Anomaly Detection Based on Access Behavior and Document Rank Algorithm

TL;DR

This paper proposes a low-complexity web access behavior analysis method using a Web Access Table to detect application-layer DDoS attacks by identifying anomalies in access patterns and document ranks.

Contribution

It introduces a novel Web Access Table mechanism that reduces computational complexity for detecting anomalous web access behaviors compared to traditional graph-based methods.

Findings

Effective detection of application-layer DDoS attacks.

Reduced computational complexity in anomaly detection.

Potential for real-time web security monitoring.

Abstract

Distributed denial of service(DDos) attack is ongoing dangerous threat to the Internet. Commonly, DDos attacks are carried out at the network layer, e.g. SYN flooding, ICMP flooding and UDP flooding, which are called Distributed denial of service attacks. The intention of these DDos attacks is to utilize the network bandwidth and deny service to authorize users of the victim systems. Obtain from the low layers, new application-layer-based DDos attacks utilizing authorize HTTP requests to overload victim resources are more undetectable. When these are taking place during crowd events of any popular website, this is the case is very serious. The state-of-art approaches cannot handle the situation where there is no considerable deviation between the normal and the attackers activity. The page rank and proximity graph representation of online web accesses takes much time in practice. There should be less computational complexity, than of proximity graph search. Hence proposing Web Access Table mechanism to hold the data such as "who accessed what and how many times, and their rank on average" to find the anomalous web access behavior. The system takes less computational complexity and may produce considerable time complexity.