Abstract
Distributed Denial of Service (DDoS) attacks are a threat to the security of red. In recent years, these attacks have been directed especially towards the application layer. This phenomenon is mainly due to the large number of existing tools for the generation of this type of attack. The highest detection rate achieved by a method in the application capacity is 98.5%. Therefore, the problem of detecting DDoS attacks persists. In this work an alternative of detection based on the dynamism of the web user is proposed. To do this, evaluate the user's characteristics, mouse functions and right click. For the evaluation, a data set of 11055 requests was used, from which the characteristics were extracted and entered into a classification algorithm. To that end, it can be applied once in Java for the classification of real users and DDoS attacks. The results showed that the evaluated characteristics achieved an efficiency of 100%. Therefore, it is concluded that these characteristics show the dynamism of the user and can be used in a detection method of DDoS attacks.
Highlights
The detection of Distributed Denial of Service (DDoS) attacks is one of the biggest problems facing the security architecture of the network
In this work we identify new features based on the interaction of the user with the system, its interaction with the mouse, and verify its influence on the detection of DDoS attacks
In this work we have introduced 24 new features based on the behavior of the web user
Summary
The detection of DDoS attacks is one of the biggest problems facing the security architecture of the network. The aim of the attacker is to make massive requests to the victim machine to saturate it and that it stops serving the requests of real users. To counteract this type of attack, several detection mechanisms have been proposed, both at the network level [1]-[49] and at the application level [50]-[58]. In the methods implemented at the application layer level, the best detection rate obtained is 98.5% [50], of which the dataset used is not available, for the tests, service requests were simulated and used Sslsqueeze and Slowloris for the generation of attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
