BROWSE
Detail
Conference Paper
Timeslot Monitoring Model for Application Layer DDoS Attack Detection
Cited - time in 
Share 
Share
- Issue Date
- 2011-11
- Citation
- International Conference on Computer Sciences and Convergence Information Technology (ICCIT) 2011, pp.677-679
- Language
- English
- Type
- Conference Paper
- Abstract
- In this letter, a new model for application layer DDoS attack detection is proposed. With the proposed model, the profiles for a normal user’s legitimate traffic pattern and a DDoS attack traffic pattern can be generated. We can detect the DDoS attack traffic with the generated profiles in a short period of time with little consumption of computing resources. We call this model a Timeslot Monitoring Model (TMM). In this model, we extract three key features from monitored network traffic that compose the profiles. The extracted features that can represent the continuity of the traffic are classified into normal or DDoS attack traffic by a support vector machine. As a consequence, the proposed method allows us to extract the attacker's IP address with very high detection rates.
- KSP Keywords
- Application Layer DDoS Attack, Computing resources, DDoS attack detection, IP address, Key features, Monitoring model, New model, Proposed model, Short period, Support VectorMachine(SVM), Traffic pattern