Abstract
Application-layer attacks (Layer 7 attacks), a form of distributed denial-of-service (DDoS) aimed at web servers, have become a significant concern in cybersecurity because of their ability to disrupt services by overwhelming server resources. This study focuses on addressing the challenges of detecting and mitigating the impact of such attacks, which are difficult to counter due to their sophisticated nature. The primary objective of this study is to develop an effective monitoring and defence model to detect, defend, and respond to these attacks efficiently. To achieve this, SHapley Additive exPlanations (SHAP) technology was used to understand the behaviour of the model and to increase the efficiency of the detection classifiers. The defence model is designed with three states: normal, observing, and suspicious. The observing mode, which represents the detection part, is triggered when the server load exceeds a predefined threshold. The detection system incorporates five machine learning (ML) algorithms: decision trees (DTs), support vector machines (SVMs), logistic regression (LR), naive Bayes (NB), and K-nearest neighbours (KNNs). A stacked classifier (SC) was then employed to combine these models to achieve optimal performance. The algorithms were evaluated in terms of accuracy (ACC), precision (PRC), recall (REC), F1 score (F1), and time (T). The SC demonstrates superior accuracy in distinguishing between legitimate traffic and malicious traffic. If the server continues to suffer from overload, the suspicious part of the defence model will be activated, and the mitigation algorithm will be called, which, in turn, bans users responsible for the attack and prevents illegitimate users from connecting to the server. The effects of the mitigation algorithm were noticeable in the server traffic rate, transmission rate, memory utilization, and CPU utilization, confirming its ability to defend against application-layer attacks.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call