Detection and differentiation of application layer DDoS attack from flash events using fuzzy-GA computation

摘要

Distributed Denial-of-Service (DDoS) attacks are serious threats in the data center application, mainly affecting the web server. Even though there are various techniques to detect and mitigate such attacks so far they fail to meet in the case of application layer attack and Flash Events (FE). In the paper, we aim at detecting application layer DDoS attacks and distinguish it from FE. We have considered a DDoS attack model and selected the parameters in the incoming packets that correspond in causing the attack. Based on the attack model we have analysed the statistical parameters of the incoming packets such as inter-arrival time, the probability of uniqueness of an IP address in given time frame and the unavailability of HTTP (Hyper Text Transfer Protocol) GET acknowledgment bit in the header field. These parameters are the input to the Fuzzy classification model. We have used Genetic Algorithm (GA) to provide an optimised value range for the input parameters. The optimised values are now applied to Fuzzy logic to identify whether the web accessing clients shows the behavior of attack, normal or FE. The experimental results show that Fuzzy-GA model provides an accuracy of 98.4% in detecting DDoS attack and 97.3% in detecting FE..