DoS Attack Pattern Mining Based on Association Rule Approach for Web Server

Abstract

In recent years, lots of web servers increasingly often suffer from Denial of Service (DoS) attacks within application layer. Many approaches provide abnormal traffic detecting in order to prevent any malicious traffic. However, the attack features or patens of the malicious traffics did not addressed clearly. Thus, the aim of this paper is to provide an approach based on the association rule mining technique for traffics appeared in the integrated web services, such as HTTP, HTTPS, and FTP traffic, in order to discover the strong attack features or patens of DoS attacks. Association rule mining is employed in this paper to deal with the DoS patens and then find out the strong relations among features of DoS attacks in large well-known dataset, e.g. NSL-KDD. The strong relations which are determined on when the major attack features are discovered from the open dataset would be considered as the strong patterns of DoS attacks. Finally, the outputted strong patterns could be used in the intrusion detection system (IDS) to enhance the effects of detecting application layer DoS attacks.