Application-Layer DDoS Detection by K-means Algorithm
Authors
Chuyu She, Wushao Wen, Kesong Zheng, Yayun Lyu
Corresponding Author
Chuyu She
Available Online December 2016.
- DOI
- 10.2991/iceeecs-16.2016.16How to use a DOI?
- Keywords
- Application-layer DDoS attack, User behavior, Clustering methods, K-means.
- Abstract
Lots of methods have been proposed to detect Distributed Denial-of-Service (DDoS) attacks focus on the transport layer and the network layer. However, these methods may not work well when application-layer DDoS attack is launched. In this paper, we introduce a clustering method based on some features to detect application-layer DDoS attack. Firstly, we extract features from normal users' sessions. Then, we cluster users' sessions by K-means algorithm and build normal users' behavior model. Finally, we detect the application-layer DDoS attack based on the normal users' behavior model.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Chuyu She AU - Wushao Wen AU - Kesong Zheng AU - Yayun Lyu PY - 2016/12 DA - 2016/12 TI - Application-Layer DDoS Detection by K-means Algorithm BT - Proceedings of the 2016 4th International Conference on Electrical & Electronics Engineering and Computer Science (ICEEECS 2016) PB - Atlantis Press SP - 75 EP - 78 SN - 2352-538X UR - https://doi.org/10.2991/iceeecs-16.2016.16 DO - 10.2991/iceeecs-16.2016.16 ID - She2016/12 ER -