論文

査読有り
2015年

Web Server Protection against Application Layer DDoS Attacks using Machine Learning and Traffic Authentication

IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3
  • Jema David Ndibwile
  • ,
  • A. Govardhan
  • ,
  • Kazuya Okada
  • ,
  • Youki Kadobayashi

開始ページ
261
終了ページ
267
記述言語
英語
掲載種別
研究論文(国際会議プロシーディングス)
DOI
10.1109/COMPSAC.2015.240
出版者・発行元
IEEE

Application layer Distributed Denial of Service (DDoS) attacks are among the deadliest kinds of attacks that have significant impact on destination servers and networks due to their ability to be launched with minimal computational resources to cause an effect of high magnitude. Commercial and government Web servers have become the primary target of these kinds of attacks, with the recent mitigation efforts struggling to deaden the problem efficiently. Most application layer DDoS attacks can successfully mimic legitimate traffic without being detected by Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). IDSs and IPSs can also mistake a normal and legitimate activity for a malicious one, producing a False Positive (FP) that affects Web users if it is ignored or dropped. False positives in a large and complex network topology can potentially be dangerous as they may cause IDS/IPS to block the user's benign traffic. Our focus and contributions in this paper are first, to mitigate the undetected malicious traffic mimicking legitimate traffic and developing a special anti-DDoS module for general and specific DDoS tools attacks by using a trained classifier in a random tree machine-learning algorithm. We use labeled datasets to generate rules to incorporate and fine-tune existing IDS/IPS such as Snort. Secondly, we further assist IDS/IPS by processing traffic that is classified as malicious by the IDS/IPS in order to identify FPs and route them to their intended destinations. To achieve this, our approach uses active authentication of traffic source of both legitimate and malicious traffic at the Bait and Decoy server respectively before destined to the Web server.

Web of Science ® 被引用回数 : 15

リンク情報
DOI
https://doi.org/10.1109/COMPSAC.2015.240
DBLP
https://dblp.uni-trier.de/rec/conf/compsac/NdibwileGOK15
Web of Science
https://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcAuth=JSTA_CEL&SrcApp=J_Gate_JST&DestLinkType=FullRecord&KeyUT=WOS:000381598900045&DestApp=WOS_CPL
URL
http://dblp.uni-trier.de/db/conf/compsac/compsac2015w.html#conf/compsac/NdibwileGOK15
URL
http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2015.240
ID情報
  • DOI : 10.1109/COMPSAC.2015.240
  • ISSN : 0730-3157
  • DBLP ID : conf/compsac/NdibwileGOK15
  • Web of Science ID : WOS:000381598900045

エクスポート
BibTeX RIS