Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (3): 24-34.doi: 10.11959/j.issn.2096-109x.2018020

• Papers • Previous Articles     Next Articles

App-DDoS detection method using partial binary tree based SVM algorithm

Bin ZHANG1,2,Zihao LIU1,2(),Shuqin DONG1,2,Lixun LI1,2   

  1. 1 Information and Engineering University,Zhengzhou 450001,China
    2 Key Laboratory of Information Security,Zhengzhou 450001,China
  • Revised:2018-02-02 Online:2018-03-01 Published:2018-04-09
  • Supported by:
    The Basic and Advanced Technology Research Project of Henan Province(2014302903);The Open Foundation of Key Information Assurance Laboratory(KJ-15-109);The Cultivating Foundation of Emerging Research Direction of Information and Engineering Universit(2016604703)


As it ignored the detection of ramp-up and pulsing type of application layer DDoS (App-DDoS) attacks in existing flow-based App-DDoS detection methods,an effective detection method for multi-type App-DDoS was proposed.Firstly,in order to fast count the number of HTTP GET for users and further support the calculation of feature parameters applied in detection method,the indexes of source IP address in multiple time windows were constructed by the approach of Hash function.Then the feature parameters by combining SVM classifiers with the structure of partial binary tree were trained hierarchically,and the App-DDoS detection method was proposed with the idea of traversing binary tree and feedback learning to distinguish non-burst normal flow,burst normal flow and multi-type App-DDoS flows.The experimental results show that compared with the conventional SVM-based and na?ve-Bayes-based detection methods,the proposed method has more excellent detection performance and can distinguish specific App-DDoS types through subdividing attack types and training detection model layer by layer.

Key words: App-DDoS attack, HTTP GET statistical model, flow feature parameter, SVM multi-classifier

CLC Number: 

No Suggested Reading articles found!