A novel method using ant clustering to detect application layer Distributed Denial of Service(DDoS) attacks is presented. According to the difference between normal users' browsing patterns and abnormal ones,user sessions are extracted from the web logs of normal users and similarities between different sessions are calculated, an improved ant clustering algorithm is employed to generate an adaptive detecting model.This model can be used to detect whether the undetermined sessions are DDoS attacks or not. The experiment results show that this method can detect attacks effectively and has a good performance in adaptability.%提出了一种利用蚁群聚类检测应用层分布式拒绝服务攻击的方法,根据合法用户和攻击用户在浏览行为上的差异,从合法用户的Web日志中提取用户会话并计算不同会话间的相似度,运用一种蚁群聚类算法自适应地建立检测模型,利用该模型对待检测会话进行攻击识别.实验结果表明该方法能够有效地检测出攻击行为,并具有较好的适应性.
展开▼
