Open AccessInvestigation of Application Layer DDoS Attacks Using Clustering Techniques
Author(s) -
Thankaraja Raja Sree,
S. Mary Saira Bhanu
Publication year - 2018
Publication title -
international journal of wireless and microwave technologies
Language(s) - English
Resource type - Journals
eISSN - 2076-9539
pISSN - 2076-1449
DOI - 10.5815/ijwmt.2018.03.01
Subject(s) - computer science , cluster analysis , commit , denial of service attack , the internet , application layer , network security , application layer ddos attack , false positive paradox , data mining , computer security , database , operating system , artificial intelligence , software deployment
The exponential usage of internet attracts cyber criminals to commit crimes and attacks in the network. The forensic investigator investigates the crimes by determining the series of actions performed by an attacker. Digital forensic investigation can be performed by isolating the hard disk, RAM images, log files etc. It is hard to identify the trace of an attack by collecting the evidences from network since the attacker deletes all possible traces. Therefore, the possible way to identify the attack is from the access log traces located in the server. Clustering plays a vital role in identifying attack patterns from the network traffic. In this paper, the performance of clustering techniques such as k-means, GA k-means and Self Organizing Map (SOM) are compared to identify the source of an application layer DDoS attack. These methods are evaluated using web server log files of an apache server and the results demonstrate that the SOM based method achieves high detection rate than k-means and GA k-means with less false positives.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom