Abstract
Distributed denial-of-service (DDoS) attack is one of the major threats to the web server. The rapid increase of DDoS attacks on the Internet has clearly pointed out the limitations in current intrusion detection systems or intrusion prevention systems (IDS/IPS), mostly caused by application-layer DDoS attacks. Within this context, the objective of the paper is to detect a DDoS attack using a multilayer perceptron (MLP) classification algorithm with genetic algorithm (GA) as learning algorithm. In this work, we analyzed the standard EPA-HTTP (environmental protection agency-hypertext transfer protocol) dataset and selected the parameters that will be used as input to the classifier model for differentiating the attack from normal profile. The parameters selected are the HTTP GET request count, entropy, and variance for every connection. The proposed model can provide a better accuracy of 98.31%, sensitivity of 0.9962, and specificity of 0.0561 when compared to other traditional classification models.
Highlights
On 31 August 2016, there was news of a recent attack with the headline “Rio 2016 Olympics suffered sustained 540 Gbps Distributed denial-of-service (DDoS) attacks”
Were analyzed factors that to influence detect the attack based on the number of requests, the entropy of the requests, the attack were compared
We have used a trained multilayer perceptron (MLP) with genetic algorithm (GA) learning algorithm toand detect the variance of the entropy
Summary
On 31 August 2016, there was news of a recent attack with the headline “Rio 2016 Olympics suffered sustained 540 Gbps DDoS attacks” These cyber-attacks from anonymous hackers across the globe are successful in targeting websites which even include the federal government’s official website for Rio Olympic 2016 and Brazilian Ministry of Sports. The server cannot respond to the massive traffic, and it denies services to benign clients or, in the worst case, even crashes. A layer seven DDoS attack on a web server is carried out by multiple abnormal clients sending massive HTTP GET requests to the web server. There are some cases when multiple normal clients transmit a huge HTTP GET request, but this could not be treated as DDoS attack. The difference between the above two cases is that in the second case, there is no particular order of the flow
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
