Anomaly Detection Based on Access Behavior and Document Rank Algorithm
This addresses a critical security issue for websites during high-traffic events, though it appears incremental as it builds on prior anomaly detection approaches.
The paper tackles the problem of detecting application-layer DDoS attacks that are hard to distinguish from normal traffic, proposing a Web Access Table mechanism that reduces computational complexity compared to existing methods like page rank and proximity graphs.
Distributed denial of service(DDos) attack is ongoing dangerous threat to the Internet. Commonly, DDos attacks are carried out at the network layer, e.g. SYN flooding, ICMP flooding and UDP flooding, which are called Distributed denial of service attacks. The intention of these DDos attacks is to utilize the network bandwidth and deny service to authorize users of the victim systems. Obtain from the low layers, new application-layer-based DDos attacks utilizing authorize HTTP requests to overload victim resources are more undetectable. When these are taking place during crowd events of any popular website, this is the case is very serious. The state-of-art approaches cannot handle the situation where there is no considerable deviation between the normal and the attackers activity. The page rank and proximity graph representation of online web accesses takes much time in practice. There should be less computational complexity, than of proximity graph search. Hence proposing Web Access Table mechanism to hold the data such as "who accessed what and how many times, and their rank on average" to find the anomalous web access behavior. The system takes less computational complexity and may produce considerable time complexity.