An effective defence mechanism for detection of DDoS attack on application layer based on hidden markov model

Abstract

There has been a lot of related work for detecting distributed denial of service attacks (DDoS) targeted on TCP and IP Layer. But these techniques cannot handle attacks which are mainly based on application layer. The severity of application layer DDoS attack has become a major threat to network operators nowadays. In this paper we introduce a new scheme based on hidden markov model (HMM) that distinguishes HTTP flooding attacks from legitimate HTTP traffic. An extended hidden Markov model is proposed to describe an anomaly.Each user's behavior is captured and profiled using HMM. In case of anomaly detection the user is authenticated using CAPTCHA otherwise added to the blacklist in case of attack, resulting in to blocking all the further requests from this user. We developed online e-banking portal to validate our Model. The experimental results show a distinctive and predictive pattern of the DDoS attacks, and our proposed model can successfully detect various DDoS attacks. © 2012 Springer-Verlag GmbH Berlin Heidelberg.