Detection of application layer DDoS attack by modeling user behavior using logistic regression

Abstract

DDoS attack has been a threat to network security since a decade and it will continue to be so in the near future also. Now a days application layer DDoS attack poses a major challenge to webservers. The main objective of web server is to offer an uninterrupted application layer services to its benign users. But, the application layer ddos attack blocks the services of the web server to its legitimate clients which can cause immense financial losses. Moreover, it requires very less amount of resources to perform the application layer ddos attack. The solutions available to detect application layer ddos attack, detect only limited number of application layer ddos attacks. The solutions that detect all types of application layer ddos attacks have huge complexity. To find an effective solution for the detection of application layer ddos attack the normal user browsing behavior has to be modeled in such a way that normal user and attacker can be differentiated. In this paper, we propose a method using feature construction and logistic regression to model normal web user browsing behavior to detect application layer ddos attacks. The performance of the proposed method was evaluated in terms of the metrics such as total accuracy, false positive rate, and detection rate. Comparison of the proposed solution with the existing methods reveals that the proposed method performs better than the existing methods.