Protection from Application Layer DDoS Attacks for Popular Websites

One of the major threats for the Internet’s reliability and stability is Distributed Denial-of-Service (DDoS) attack. The attackers are becoming more sophisticated and organized, also several high-profile attacks targeted prominent Websites. These are the prime reasons that gained importance for the study of DDoS attack detection and prevention. It becomes more undetectable if the legitimate HTTP requests are utilized by Application-layer based DDoS attacks to overwhelm the victim resource. Whenever such an attack occur or mimics the normal flash crowd event of a popular website, then it leads to serious problems. Flash crowd is a situation when a large number of web users are simultaneously accessing a popular Website, which results in a sudden increase of traffic to the website and this may cause the site to be virtually unreachable[1]. Here a mechanism to capture the normal flash crowd event pattern is introduced and the App- DDoS attack monitoring, detection and then blocking of further attack is implemented. An effective method is introduced to identify whether the surge in traffic is caused by normal Web surfers or by App-DDoS attackers. Access Matrix (AM) is defined to detect App-DDoS attacks based on userlogs and threshold value. Hidden Markov model is used to detect App-DDoS attack based on user behavior.