Defending Application Layer DDoS Attacks via Multidimensional Parallelotope-Reference-Cited by-同舟云学术

Defending Application Layer DDoS Attacks via Multidimensional Parallelotope

Published:2020-12-30 Issue: Volume:2020 Page:1-11
ISSN:1939-0122
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Zhao Xiaolin¹^ORCID,Peng Hui¹^ORCID,Li Xiang²^ORCID,Li Yue¹,Xue Jingfeng¹^ORCID,Liang Yaoyuan¹^ORCID,Pei Mingzhe¹^ORCID

Affiliation:

1. Beijing Institute of Technology, Beijing 100081, China

2. National Key Laboratory of Science and Technology on Information System Security, Beijing 100101, China

Abstract

The Internet is more and more integrated into people’s life; because of the complexity and fragility of the network environment, network attack presents a more and more serious trend. Application Layer DDoS (AL-DDoS) attack is the most complex form of DDoS attack, which is hindering the availability for the legitimate users by taking up a large number of requests of web server. The paper introduced the concept of behavior utility to portray the network. The concept of attack and defense utility was defined by a specific property which was the manifestation of the network risk after the offset of attack and defense. In the utility model, traffic metrics were mapped to the multidimensional parallelotope in the Euclidean space to express as a diagonal matrix. To determine the threshold status, the defense strategies of load balancing and limiting the maximum number of connections were used with different attack scales. Finally, the attack and defense utility value was calculated to evaluate the network risk level. The proposed method can master the capacity of network system against each attack means and the defense capability of network system. Its availability and accuracy are verified by comparing with the relevant works.

Funder

National Key Research and Development Program of China

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2020/6679304.pdf

Reference26 articles.

1. Stellar: A Fusion System for Scenario Construction and Security Risk Assessment

2. Real time alert correlation and prediction using Bayesian networks

3. Attack Difficulty Metric for Assessment of Network Security

4. Network security situation assessment method based on naive Bayes classifier;Z. Wen;Journal of Computer Applications,2015

5. Network security measurement based on dependency relationship graph and common vulnerability scoring system;J. X. Wang;Journal of Computer Applications,2019

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Federated privacy computing based on oblivious transfer in financial applications: a case study in credit risk management;Third International Symposium on Computer Applications and Information Systems (ISCAIS 2024);2024-07-11

2. Evaluation of Application Layer DDoS Attack Effect in Cloud Native Applications;IEEE Transactions on Cloud Computing;2024-04

3. A comprehensive survey on low-rate and high-rate DDoS defense approaches in SDN: taxonomy, research challenges, and opportunities;Multimedia Tools and Applications;2023-09-29

4. Research on the Academic Impact of Sports in the Multidimensional Matrix Evaluation Framework;Discrete Dynamics in Nature and Society;2021-12-10

5. Can Multipath TCP Be Robust to Cyber Attacks? A Measuring Study of MPTCP with Active Queue Management Algorithms;Security and Communication Networks;2021-05-27