A Framework for Defending Application Layer DDoS Attacks using an AI Approach

W. Yen and M.-F. Lee (Taiwan)


Application-level DDoS Attack, Artificial Intelligence (AI), Neural Network, Back-Propagation Algorithm, Statistical Algorithm.


The paper studies the application-level DDoS attack problem. The attackers send random requests drawn from a predefined word pool to a web server such as a search engine. The server will be slowed if there is no defending mechanism. Two approaches are proposed to overcome the problem. Then, their performance is evaluated based on the false negative ratio, false positive ratio, and error ratio. Specifically, the AI-based algorithm is introduced in this paper. We compare it with the statistical algorithm proposed in our previous work. The AI-based algorithm uses a neural network with back-propagation algorithm to solve the application level DDoS attack. There are learning and testing phases in the algorithm. In the learning phase, the neural network is fed with samples. Then, the trained neural network is used to separate all users in the testing phase. In the statistical approach, three steps are employed to solve the problem. The first step uses the repeated elements as the signature to decide the suspects from all users. The second step is to identify an attacker among all suspects using their request logs. Finally, the third step uses the history of the identified attacker to classify all users into legitimate users and attackers. The two approaches can be built on either firewall or server to prevent the application level (D)DoS attack with a limited request pool. As our simulation results show, the two approaches share approximately the same accuracy rate. However, their implementation and operational costs are somehow different. These can be used to defend attacks to the server hosting satellite images or other critical data.

Important Links:

Go Back