Detection of Application Layer DDoS Attack Based on SIS Epidemic Model

Abstract

Distrusted Denial of Service attack (DDoS) is one of the major threats to network security. The HTTP flooding attack is the hardest type of DDoS attacks to detect since the malicious packets are hidden in a huge amount of normal traffic. In this work, we introduce a new detection scheme for HTTP flooding attack by using Susceptible-Infective-Susceptible (SIS) model of an infectious disease which used in dynamic systems. During any time interval, the server can measure various values of attributes for its users like number of total connections, number of open connections and number of closed connections. These values can be used to detect any abnormal behavior or infected connections in a server by mapping this attributes with SIS model. Thus we can get suspected and infected connections during every time interval. Extensive trace driven simulation has been conducted to demonstrate the efficiency of the proposed scheme in terms of its detection rate and probability of false positive.