App-DDoS detection method based on K-means multiple principal component analysis

Aiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extra...

Full description

Saved in:
Bibliographic Details
Main Authors: Hong-yu YANG, Yuan CHANG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2014-05-01
Series:Tongxin xuebao
Subjects:
Online Access:http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.05.003/
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1841539769942671360
author Hong-yu YANG
Yuan CHANG
author_facet Hong-yu YANG
Yuan CHANG
author_sort Hong-yu YANG
collection DOAJ
description Aiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extracting method was designed by ana-lyzing the difference between normal users' and attackers' access behavior. Secondly, a k-means multiple principal com-ponent analysis algorithm was proposed by using the maximum distance classification method according to the data di-mension reduction property of the principal component analysis, and then the testing model based on the algorithm was established. Finally, an App-DDoS attack detection experiment on the CTI-DATA dataset and the simulated attack data-set was conducted. In this experiment, the proposed method was compared with the fuzzy synthetical evaluation (FSE) algorithm, the hidden semi-Markov model (HsMM) detection algorithm and the dempster-shafer evidence theory (D-S) algorithm. Experimental results demonstrate that the KMPCAA detection algorithm has better detection performance.
format Article
id doaj-art-de3c10aa143f40f19524d232886c177f
institution Kabale University
issn 1000-436X
language zho
publishDate 2014-05-01
publisher Editorial Department of Journal on Communications
record_format Article
series Tongxin xuebao
spelling doaj-art-de3c10aa143f40f19524d232886c177f2025-01-14T06:43:16ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2014-05-0135162459681286App-DDoS detection method based on K-means multiple principal component analysisHong-yu YANGYuan CHANGAiming at the application layer distributed deny of service(App-DDoS) attacks, a K-means multiple principal component analysis algorithm(KMPCAA) utilizing the Web log mining was proposed, then an App-DDoS detection method based on KMPCAA was presented. Firstly, a statistical properties feature extracting method was designed by ana-lyzing the difference between normal users' and attackers' access behavior. Secondly, a k-means multiple principal com-ponent analysis algorithm was proposed by using the maximum distance classification method according to the data di-mension reduction property of the principal component analysis, and then the testing model based on the algorithm was established. Finally, an App-DDoS attack detection experiment on the CTI-DATA dataset and the simulated attack data-set was conducted. In this experiment, the proposed method was compared with the fuzzy synthetical evaluation (FSE) algorithm, the hidden semi-Markov model (HsMM) detection algorithm and the dempster-shafer evidence theory (D-S) algorithm. Experimental results demonstrate that the KMPCAA detection algorithm has better detection performance.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.05.003/application layernetwork attackprincipal component analysismeans clusteringlog
spellingShingle Hong-yu YANG
Yuan CHANG
App-DDoS detection method based on K-means multiple principal component analysis
Tongxin xuebao
application layer
network attack
principal component analysis
means clustering
log
title App-DDoS detection method based on K-means multiple principal component analysis
title_full App-DDoS detection method based on K-means multiple principal component analysis
title_fullStr App-DDoS detection method based on K-means multiple principal component analysis
title_full_unstemmed App-DDoS detection method based on K-means multiple principal component analysis
title_short App-DDoS detection method based on K-means multiple principal component analysis
title_sort app ddos detection method based on k means multiple principal component analysis
topic application layer
network attack
principal component analysis
means clustering
log
url http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.05.003/
work_keys_str_mv AT hongyuyang appddosdetectionmethodbasedonkmeansmultipleprincipalcomponentanalysis
AT yuanchang appddosdetectionmethodbasedonkmeansmultipleprincipalcomponentanalysis