Application-Layer DDOS Detection Based on a One-Class Support Vector Machine

Abstract

Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since only the normal data is required for training, it is effective for detection of application-layer DDoS attack. In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection method.