is presented based on conditional probability and Bayes’ theorem. First the probability value for every normal traffic attribute is calculated. Then, we compute the conditional probability for the same attribute in any incoming connection given the occurrence of the same value in the previous normal traffic. Finally, the total probability is calculated by using the Bayes’ theorem to classify it either as normal or abnormal connection. The performance of the proposed technique is evaluated by extensive simulation in terms of its detection rate, probability of false positive and false negative.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
