App-DDoS detection method based on K-means multiple principal component analysis
Aiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extra...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2014-05-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.05.003/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539769942671360 |
|---|---|
| author | Hong-yu YANG Yuan CHANG |
| author_facet | Hong-yu YANG Yuan CHANG |
| author_sort | Hong-yu YANG |
| collection | DOAJ |
| description | Aiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extracting method was designed by ana-lyzing the difference between normal users' and attackers' access behavior. Secondly, a k-means multiple principal com-ponent analysis algorithm was proposed by using the maximum distance classification method according to the data di-mension reduction property of the principal component analysis, and then the testing model based on the algorithm was established. Finally, an App-DDoS attack detection experiment on the CTI-DATA dataset and the simulated attack data-set was conducted. In this experiment, the proposed method was compared with the fuzzy synthetical evaluation (FSE) algorithm, the hidden semi-Markov model (HsMM) detection algorithm and the dempster-shafer evidence theory (D-S) algorithm. Experimental results demonstrate that the KMPCAA detection algorithm has better detection performance. |
| format | Article |
| id | doaj-art-de3c10aa143f40f19524d232886c177f |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2014-05-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-de3c10aa143f40f19524d232886c177f2025-01-14T06:43:16ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2014-05-0135162459681286App-DDoS detection method based on K-means multiple principal component analysisHong-yu YANGYuan CHANGAiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extracting method was designed by ana-lyzing the difference between normal users' and attackers' access behavior. Secondly, a k-means multiple principal com-ponent analysis algorithm was proposed by using the maximum distance classification method according to the data di-mension reduction property of the principal component analysis, and then the testing model based on the algorithm was established. Finally, an App-DDoS attack detection experiment on the CTI-DATA dataset and the simulated attack data-set was conducted. In this experiment, the proposed method was compared with the fuzzy synthetical evaluation (FSE) algorithm, the hidden semi-Markov model (HsMM) detection algorithm and the dempster-shafer evidence theory (D-S) algorithm. Experimental results demonstrate that the KMPCAA detection algorithm has better detection performance.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.05.003/application layernetwork attackprincipal component analysismeans clusteringlog |
| spellingShingle | Hong-yu YANG Yuan CHANG App-DDoS detection method based on K-means multiple principal component analysis Tongxin xuebao application layer network attack principal component analysis means clustering log |
| title | App-DDoS detection method based on K-means multiple principal component analysis |
| title_full | App-DDoS detection method based on K-means multiple principal component analysis |
| title_fullStr | App-DDoS detection method based on K-means multiple principal component analysis |
| title_full_unstemmed | App-DDoS detection method based on K-means multiple principal component analysis |
| title_short | App-DDoS detection method based on K-means multiple principal component analysis |
| title_sort | app ddos detection method based on k means multiple principal component analysis |
| topic | application layer network attack principal component analysis means clustering log |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.05.003/ |
| work_keys_str_mv | AT hongyuyang appddosdetectionmethodbasedonkmeansmultipleprincipalcomponentanalysis AT yuanchang appddosdetectionmethodbasedonkmeansmultipleprincipalcomponentanalysis |